diff options
| author | Scott Ullrich <sullrich@pfsense.org> | 2007-07-01 19:59:32 +0000 |
|---|---|---|
| committer | Scott Ullrich <sullrich@pfsense.org> | 2007-07-01 19:59:32 +0000 |
| commit | b770450e528eb8e9be7ef6679d9704fda6f8a6ea (patch) | |
| tree | 07d22f3001a6d577c4f5a29fb5a32b021c904694 /etc | |
| parent | 5e4b6e351519ecc95755b4dba6ece3e82e82e13d (diff) | |
| download | pfsense-b770450e528eb8e9be7ef6679d9704fda6f8a6ea.zip pfsense-b770450e528eb8e9be7ef6679d9704fda6f8a6ea.tar.gz | |
Cleanup IPSEC rules. We where blocking port = 500 UDP on CARP interfaces, for one.
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/inc/filter.inc | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 51aa226..a662c9c 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -2819,15 +2819,15 @@ EOD; continue; if(!$remote_gateway) continue; - $ipfrules .= "pass out quick on \${$iface} proto udp from {$interface_ip} to {$remote_gateway} port = 500 keep state label \"IPSEC: {$tunnel['descr']} - outbound isakmp\"\n"; - $ipfrules .= "pass in quick on \${$iface} proto udp from {$remote_gateway} to $interface_ip port = 500 keep state label \"IPSEC: {$tunnel['descr']} - inbound isakmp\"\n"; + $ipfrules .= "pass out quick on \${$iface} proto udp from \${$iface} to {$remote_gateway} port = 500 keep state label \"IPSEC: {$tunnel['descr']} - outbound isakmp\"\n"; + $ipfrules .= "pass in quick on \${$iface} proto udp from {$remote_gateway} to \${$iface} port = 500 keep state label \"IPSEC: {$tunnel['descr']} - inbound isakmp\"\n"; if ($tunnel['p2']['protocol'] == 'esp') { - $ipfrules .= "pass out quick on \${$iface} proto esp from {$interface_ip} to {$remote_gateway} keep state label \"IPSEC: {$tunnel['descr']} - outbound esp proto\"\n"; - $ipfrules .= "pass in quick on \${$iface} proto esp from {$remote_gateway} to {$interface_ip} keep state label \"IPSEC: {$tunnel['descr']} - inbound esp proto\"\n"; + $ipfrules .= "pass out quick on \${$iface} proto esp from \${$iface} to {$remote_gateway} keep state label \"IPSEC: {$tunnel['descr']} - outbound esp proto\"\n"; + $ipfrules .= "pass in quick on \${$iface} proto esp from {$remote_gateway} to \${$iface} keep state label \"IPSEC: {$tunnel['descr']} - inbound esp proto\"\n"; } if ($tunnel['p2']['protocol'] == 'ah') { - $ipfrules .= "pass out quick on \${$iface} proto ah from {$interface_ip} to {$remote_gateway} keep state label \"IPSEC: {$tunnel['descr']} - outbound ah proto\"\n"; - $ipfrules .= "pass in quick on \${$iface} proto ah from {$remote_gateway} to {$interface_ip} keep state label \"IPSEC: {$tunnel['descr']} - inbound ah proto\"\n"; + $ipfrules .= "pass out quick on \${$iface} proto ah from \${$iface} to {$remote_gateway} keep state label \"IPSEC: {$tunnel['descr']} - outbound ah proto\"\n"; + $ipfrules .= "pass in quick on \${$iface} proto ah from {$remote_gateway} to \${$iface} keep state label \"IPSEC: {$tunnel['descr']} - inbound ah proto\"\n"; } } } |
