diff options
| author | jim-p <jimp@pfsense.org> | 2012-02-22 14:25:09 -0500 |
|---|---|---|
| committer | jim-p <jimp@pfsense.org> | 2012-02-22 14:43:22 -0500 |
| commit | 3a12bcc49b6ae8e7f283149a5f6dd423ce62a05c (patch) | |
| tree | 5c9aefe1e084c500aff525bd53ea2d7a51cb17e9 /etc | |
| parent | ced52898069ae1be2fd57c0f7d9db44c2092de75 (diff) | |
| download | pfsense-3a12bcc49b6ae8e7f283149a5f6dd423ce62a05c.zip pfsense-3a12bcc49b6ae8e7f283149a5f6dd423ce62a05c.tar.gz | |
For nat reflection inetd rules, udp/dgram requires wait, instead of nowait/0. Might help with UDP reflection.
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/inc/filter.inc | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index bae0fc8..205ff9e 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1154,14 +1154,16 @@ function filter_generate_reflection($rule, $nordr, $rdr_ifs, $srcaddr, $dstaddr_ if($reflect_proto == "udp") { $socktype = "dgram"; $dash_u = "-u "; + $wait = "wait\t"; } else { $socktype = "stream"; $dash_u = ""; + $wait = "nowait/0"; } foreach ($rtarget as $targip) { if (empty($targip)) continue; - $reflection_txt[] = "{$inetdport}\t{$socktype}\t{$reflect_proto}\tnowait/0\tnobody\t/usr/bin/nc\tnc {$dash_u}-w {$reflectiontimeout} {$targip} {$tda}\n"; + $reflection_txt[] = "{$inetdport}\t{$socktype}\t{$reflect_proto}\t{$wait}\tnobody\t/usr/bin/nc\tnc {$dash_u}-w {$reflectiontimeout} {$targip} {$tda}\n"; } } $inetdport++; |
