diff options
| author | Scott Ullrich <sullrich@pfsense.org> | 2006-09-25 00:41:28 +0000 |
|---|---|---|
| committer | Scott Ullrich <sullrich@pfsense.org> | 2006-09-25 00:41:28 +0000 |
| commit | e99e980469dbb0be0465df9edc27f14518c986d1 (patch) | |
| tree | 4bb8bdb740fabef97d6938941b065cc3f1337d5d /etc/inc | |
| parent | f3af8b4a6052ac2b57e378eb91e976c8a9cb7c20 (diff) | |
| download | pfsense-e99e980469dbb0be0465df9edc27f14518c986d1.zip pfsense-e99e980469dbb0be0465df9edc27f14518c986d1.tar.gz | |
* Move snort2c to top of rules section
* Block snort2c hosts
Diffstat (limited to 'etc/inc')
| -rw-r--r-- | etc/inc/filter.inc | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index e701767..e5c134e 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1806,6 +1806,10 @@ function filter_rules_generate() { $ipfrules .= <<<EOD +# snort2c +table <snort2c> persist +block in quick from <snort2c> to any label "Block snort2c hosts" + # loopback anchor "loopback" pass in quick on \$loopback all label "pass loopback" @@ -2413,9 +2417,6 @@ EOD; } $ipfrules .= <<<EOD -# snort2c -table <snort2c> persist - anchor "ftpproxy" anchor "pftpx/*" pass in quick on $lanif inet proto tcp from any to \$loopback port 8021 keep state label "FTP PROXY: Allow traffic to localhost" |
