diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2007-06-29 16:22:20 +0000 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2007-06-29 16:22:20 +0000 |
commit | 8cf7463418fdf926243d8d8dc1e1e707c65688ba (patch) | |
tree | d5b018754a97a5c517f9c5a5887b0cddc2331e3d /etc | |
parent | 93c86d2b757c9a832a32f98a1d8f9cca2a3eaa45 (diff) | |
download | pfsense-8cf7463418fdf926243d8d8dc1e1e707c65688ba.zip pfsense-8cf7463418fdf926243d8d8dc1e1e707c65688ba.tar.gz |
Move CARP and PFSYNC allow traffic before USER_RULES section. If a person has a restrictive ruleset then it is possible to disallow traffic.
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/filter.inc | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 4591c7d..e9bb342 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -2665,6 +2665,8 @@ EOD; $ipfrules .= "anchor \"ftpproxy\"\n"; $ipfrules .= "anchor \"pftpx/*\"\n"; + $ipfrules .= process_carp_rules(); + if (isset($config['filter']['rule'])) { /* Pre-cache all our rules so we only have to generate them once */ $rule_arr = array(); @@ -2759,8 +2761,6 @@ EOD; } } - $ipfrules .= process_carp_rules(); - update_filter_reload_status("Creating carp rules..."); $ipfrules .= "\n# VPN Rules\n"; |