From 408d56c5b575277a662b015a3126c01d58f4f9e4 Mon Sep 17 00:00:00 2001
From: doktornotor <notordoktor@gmail.com>
Date: Sat, 18 Jul 2015 11:54:15 +0200
Subject: Add labels to some default firewall rules

... so that people can get useful descriptions in the System Logs - Firewall GUI, instead of useless tracker numbers. This is for master branch.
---
 etc/inc/filter.inc | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'etc/inc')

diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index ec65bad..4093579 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -3155,10 +3155,10 @@ pass in {$log['pass']} quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 i
 pass in {$log['pass']} quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type {128,133,134,135,136} tracker {$increment_tracker($tracker)} keep state
 
 # We use the mighty pf, we cannot be fooled.
-block {$log['block']} quick inet proto { tcp, udp } from any port = 0 to any tracker {$increment_tracker($tracker)}
-block {$log['block']} quick inet proto { tcp, udp } from any to any port = 0 tracker {$increment_tracker($tracker)}
-block {$log['block']} quick inet6 proto { tcp, udp } from any port = 0 to any tracker {$increment_tracker($tracker)}
-block {$log['block']} quick inet6 proto { tcp, udp } from any to any port = 0 tracker {$increment_tracker($tracker)}
+block {$log['block']} quick inet proto { tcp, udp } from any port = 0 to any tracker {$increment_tracker($tracker)} label "Block traffic from port 0"
+block {$log['block']} quick inet proto { tcp, udp } from any to any port = 0 tracker {$increment_tracker($tracker)} label "Block traffic to port 0"
+block {$log['block']} quick inet6 proto { tcp, udp } from any port = 0 to any tracker {$increment_tracker($tracker)} label "Block traffic from port 0"
+block {$log['block']} quick inet6 proto { tcp, udp } from any to any port = 0 tracker {$increment_tracker($tracker)} label "Block traffic to port 0"
 
 # Snort package
 block {$log['block']} quick from <snort2c> to any tracker {$increment_tracker($tracker)} label "Block snort2c hosts"
-- 
cgit v1.1