diff options
| author | Chris Buechler <cmb@pfsense.org> | 2008-10-04 22:04:18 +0000 |
|---|---|---|
| committer | Chris Buechler <cmb@pfsense.org> | 2008-10-04 22:04:18 +0000 |
| commit | d12c3813b51bfda22cef2db86a3dadff8bc13c6e (patch) | |
| tree | 5d91d19141cc5700c5ed932efc56098f9726ebda /etc/inc | |
| parent | 94b101fd229081af2c08beb0ee53b663add69dab (diff) | |
| download | pfsense-d12c3813b51bfda22cef2db86a3dadff8bc13c6e.zip pfsense-d12c3813b51bfda22cef2db86a3dadff8bc13c6e.tar.gz | |
trim description so long descriptions on IPsec doesn't create an invalid ruleset
Diffstat (limited to 'etc/inc')
| -rw-r--r-- | etc/inc/filter.inc | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 2d49499..50cb4bf 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -2826,15 +2826,15 @@ EOD; if(!$remote_gateway) continue; $shorttunneldescr = substr($tunnel['descr'], 0, 26); - $ipfrules .= "pass out quick on \${$iface} proto udp from any to {$remote_gateway} port = 500 keep state label \"IPSEC: $shorttunneldescr - outbound isakmp\"\n"; - $ipfrules .= "pass in quick on \${$iface} proto udp from {$remote_gateway} to any port = 500 keep state label \"IPSEC: $shorttunneldescr - inbound isakmp\"\n"; + $ipfrules .= "pass out quick on \${$iface} proto udp from any to {$remote_gateway} port = 500 keep state label \"IPSEC: {$shorttunneldescr} - outbound isakmp\"\n"; + $ipfrules .= "pass in quick on \${$iface} proto udp from {$remote_gateway} to any port = 500 keep state label \"IPSEC: {$shorttunneldescr} - inbound isakmp\"\n"; if ($tunnel['p2']['protocol'] == 'esp') { - $ipfrules .= "pass out quick on \${$iface} proto esp from any to {$remote_gateway} keep state label \"IPSEC: $shorttunneldescr - outbound esp proto\"\n"; - $ipfrules .= "pass in quick on \${$iface} proto esp from {$remote_gateway} to any keep state label \"IPSEC: $shorttunneldescr - inbound esp proto\"\n"; + $ipfrules .= "pass out quick on \${$iface} proto esp from any to {$remote_gateway} keep state label \"IPSEC: {$shorttunneldescr} - outbound esp proto\"\n"; + $ipfrules .= "pass in quick on \${$iface} proto esp from {$remote_gateway} to any keep state label \"IPSEC: {$shorttunneldescr} - inbound esp proto\"\n"; } if ($tunnel['p2']['protocol'] == 'ah') { - $ipfrules .= "pass out quick on \${$iface} proto ah from any to {$remote_gateway} keep state label \"IPSEC: $shorttunneldescr - outbound ah proto\"\n"; - $ipfrules .= "pass in quick on \${$iface} proto ah from {$remote_gateway} to any keep state label \"IPSEC: $shorttunneldescr - inbound ah proto\"\n"; + $ipfrules .= "pass out quick on \${$iface} proto ah from any to {$remote_gateway} keep state label \"IPSEC: {$shorttunneldescr} - outbound ah proto\"\n"; + $ipfrules .= "pass in quick on \${$iface} proto ah from {$remote_gateway} to any keep state label \"IPSEC: {$shorttunneldescr} - inbound ah proto\"\n"; } } } |
