diff options
| author | Ermal Luçi <eri@pfsense.org> | 2010-02-09 22:29:08 +0000 |
|---|---|---|
| committer | Ermal Luçi <eri@pfsense.org> | 2010-02-09 22:29:08 +0000 |
| commit | f48ddade4b3bbaba56d6ba00e0472905adfb7233 (patch) | |
| tree | 2a5619e6dbc3ceb51e62e52f6b8adea95f60be8a /etc | |
| parent | 9868f81861f3ef2eded65fd8b4a62d55f8b737a7 (diff) | |
| download | pfsense-f48ddade4b3bbaba56d6ba00e0472905adfb7233.zip pfsense-f48ddade4b3bbaba56d6ba00e0472905adfb7233.tar.gz | |
Ticket #334. There is a very slight possibility that when LAN is disabled or not present the anti-lockout rule will be erroneous. Tighten the conditions more to make sure this does not happen.
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/inc/filter.inc | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index f7b169c..e7c49e2 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1917,7 +1917,7 @@ EOD; } } if(!isset($config['system']['webgui']['noantilockout'])) { - if(count($config['interfaces']) > 1) { + if(count($config['interfaces']) > 1 && !empty($FilterIflist['lan']['if'])) { /* if antilockout is enabled, LAN exists and has * an IP and subnet mask assigned */ @@ -1928,7 +1928,7 @@ anchor "anti-lockout" pass in quick on {$lanif} from any to ({$lanif}) keep state label "anti-lockout rule" EOD; - } else { + } else if (count($config['interfaces']) == 1) { /* single-interface deployment, add to WAN */ $wanif = $FilterIflist["wan"]['if']; $ipfrules .= <<<EOD |
