From 77514a75122de47e6f877a3f80d7ae54c24270f8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ermal=20Lu=E7i?= <eri@pfsense.org>
Date: Thu, 8 Oct 2009 21:56:18 +0000
Subject: Do not use state on the CP authentication port. This is necessary
 since the fwd from layer 2 being done with the latest code will break the
 mechanism that pf keeps state.

---
 etc/inc/filter.inc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index 5b2da51..a5eb633 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -1584,7 +1584,7 @@ function filter_rules_generate()
                 if (count($cpiplist) > 0 && count($cpiflist) > 0) {
                         $cpinterface = implode(" ", $cpiflist);
 			$cpaddresses = implode(" ", $cpiplist);
-			$ipfrules .= "pass in quick on {$cpinterface} proto tcp from any to {$cpaddresses} port { 8000 8001 } keep state\n";
+			$ipfrules .= "pass in quick on {$cpinterface} proto tcp from any to {$cpaddresses} port { 8000 8001 } no state\n";
                 }
 	}
 	/* relayd */
@@ -2312,4 +2312,4 @@ EOD;
 	return($ipfrules);
 }
 
-?>
\ No newline at end of file
+?>
-- 
cgit v1.1