diff options
author | Chris Buechler <cmb@pfsense.org> | 2013-06-14 19:06:49 -0500 |
---|---|---|
committer | Chris Buechler <cmb@pfsense.org> | 2013-06-14 19:06:49 -0500 |
commit | bcd94190b1d2f0827c03ba0b90ffccd355c71009 (patch) | |
tree | d0eae16b8a1db3661836e862bcf45f6f201865c3 /etc/inc | |
parent | 2ca432514e09e5388f1786f0f6c6d977d3254533 (diff) | |
download | pfsense-bcd94190b1d2f0827c03ba0b90ffccd355c71009.zip pfsense-bcd94190b1d2f0827c03ba0b90ffccd355c71009.tar.gz |
TCP flags are valid on any type of rule, don't skip them on block or reject rules
Diffstat (limited to 'etc/inc')
-rw-r--r-- | etc/inc/filter.inc | 58 |
1 files changed, 29 insertions, 29 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index b6dac30..0b46c2c 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -2257,37 +2257,37 @@ function filter_generate_user_rule($rule) { if ($type == "pass") { if (isset($rule['allowopts'])) $aline['allowopts'] = " allow-opts "; - - $aline['flags'] = ""; - if ($rule['protocol'] == "tcp") { - if (isset($rule['tcpflags_any'])) - $aline['flags'] = "flags any "; - else if (!empty($rule['tcpflags2'])) { - $aline['flags'] = "flags "; - if (!empty($rule['tcpflags1'])) { - $flags1 = explode(",", $rule['tcpflags1']); - foreach ($flags1 as $flag1) { - // CWR flag needs special treatment - if($flag1[0] == "c") - $aline['flags'] .= "W"; - else - $aline['flags'] .= strtoupper($flag1[0]); - } + } + $aline['flags'] = ""; + if ($rule['protocol'] == "tcp") { + if (isset($rule['tcpflags_any'])) + $aline['flags'] = "flags any "; + else if (!empty($rule['tcpflags2'])) { + $aline['flags'] = "flags "; + if (!empty($rule['tcpflags1'])) { + $flags1 = explode(",", $rule['tcpflags1']); + foreach ($flags1 as $flag1) { + // CWR flag needs special treatment + if($flag1[0] == "c") + $aline['flags'] .= "W"; + else + $aline['flags'] .= strtoupper($flag1[0]); } - $aline['flags'] .= "/"; - if (!empty($rule['tcpflags2'])) { - $flags2 = explode(",", $rule['tcpflags2']); - foreach ($flags2 as $flag2) { - // CWR flag needs special treatment - if($flag2[0] == "c") - $aline['flags'] .= "W"; - else - $aline['flags'] .= strtoupper($flag2[0]); - } + } + $aline['flags'] .= "/"; + if (!empty($rule['tcpflags2'])) { + $flags2 = explode(",", $rule['tcpflags2']); + foreach ($flags2 as $flag2) { + // CWR flag needs special treatment + if($flag2[0] == "c") + $aline['flags'] .= "W"; + else + $aline['flags'] .= strtoupper($flag2[0]); } - $aline['flags'] .= " "; - } else - $aline['flags'] = "flags S/SA "; + } + $aline['flags'] .= " "; + } else { + $aline['flags'] = "flags S/SA "; } /* |