diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2007-01-28 04:35:25 +0000 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2007-01-28 04:35:25 +0000 |
commit | d8a778565a27cd491ce7011781b9c9a5f819a0aa (patch) | |
tree | 89783fb4dac5623b225ef751bd78b1a2f922e9a5 /etc | |
parent | 1d1dfa64f27d2e338ab0e7d70933f2b91a67c5f2 (diff) | |
download | pfsense-d8a778565a27cd491ce7011781b9c9a5f819a0aa.zip pfsense-d8a778565a27cd491ce7011781b9c9a5f819a0aa.tar.gz |
Permit firewall to ping out from the WAN IP for ping_hosts.sh
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/filter.inc | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 1421669..d14906a 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1400,7 +1400,7 @@ function generate_user_filter_rule($rule, $ngcounter) { $lbs = $lb['servers']; } - /* If we want failover we only return the first (top) server from the list + /* If we want failover we only return the first (top) server from the list * and work our way down from there. This way we order the failover order. */ if($lb['behaviour'] == "failover") { @@ -1806,6 +1806,8 @@ function filter_rules_generate() { $lansa = gen_subnet($lancfg['ipaddr'], $lancfg['subnet']); $lansn = $lancfg['subnet']; + $wanip = find_interface_ip(get_real_wan_interface()); + if($lansa) $lansa_sn_combo = "{$lansa}/{$lansn}"; else @@ -1871,6 +1873,9 @@ table <snort2c> persist block quick from <snort2c> to any label "Block snort2c hosts" block quick from any to <snort2c> label "Block snort2c hosts" +# permit wan interface to ping out (ping_hosts.sh) +pass quick proto icmp from {$wanip} to any + # loopback anchor "loopback" pass in quick on \$loopback all label "pass loopback" @@ -2939,4 +2944,4 @@ function return_vpn_subnet($adr) { } -?> +?>
\ No newline at end of file |