diff options
| author | Ermal Luçi <eri@pfsense.org> | 2008-04-23 19:13:43 +0000 |
|---|---|---|
| committer | Ermal Luçi <eri@pfsense.org> | 2008-04-23 19:13:43 +0000 |
| commit | 3ade6a7d490089f4bdad9274c300d82d5565ac3c (patch) | |
| tree | f0637d5af6b8b1ffa843d3636019339140b162f9 /etc | |
| parent | ae3d3adb784d5a7d9bf1fa2de6682fa614334037 (diff) | |
| download | pfsense-3ade6a7d490089f4bdad9274c300d82d5565ac3c.zip pfsense-3ade6a7d490089f4bdad9274c300d82d5565ac3c.tar.gz | |
Disable this rules alltogether with the note that tap(4) devices do not need any special treatment other than get exposed to the GUI of OpenVPN. This will come incrementally.
For rules a note would be added to the OpenVPN page as it is currently for PPTP/PPPoE to create filter rules themselves to allow traffic to flow.
NOTE: This is as a code cleanup as a security fix since it opened people firewalls under their hood.
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/inc/filter.inc | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index c52eba9..4731aa3 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -2510,7 +2510,9 @@ pass out all keep state label "let out anything from firewall host itself" EOD; - $ipfrules .= create_firewall_outgoing_rules_to_itself(); + //$ipfrules .= create_firewall_outgoing_rules_to_itself(); + /* permit internal ipsec outbound traffic */ + $ipfrules .="pass out on \$enc0 keep state label \"IPsec internal host to host\""; /* allow PPTP traffic if PPTP client is enabled on WAN */ |
