diff options
author | jim-p <jimp@pfsense.org> | 2012-02-22 14:25:09 -0500 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2012-02-22 14:26:28 -0500 |
commit | 40ce0d68eda845f7be0070137253c15dcaeffad4 (patch) | |
tree | ff577817adfdbc603e9a21bd361657cdd64cd3aa /etc/inc | |
parent | f581cb10fd9fe91359f92fd37f5ff788d85d2d7b (diff) | |
download | pfsense-40ce0d68eda845f7be0070137253c15dcaeffad4.zip pfsense-40ce0d68eda845f7be0070137253c15dcaeffad4.tar.gz |
For nat reflection inetd rules, udp/dgram requires wait, instead of nowait/0. Might help with UDP reflection.
Diffstat (limited to 'etc/inc')
-rw-r--r-- | etc/inc/filter.inc | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index e806ba0..90b4064 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1181,14 +1181,16 @@ function filter_generate_reflection($rule, $nordr, $rdr_ifs, $srcaddr, $dstaddr_ if($reflect_proto == "udp") { $socktype = "dgram"; $dash_u = "-u "; + $wait = "wait\t"; } else { $socktype = "stream"; $dash_u = ""; + $wait = "nowait/0"; } foreach ($rtarget as $targip) { if (empty($targip)) continue; - $reflection_txt[] = "{$inetdport}\t{$socktype}\t{$reflect_proto}\tnowait/0\tnobody\t/usr/bin/nc\tnc {$dash_u}-w {$reflectiontimeout} {$targip} {$tda}\n"; + $reflection_txt[] = "{$inetdport}\t{$socktype}\t{$reflect_proto}\t{$wait}\tnobody\t/usr/bin/nc\tnc {$dash_u}-w {$reflectiontimeout} {$targip} {$tda}\n"; } } $inetdport++; |