diff options
| author | Scott Ullrich <sullrich@pfsense.org> | 2005-05-30 21:24:44 +0000 |
|---|---|---|
| committer | Scott Ullrich <sullrich@pfsense.org> | 2005-05-30 21:24:44 +0000 |
| commit | 6ffe732131655f7efaf84f9b16e71d9fa33d8294 (patch) | |
| tree | 2fccc45f3a8c7ddfe2a48cb37e04cd88ca8fa01f /etc | |
| parent | 9c648daebfe492b39df34b975492d4220817e87d (diff) | |
| download | pfsense-6ffe732131655f7efaf84f9b16e71d9fa33d8294.zip pfsense-6ffe732131655f7efaf84f9b16e71d9fa33d8294.tar.gz | |
Move ssh lockout rule and make it a non-quick rule so that USER_RULES can override if they wish
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/inc/filter.inc | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index d2de11f..a47fc46 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1926,6 +1926,9 @@ EOD; $ipfrules .= "pass in on {$cp_interface} from <captiveportal> to any keep state label \"allow captive portal authd users\"\n"; } + $ipfrules .= "\n# SSH lockout\n"; + $ipfrules .= "block in log proto tcp from <sshlockout> to any port 22 label \"sshlockout\"\n\n"; + $ipfrules .= "\n# User-defined rules follow\n"; if (isset($config['filter']['rule'])) { @@ -1961,9 +1964,6 @@ EOD; $ipfrules .= process_carp_rules(); - $ipfrules .= "\n# SSH lockout\n"; - $ipfrules .= "block in log quick proto tcp from <sshlockout> to any port 22 label \"sshlockout\"\n\n"; - $ipfrules .= "\n# VPN Rules\n"; $lan_ip = $config['interfaces']['lan']['ipaddr']; $lan_subnet = $config['interfaces']['lan']['subnet']; |
