diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2005-03-22 00:15:21 +0000 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2005-03-22 00:15:21 +0000 |
commit | 68ccec2d221da4afd37c3fa07a987e1ec94d86b7 (patch) | |
tree | 47ea5167155cf8e31328d964d5ca8b7bb88eccb9 /etc | |
parent | 8e8a75f8a4fd5008e811b5992bd110b866b55e59 (diff) | |
download | pfsense-68ccec2d221da4afd37c3fa07a987e1ec94d86b7.zip pfsense-68ccec2d221da4afd37c3fa07a987e1ec94d86b7.tar.gz |
Revert back to scrub on wan all.. The previous method was breaking pfsync for wan interface :/
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/filter.inc | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index e331a95..5aba8d0 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -115,7 +115,7 @@ function filter_configure() { } $rules.= "\n"; - $rules.= "scrub on {$wanif} reassemble tcp random-id " . $mssclamp ."\n"; // reassemble all directions + $rules.= "scrub on {$wanif} all " . $mssclamp ."\n"; // reassemble all directions $rules.= $altq_ints . "\n"; $rules.= $altq_queues . "\n"; $rules.= $natrules . "\n"; @@ -1705,12 +1705,12 @@ function create_firewall_outgoing_rules_to_itself() { else $replyto = ""; if($ip <> "") { - $rule .="pass out quick on {$int} {$replyto} inet from any to any keep state\n"; + $rule .="pass out quick on {$int} {$replyto} all keep state\n"; /* XXX - billm: temp fix for pppoe, needs better fix */ if($config['interfaces'][$ifname]['ipaddr'] != "") - $rule .="pass out quick on {$int} {$replyto} inet from {$int} to any keep state\n"; - else - $rule .="pass out quick on {$int} {$replyto} inet from ({$int}) to any keep state\n"; + $rule .="pass out quick on {$int} {$replyto} all keep state\n"; + else //pass out quick on vr1 all keep state + $rule .="pass out quick on {$int} {$replyto} all keep state\n"; } } |