diff options
author | Ermal Luçi <eri@pfsense.org> | 2009-02-22 19:32:19 +0000 |
---|---|---|
committer | Ermal Luçi <eri@pfsense.org> | 2009-02-22 19:32:19 +0000 |
commit | f206dce487bc6de738c4bcafed251f4db9523165 (patch) | |
tree | 4d0e2fd9a0e974d1c55ca22b72f61fa79c7cea0c /etc | |
parent | 9d36fbc6949dae859e55c010edf99b65db6cb0bd (diff) | |
download | pfsense-f206dce487bc6de738c4bcafed251f4db9523165.zip pfsense-f206dce487bc6de738c4bcafed251f4db9523165.tar.gz |
Remove the quick from the rule to allow ftp control connections to be policed correctly. A kernel patch protects them from the route-to/reply-to foo.
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/filter.inc | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 9b589e7..2da313d 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -2115,7 +2115,7 @@ EOD; $ipfrules .= "\nanchor \"ftp-proxy/*\"\n"; if(!isset($config['system']['disableftpproxy'])) { $ipfrules .= "\n# enable ftp-proxy\n"; - $ipfrules .= "pass in quick inet proto tcp tagged PFFTPPROXY flags S/SA keep state label \"FTP PROXY: Allow traffic to localhost\"\n"; + $ipfrules .= "pass in inet proto tcp tagged PFFTPPROXY flags S/SA keep state label \"FTP PROXY: Allow traffic to localhost\"\n"; if (isset($config['system']['rfc959workaround'])) { $ipfrules .= <<<EODEOD |