diff options
| author | Helder Pereira <helder.lesi@gmail.com> | 2008-12-27 13:59:53 +0000 |
|---|---|---|
| committer | Helder Pereira <helder.lesi@gmail.com> | 2008-12-27 13:59:53 +0000 |
| commit | 3d24c1a1a07990b4317c554bf58a80a259083d20 (patch) | |
| tree | 06c81035d8811f64b71c1a02992c22b702d6206f /etc/inc | |
| parent | f363d38017e6aeff1b5ab868125063ef9d3b4ca3 (diff) | |
| download | pfsense-3d24c1a1a07990b4317c554bf58a80a259083d20.zip pfsense-3d24c1a1a07990b4317c554bf58a80a259083d20.tar.gz | |
Corrected layer7 name in rules config
Added divert tag to pf rules when layer7 is selected in a firewall rule
Diffstat (limited to 'etc/inc')
| -rw-r--r-- | etc/inc/filter.inc | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 2378bcc..ec1ed51 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1568,7 +1568,7 @@ function generate_user_filter_rule($rule) isset($rule['max-src-conn-rates']) and $rule['max-src-conn-rates'] <> "" or isset($rule['max-src-states']) and $rule['max-src-states'] <> "" or isset($rule['statetimeout']) and $rule['statetimeout'] <> "" or - isset($rule['l7container']) and $rule['l7container']['name'] != "none") { + isset($rule['l7container']) and $rule['l7container'] != "none") { $aline['flags'] .= "( "; if(isset($rule['source-track']) and $rule['source-track'] <> "") $aline['flags'] .= "source-track rule "; @@ -1583,7 +1583,7 @@ function generate_user_filter_rule($rule) $aline['flags'] .= "max-src-conn-rate " . $rule['max-src-conn-rate'] . " "; $aline['flags'] .= "/" . $rule['max-src-conn-rates'] . ", overload <virusprot> flush global "; } - if(isset($rule['l7container']) && $rule['l7container']['name'] != "none" && !empty($l7_structures)) { + if(isset($rule['l7container']) && $rule['l7container'] != "none" && !empty($l7_structures)) { $aline['flags'] .= "max-packets 5, "; if($l7_structures['action']) { $aline['flags'] .= "overload action diverttag "; @@ -1668,7 +1668,7 @@ function generate_user_filter_rule($rule) /* piece together the actual user rule */ $line .= $aline['type'] . $aline['direction'] . $aline['log'] . $aline['quick'] . $aline['interface'] . $aline['reply'] . $aline['route'] . $aline['prot'] . $aline['src'] . $aline['srcport'] . $aline['os'] . $aline['dst'] . - $aline['dstport'] . $aline['icmp-type'] . $aline['tag'] . $aline['tagged'] . $aline['dscp'] . + $aline['dstport'] . $aline['divert'] . $aline['icmp-type'] . $aline['tag'] . $aline['tagged'] . $aline['dscp'] . $aline['flags'] . $aline['queue'] . $aline['dnpipe']; /* is a time based rule schedule attached? */ |
