summaryrefslogtreecommitdiffstats
path: root/etc
diff options
context:
space:
mode:
authorScott Ullrich <sullrich@pfsense.org>2005-03-22 03:39:52 +0000
committerScott Ullrich <sullrich@pfsense.org>2005-03-22 03:39:52 +0000
commit4c359b669cf6f7c9e15b4f4c28d1c869b233e984 (patch)
treec3940ca1bccdb108ed37461e02225e9680604803 /etc
parent9c4906ff432ba11869c166aa3954893cfbb085e1 (diff)
downloadpfsense-4c359b669cf6f7c9e15b4f4c28d1c869b233e984.zip
pfsense-4c359b669cf6f7c9e15b4f4c28d1c869b233e984.tar.gz
* Label the outgoing rules
* Do not duplicate outgoing rules * Move the outgoing rules to the correct location
Diffstat (limited to 'etc')
-rw-r--r--etc/inc/filter.inc10
1 files changed, 5 insertions, 5 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index 91afc78..a7801ac 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -1002,8 +1002,6 @@ function filter_rules_generate() {
$ipfrules .= "pass out quick on " . $wanif . " inet proto tcp from ($wanif) to any port www flags S/SA keep state label \"transparent proxy\"\n";
}
- $ipfrules .= create_firewall_outgoing_rules_to_itself();
-
$ipfrules .= <<<EOD
# loopback
@@ -1200,10 +1198,12 @@ EOD;
$ipfrules .= <<<EOD
# let out anything from the firewall host itself and decrypted IPsec traffic
-pass out quick on $wanif all keep state label "let out anything from firewall host itself"
+# pass out quick on $wanif all keep state label "let out anything from firewall host itself"
EOD;
+ $ipfrules .= create_firewall_outgoing_rules_to_itself();
+
/* group heads for optional interfaces */
foreach ($optcfg as $on => $oc) {
@@ -1709,9 +1709,9 @@ function create_firewall_outgoing_rules_to_itself() {
//$rule .="pass out quick on {$int} {$replyto} all keep state\n";
/* XXX - billm: temp fix for pppoe, needs better fix */
if($config['interfaces'][$ifname]['ipaddr'] != "")
- $rule .="pass out quick on {$int} {$replyto} all keep state\n";
+ $rule .="pass out quick on {$int} {$replyto} all keep state label \"let out anything from firewall host itself\"\n";
else //pass out quick on vr1 all keep state
- $rule .="pass out quick on {$int} {$replyto} all keep state\n";
+ $rule .="pass out quick on {$int} {$replyto} all keep state label \"let out anything from firewall host itself\"\n";
}
}
OpenPOWER on IntegriCloud