From e91baab820fda7944e9a2153c8b79e90c63b968c Mon Sep 17 00:00:00 2001
From: Chris Buechler <cmb@pfsense.org>
Date: Fri, 18 Dec 2009 22:20:44 -0500
Subject: fix reject rules to the same as in 1_2. return is valid on all rules

---
 etc/inc/filter.inc                    | 13 ++-----------
 usr/local/www/firewall_rules.php      |  5 +----
 usr/local/www/firewall_rules_edit.php |  2 +-
 3 files changed, 4 insertions(+), 16 deletions(-)

diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index 692d8e3..08b2e92 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -1361,16 +1361,7 @@ function filter_generate_user_rule($rule)
 		$type = "pass ";
 	}
 	if ($type == "reject") {
-		/* special reject packet */
-		if ($rule['protocol'] == "tcp") {
-			$aline['type'] = "block return-rst ";
-		} else if ($rule['protocol'] == "udp") {
-			$aline['type'] = "block return-icmp ";
-		} else if ($rule['protocol'] == "tcp/udp") {
-			$aline['type'] = "block return ";
-		} else {
-			$aline['type'] = "block ";
-		}
+		$aline['type'] = "block return ";
 	} else 
 		$aline['type'] = $type . " ";
 	if (isset($rule['floating']) && $rule['floating'] == "yes") {
@@ -2406,4 +2397,4 @@ EOD;
 	return($ipfrules);
 }
 
-?>
+?>
\ No newline at end of file
diff --git a/usr/local/www/firewall_rules.php b/usr/local/www/firewall_rules.php
index 380a003..2d67fd5 100755
--- a/usr/local/www/firewall_rules.php
+++ b/usr/local/www/firewall_rules.php
@@ -369,10 +369,7 @@ echo "<script type=\"text/javascript\" language=\"javascript\" src=\"/javascript
 				  <?php if ($filterent['type'] == "block")
 				  			$iconfn = "block";
 						else if ($filterent['type'] == "reject") {
-							if ($filterent['protocol'] == "tcp" || $filterent['protocol'] == "udp" || $filterent['protocol'] == "tcp/udp")
-								$iconfn = "reject";
-							else
-								$iconfn = "block";
+							$iconfn = "reject";
 						} else
 							$iconfn = "pass";
 						if (isset($filterent['disabled'])) {
diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php
index 1cb0c46..31cc90e 100755
--- a/usr/local/www/firewall_rules_edit.php
+++ b/usr/local/www/firewall_rules_edit.php
@@ -529,7 +529,7 @@ include("head.inc");
 				<br/>
 				<span class="vexpl">
 					Choose what to do with packets that match the criteria specified below. <br/>
-					Hint: the difference between block and reject is that with reject, a packet (TCP RST or ICMP port unreachable for UDP) is returned to the sender, whereas with block the packet is dropped silently. In either case, the original packet is discarded. Reject only works when the protocol is set to either TCP or UDP (but not &quot;TCP/UDP&quot;) below.
+					Hint: the difference between block and reject is that with reject, a packet (TCP RST or ICMP port unreachable for UDP) is returned to the sender, whereas with block the packet is dropped silently. In either case, the original packet is discarded. 
 				</span>
 			</td>
 		</tr>
-- 
cgit v1.1