diff options
| author | Scott Ullrich <sullrich@pfsense.org> | 2007-01-30 16:23:32 +0000 |
|---|---|---|
| committer | Scott Ullrich <sullrich@pfsense.org> | 2007-01-30 16:23:32 +0000 |
| commit | 8539f769b7100bbadf5904c4428a97ee5a0e7649 (patch) | |
| tree | 7ab87f2dabf9824dd863bb74f68cf00f30455fef /etc | |
| parent | 699865037ecbdad8fb65990eeea0e22806693109 (diff) | |
| download | pfsense-8539f769b7100bbadf5904c4428a97ee5a0e7649.zip pfsense-8539f769b7100bbadf5904c4428a97ee5a0e7649.tar.gz | |
Only install icmp rule if we can obtain an IP address for the WAN interface
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/inc/filter.inc | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index d14906a..0f13c2e 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1873,9 +1873,6 @@ table <snort2c> persist block quick from <snort2c> to any label "Block snort2c hosts" block quick from any to <snort2c> label "Block snort2c hosts" -# permit wan interface to ping out (ping_hosts.sh) -pass quick proto icmp from {$wanip} to any - # loopback anchor "loopback" pass in quick on \$loopback all label "pass loopback" @@ -1890,6 +1887,14 @@ anchor "carp" EOD; +if($wanip) + $ipfrules .= <<<EOD + +# permit wan interface to ping out (ping_hosts.sh) +pass quick proto icmp from {$wanip} to any + +EOD; + $ipfrules .= <<<EOD # NAT Reflection rules |
