diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2005-06-28 16:47:08 +0000 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2005-06-28 16:47:08 +0000 |
commit | add734e713e4b0b420ad781e87a4ffecfcba7b71 (patch) | |
tree | 9ecd4ce261491e06707a99b38f777869927dd83a /etc/inc | |
parent | 0dce7515048d79f6723654a878bfdeb83fd77a24 (diff) | |
download | pfsense-add734e713e4b0b420ad781e87a4ffecfcba7b71.zip pfsense-add734e713e4b0b420ad781e87a4ffecfcba7b71.tar.gz |
Setup RFC959 workarounds on all interfaces.
Diffstat (limited to 'etc/inc')
-rw-r--r-- | etc/inc/filter.inc | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 282a157..1ebdbc4 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1511,8 +1511,13 @@ EOD; # This workaround doesn't expose us to any extra risk as we'll still only allow # connections to the firewall on a port that ftp-proxy is listening on pass in quick on $wanif inet proto tcp from any to ($wanif) port > 49000 user proxy flags S/SA keep state label "FTP PROXY: RFC959 violation workaround" - EOD; + + $optcfg = array(); + generate_optcfg_array($optcfg); + foreach($optcfg as $oc) { + echo "pass in quick on {$oc} inet proto tcp from any to ({$oc}) port > 49000 user proxy flags S/SA keep state label \"FTP PROXY: RFC959 violation workaround\" \n"; + } } } |