More changes in the attempt to change the logic on filter.inc

author: Ermal Luçi <eri@pfsense.org> 2008-01-20 23:04:50 +0000
committer: Ermal Luçi <eri@pfsense.org> 2008-01-20 23:04:50 +0000
commit: f6f7ad1c90f7308721a310cdd66dfbcfe12b0b93 (patch)
tree: df84b1523b690010f1a31ac9e360bf147f9039d1 /etc
parent: 91bf6319a18d13859f2f62cb42a246f0761f18b7 (diff)
download: pfsense-f6f7ad1c90f7308721a310cdd66dfbcfe12b0b93.zip
pfsense-f6f7ad1c90f7308721a310cdd66dfbcfe12b0b93.tar.gz
1 files changed, 10 insertions, 10 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index f238f84..ffd7d32 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -3070,23 +3070,23 @@ function create_firewall_outgoing_rules_to_itself() {
 			/* first add a rule for the real interface, then for ng0 */
 			$int = " { " . filter_translate_type_to_real_interface($ifname) . " ng0 } ";
 		}
-		$rule .="pass out quick on {$int} all keep state label \"let out anything from firewall host itself\"\n";
+		$rule .="pass out on {$int} all keep state label \"let out anything from firewall host itself\"\n";
 	}
 
 	update_filter_reload_status("Setting up bridging items");
 	/* is bridging turned on? */
 	for($x=0; $x<10; $x++) {
 		if(does_interface_exist("bridge{$x}") == true)
-			$rule .="pass out quick on bridge{$x} all keep state label \"let out anything from firewall host itself\"\n";
+			$rule .="pass out on bridge{$x} all keep state label \"let out anything from firewall host itself\"\n";
 	}
 
 	update_filter_reload_status("Setting up pptp items");
 	if($config['pptpd']['mode'] == "server")
-		$rule .="pass out quick on \$pptp all keep state label \"let out anything from firewall host itself pptp\"\n";
+		$rule .="pass out on \$pptp all keep state label \"let out anything from firewall host itself pptp\"\n";
 
 	update_filter_reload_status("Setting up pppoe items");
 	if($config['pppoe']['mode'] == "server")
-		$rule .="pass out quick on \$pppoe all keep state label \"let out anything from firewall host itself pppoe\"\n";
+		$rule .="pass out on \$pppoe all keep state label \"let out anything from firewall host itself pppoe\"\n";
 
 	update_filter_reload_status("Setting up gif tunnels");
 	/* setup outgoing gif tunnels */
@@ -3094,40 +3094,40 @@ function create_firewall_outgoing_rules_to_itself() {
 	$number_of_gifs++;
 	for($x=0; $x<$number_of_gifs; $x++) {
 		if(does_interface_exist("gif{$x}") == true)
-			$rule .="pass out quick on gif{$x} all keep state label \"let out anything from firewall host itself ipsec gif\"\n";
+			$rule .="pass out on gif{$x} all keep state label \"let out anything from firewall host itself ipsec gif\"\n";
 	}
 
 	update_filter_reload_status("Setting up tun interfaces (openvpn)");
 	/* openvpn tun interfaces.  check for 100. */
 	for($x=0; $x<100; $x++) {
 		if(does_interface_exist("tun{$x}") == true) {
-			$rule .="pass out quick on tun{$x} all keep state label \"let out anything from firewall host itself openvpn\"\n";
+			$rule .="pass out on tun{$x} all keep state label \"let out anything from firewall host itself openvpn\"\n";
 			$friendlytunif = convert_real_interface_to_friendly_interface_name("tun{$x}");
 			/* If the interface has a gateway we do not add a pass in rule. */
 			/* Some people use a TUN tunnel with public IP as a Multiwan interface */
 			if(interface_has_gateway("tun{$x}")) {
 				$rule .= "# Not adding default pass in rule for interface $friendlytunif - tun{$x} with a gateway!";
 			} else {
-				$rule .="pass in quick on tun{$x} all keep state label \"let out anything from firewall host itself openvpn\"\n";
+				$rule .="pass in on tun{$x} all keep state label \"let out anything from firewall host itself openvpn\"\n";
 			}
 		}
 	}
 	for($x=0; $x<100; $x++) {
 		if(does_interface_exist("tap{$x}") == true) {
-			$rule .="pass out quick on tap{$x} all keep state label \"let out anything from firewall host itself openvpn\"\n";
+			$rule .="pass out on tap{$x} all keep state label \"let out anything from firewall host itself openvpn\"\n";
 			$friendlytapif = convert_real_interface_to_friendly_interface_name("tap{$x}");
 			/* If the interface has a gateway we do not add a pass in rule. */
 			/* Some people use a TAP tunnel with public IP as a Multiwan interface */
 			if(interface_has_gateway("tap{$x}")) {
 				$rule .= "# Not adding default pass in rule for interface $friendlytapif - tap{$x} with a gateway!";
 			} else {
-				$rule .="pass in quick on tap{$x} all keep state label \"let out anything from firewall host itself openvpn\"\n";
+				$rule .="pass in on tap{$x} all keep state label \"let out anything from firewall host itself openvpn\"\n";
 			}
 		}
 	}
 
 	/* permit internal ipsec outbound traffic */
-	$rule .="pass out quick on \$enc0 keep state label \"IPsec internal host to host\"";
+	$rule .="pass out on \$enc0 keep state label \"IPsec internal host to host\"";
 
 	return $rule;
 }
author	Ermal Luçi <eri@pfsense.org>	2008-01-20 23:04:50 +0000
committer	Ermal Luçi <eri@pfsense.org>	2008-01-20 23:04:50 +0000
commit	f6f7ad1c90f7308721a310cdd66dfbcfe12b0b93 (patch)
tree	df84b1523b690010f1a31ac9e360bf147f9039d1 /etc
parent	91bf6319a18d13859f2f62cb42a246f0761f18b7 (diff)
download	pfsense-f6f7ad1c90f7308721a310cdd66dfbcfe12b0b93.zip pfsense-f6f7ad1c90f7308721a310cdd66dfbcfe12b0b93.tar.gz