diff options
| author | Scott Ullrich <sullrich@pfsense.org> | 2007-02-02 21:00:25 +0000 |
|---|---|---|
| committer | Scott Ullrich <sullrich@pfsense.org> | 2007-02-02 21:00:25 +0000 |
| commit | b2170e79866cab35c222d46388f2530d62a609ee (patch) | |
| tree | 476961332f99ad3284f16a98898953109f0011df /etc | |
| parent | 8df2a3c4c94d08709918e69641ca0d165f40ba7f (diff) | |
| download | pfsense-b2170e79866cab35c222d46388f2530d62a609ee.zip pfsense-b2170e79866cab35c222d46388f2530d62a609ee.tar.gz | |
Allow firewall to pass out ICMP just as we do other protocols. pfSense uses inbound filtering to control traffic.
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/inc/filter.inc | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 15bf67a..14f393c 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -2238,6 +2238,8 @@ if (!isset($config['shaper']['enable']) && !is_array($config['shaper']['queue']) $ipfrules .= <<<EOD # let out anything from the firewall host itself and decrypted IPsec traffic +pass out quick on \$lan proto icmp keep state label "let out anything from firewall host itself" +pass out quick on \$wan proto icmp keep state label "let out anything from firewall host itself" pass out quick on $wanif all keep state label "let out anything from firewall host itself" EOD; @@ -2252,6 +2254,7 @@ EOD; # let out anything from the firewall host itself and decrypted IPsec traffic +pass out quick on {$oc['if']} proto icmp keep state label "let out anything from firewall host itself" pass out quick on {$oc['if']} all keep state label "let out anything from firewall host itself" EOD; |
