diff options
author | Chris Buechler <cmb@pfsense.org> | 2012-04-23 00:35:29 -0400 |
---|---|---|
committer | Chris Buechler <cmb@pfsense.org> | 2012-04-23 00:35:29 -0400 |
commit | 7c382a885480ccea6667ca3411358f77182a61c4 (patch) | |
tree | 2529bc640858e04b624a10cb0091b7beb7ac7b6f /etc/inc | |
parent | d887d7f982560d827e274413cd4e3c11345d0911 (diff) | |
download | pfsense-7c382a885480ccea6667ca3411358f77182a61c4.zip pfsense-7c382a885480ccea6667ca3411358f77182a61c4.tar.gz |
go back to scrub rather than "scrub in", the latter breaks MSS clamping for egress traffic the way we use it
Diffstat (limited to 'etc/inc')
-rw-r--r-- | etc/inc/filter.inc | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index bac63d7..b019ed8 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -432,7 +432,7 @@ function filter_generate_scrubing() { if (!empty($config['system']['maxmss'])) $maxmss = $config['system']['maxmss']; - $scrubrules .= "scrub in from any to <vpn_networks> max-mss {$maxmss}\n"; + $scrubrules .= "scrub from any to <vpn_networks> max-mss {$maxmss}\n"; } /* disable scrub option */ foreach ($FilterIflist as $scrubif => $scrubcfg) { @@ -454,9 +454,9 @@ function filter_generate_scrubing() { else $scrubrnid = ""; if(!isset($config['system']['disablescrub'])) - $scrubrules .= "scrub in on \${$scrubcfg['descr']} all {$scrubnodf} {$scrubrnid} {$mssclamp} fragment reassemble\n"; // reassemble all directions + $scrubrules .= "scrub on \${$scrubcfg['descr']} all {$scrubnodf} {$scrubrnid} {$mssclamp} fragment reassemble\n"; // reassemble all directions else if(!empty($mssclamp)) - $scrubrules .= "scrub in on \${$scrubcfg['descr']} {$mssclamp}\n"; + $scrubrules .= "scrub on \${$scrubcfg['descr']} {$mssclamp}\n"; } return $scrubrules; } |