diff options
| author | Chris Buechler <cmb@pfsense.org> | 2013-10-04 01:46:58 -0500 |
|---|---|---|
| committer | Chris Buechler <cmb@pfsense.org> | 2013-10-04 01:46:58 -0500 |
| commit | b762e3dcfd4c1a983ee376938c5c82dba9d93d46 (patch) | |
| tree | 7c498609d0b525f98b81f20e7cdcb32577510879 /etc/inc/filter.inc | |
| parent | c1e48e9b40cb08884a6b4848ef95ec27b6311549 (diff) | |
| download | pfsense-b762e3dcfd4c1a983ee376938c5c82dba9d93d46.zip pfsense-b762e3dcfd4c1a983ee376938c5c82dba9d93d46.tar.gz | |
use (self) rather than any as the destination for the lockout rules
Diffstat (limited to 'etc/inc/filter.inc')
| -rw-r--r-- | etc/inc/filter.inc | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 06b044a..340e566 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -2576,7 +2576,7 @@ EOD; $ipfrules .= "\n# SSH lockout\n"; if(is_array($config['system']['ssh']) && !empty($config['system']['ssh']['port'])) { - $ipfrules .= "block in log quick proto tcp from <sshlockout> to any port "; + $ipfrules .= "block in log quick proto tcp from <sshlockout> to (self) port "; $ipfrules .= $config['system']['ssh']['port']; $ipfrules .= " label \"sshlockout\"\n"; } else { @@ -2585,7 +2585,7 @@ EOD; else $sshport = 22; if($sshport) - $ipfrules .= "block in log quick proto tcp from <sshlockout> to any port {$sshport} label \"sshlockout\"\n"; + $ipfrules .= "block in log quick proto tcp from <sshlockout> to (self) port {$sshport} label \"sshlockout\"\n"; } $ipfrules .= "\n# webConfigurator lockout\n"; |
