diff options
author | Bill Marquette <billm@pfsense.org> | 2005-03-04 15:22:43 +0000 |
---|---|---|
committer | Bill Marquette <billm@pfsense.org> | 2005-03-04 15:22:43 +0000 |
commit | 7fbc79b1f90d8f05ac58c74727f36bff855343c7 (patch) | |
tree | 461042cc846ae8c66365c4abc8ba5fe811038d67 /etc/inc | |
parent | b471fd16d518c58d3dd4ae0778875043c2b5b740 (diff) | |
download | pfsense-7fbc79b1f90d8f05ac58c74727f36bff855343c7.zip pfsense-7fbc79b1f90d8f05ac58c74727f36bff855343c7.tar.gz |
broke ftp rule with last commit - fix
Diffstat (limited to 'etc/inc')
-rw-r--r-- | etc/inc/filter.inc | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 737c573..68c2de1 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -982,7 +982,7 @@ anchor "carp" # enable ftp-proxy anchor "ftpproxy" -pass in quick on $wanif inet proto tcp from port 20 to ($wanif) port > 49000 user proxy flags S/SA keep state "FTP PROXY: PASV mode data connection" +pass in quick on $wanif inet proto tcp from port 20 to ($wanif) port > 49000 user proxy flags S/SA keep state label "FTP PROXY: PASV mode data connection" # Fix sites that violate RFC 959 which specifies that the data connection # be sourced from the command port - 1 (typicaly port 20) # This workaround doesn't expose us to any extra risk as we'll still only allow |