summaryrefslogtreecommitdiffstats
path: root/etc/inc/filter.inc
diff options
context:
space:
mode:
Diffstat (limited to 'etc/inc/filter.inc')
-rw-r--r--etc/inc/filter.inc11
1 files changed, 8 insertions, 3 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index d14906a..0f13c2e 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -1873,9 +1873,6 @@ table <snort2c> persist
block quick from <snort2c> to any label "Block snort2c hosts"
block quick from any to <snort2c> label "Block snort2c hosts"
-# permit wan interface to ping out (ping_hosts.sh)
-pass quick proto icmp from {$wanip} to any
-
# loopback
anchor "loopback"
pass in quick on \$loopback all label "pass loopback"
@@ -1890,6 +1887,14 @@ anchor "carp"
EOD;
+if($wanip)
+ $ipfrules .= <<<EOD
+
+# permit wan interface to ping out (ping_hosts.sh)
+pass quick proto icmp from {$wanip} to any
+
+EOD;
+
$ipfrules .= <<<EOD
# NAT Reflection rules
OpenPOWER on IntegriCloud