diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2007-04-21 23:05:13 +0000 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2007-04-21 23:05:13 +0000 |
commit | c24f40082c0f158206b2803f7cb895cbb3cdfe90 (patch) | |
tree | 56f3e251f31022a9abed588a498c193c4319179c /etc/inc/pfsense-utils.inc | |
parent | 6f727b3bcfdd3f9ef1c1eae1e589bb8738c3d939 (diff) | |
download | pfsense-c24f40082c0f158206b2803f7cb895cbb3cdfe90.zip pfsense-c24f40082c0f158206b2803f7cb895cbb3cdfe90.tar.gz |
Fix another major bug in time based rules. When a * * * rule is in affect on the wan interface we where killing outgoing traffic from the firewall itself.
Diffstat (limited to 'etc/inc/pfsense-utils.inc')
-rw-r--r-- | etc/inc/pfsense-utils.inc | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/etc/inc/pfsense-utils.inc b/etc/inc/pfsense-utils.inc index 278dce9..14c901f 100644 --- a/etc/inc/pfsense-utils.inc +++ b/etc/inc/pfsense-utils.inc @@ -458,7 +458,7 @@ function tdr_create_ipfw_rule($rule, $type) { /* piece together the actual user rule */ $line .= $type . " " . $aline['prot'] . $aline['src'] . - $aline['srcport'] . $aline['dst'] . $aline['dstport'] . " in via " . $aline['interface']; + $aline['srcport'] . $aline['dst'] . $aline['dstport'] . " in recv " . $aline['interface']; return $line; @@ -473,7 +473,7 @@ function tdr_create_ipfw_rule($rule, $type) { * none ******/ function tdr_install_rule($rule) { - mwexec("/sbin/ipfw -f add 1 set 9 $rule"); + mwexec("/sbin/ipfw -f add 2 set 9 $rule"); } /****f* pfsense-utils/tdr_install_set @@ -486,6 +486,10 @@ function tdr_install_rule($rule) { ******/ function tdr_install_set() { /* set 8 contains time based rules */ + mwexec("/sbin/ipfw delete 1"); + mwexec("/sbin/ipfw delete 65534"); + mwexec("/sbin/ipfw add 1 allow all from me to any keep-state"); + mwexec("/sbin/ipfw add 65534 check-state"); mwexec("/sbin/ipfw -f delete set 8"); mwexec("/sbin/ipfw -f set swap 9 8"); } |