diff options
| author | Chris Buechler <cmb@pfsense.org> | 2013-10-04 01:46:58 -0500 |
|---|---|---|
| committer | Chris Buechler <cmb@pfsense.org> | 2013-10-04 01:47:29 -0500 |
| commit | 7825f71eaeb82dbd6c54f492b1dd1f284b21b397 (patch) | |
| tree | 29072ab653f6801427c5fa906b5ea39eb22cf2b6 /etc | |
| parent | 619753eeea1d3e0e67d0a35aeb6ab3be44f40604 (diff) | |
| download | pfsense-7825f71eaeb82dbd6c54f492b1dd1f284b21b397.zip pfsense-7825f71eaeb82dbd6c54f492b1dd1f284b21b397.tar.gz | |
use (self) rather than any as the destination for the lockout rules
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/inc/filter.inc | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 393ffb5..77d2db0 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -2567,7 +2567,7 @@ EOD; $ipfrules .= "\n# SSH lockout\n"; if(is_array($config['system']['ssh']) && !empty($config['system']['ssh']['port'])) { - $ipfrules .= "block in log quick proto tcp from <sshlockout> to any port "; + $ipfrules .= "block in log quick proto tcp from <sshlockout> to (self) port "; $ipfrules .= $config['system']['ssh']['port']; $ipfrules .= " label \"sshlockout\"\n"; } else { @@ -2576,7 +2576,7 @@ EOD; else $sshport = 22; if($sshport) - $ipfrules .= "block in log quick proto tcp from <sshlockout> to any port {$sshport} label \"sshlockout\"\n"; + $ipfrules .= "block in log quick proto tcp from <sshlockout> to (self) port {$sshport} label \"sshlockout\"\n"; } $ipfrules .= "\n# webConfigurator lockout\n"; |
