diff options
author | Renato Botelho <renato@netgate.com> | 2015-07-18 13:25:54 -0300 |
---|---|---|
committer | Renato Botelho <renato@netgate.com> | 2015-07-18 13:25:54 -0300 |
commit | 2353f74c7af235637cda1a774455ffb5665d61d2 (patch) | |
tree | f2db2ff7b6104d6ab200aa559410bab27f0a852d /etc/inc | |
parent | ddd1a9f597f8797238abd6869a3e389b88378b08 (diff) | |
parent | 408d56c5b575277a662b015a3126c01d58f4f9e4 (diff) | |
download | pfsense-2353f74c7af235637cda1a774455ffb5665d61d2.zip pfsense-2353f74c7af235637cda1a774455ffb5665d61d2.tar.gz |
Merge pull request #1763 from doktornotor/patch-4
Diffstat (limited to 'etc/inc')
-rw-r--r-- | etc/inc/filter.inc | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 7638a20..657888c 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -3156,10 +3156,10 @@ pass in {$log['pass']} quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 i pass in {$log['pass']} quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type {128,133,134,135,136} tracker {$increment_tracker($tracker)} keep state # We use the mighty pf, we cannot be fooled. -block {$log['block']} quick inet proto { tcp, udp } from any port = 0 to any tracker {$increment_tracker($tracker)} -block {$log['block']} quick inet proto { tcp, udp } from any to any port = 0 tracker {$increment_tracker($tracker)} -block {$log['block']} quick inet6 proto { tcp, udp } from any port = 0 to any tracker {$increment_tracker($tracker)} -block {$log['block']} quick inet6 proto { tcp, udp } from any to any port = 0 tracker {$increment_tracker($tracker)} +block {$log['block']} quick inet proto { tcp, udp } from any port = 0 to any tracker {$increment_tracker($tracker)} label "Block traffic from port 0" +block {$log['block']} quick inet proto { tcp, udp } from any to any port = 0 tracker {$increment_tracker($tracker)} label "Block traffic to port 0" +block {$log['block']} quick inet6 proto { tcp, udp } from any port = 0 to any tracker {$increment_tracker($tracker)} label "Block traffic from port 0" +block {$log['block']} quick inet6 proto { tcp, udp } from any to any port = 0 tracker {$increment_tracker($tracker)} label "Block traffic to port 0" # Snort package block {$log['block']} quick from <snort2c> to any tracker {$increment_tracker($tracker)} label "Block snort2c hosts" |