diff options
| author | Scott Ullrich <sullrich@pfsense.org> | 2007-03-28 17:11:43 +0000 |
|---|---|---|
| committer | Scott Ullrich <sullrich@pfsense.org> | 2007-03-28 17:11:43 +0000 |
| commit | 94cb706de947b603503de259084d35583442952e (patch) | |
| tree | c525f930e1117ad320b547e4a6685255a29f1587 /etc | |
| parent | f124cb15354759265eeb62c21aaab3dc02199830 (diff) | |
| download | pfsense-94cb706de947b603503de259084d35583442952e.zip pfsense-94cb706de947b603503de259084d35583442952e.tar.gz | |
Ensure deny rules are allowed when necessary.
Submitted-by: Scott Dale
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/inc/filter.inc | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 54c63c9..150b1fb 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1947,8 +1947,13 @@ function generate_user_filter_rule($rule, $ngcounter) { if($status) { return $line; } else { - /* rule is turned off, lets block the item */ - $ipfw_rule = tdr_create_ipfw_rule($rule, "deny"); + /* rule is turned off, if type == pass, deny traffic until + * active else allow traffic until active + */ + if ($type == "pass") + $ipfw_rule = tdr_create_ipfw_rule($rule, "deny"); + else + $ipfw_rule = tdr_create_ipfw_rule($rule, "allow"); tdr_install_rule($ipfw_rule); return $line; } |
