From 7fbc79b1f90d8f05ac58c74727f36bff855343c7 Mon Sep 17 00:00:00 2001 From: Bill Marquette Date: Fri, 4 Mar 2005 15:22:43 +0000 Subject: broke ftp rule with last commit - fix --- etc/inc/filter.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'etc/inc') diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 737c573..68c2de1 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -982,7 +982,7 @@ anchor "carp" # enable ftp-proxy anchor "ftpproxy" -pass in quick on $wanif inet proto tcp from port 20 to ($wanif) port > 49000 user proxy flags S/SA keep state "FTP PROXY: PASV mode data connection" +pass in quick on $wanif inet proto tcp from port 20 to ($wanif) port > 49000 user proxy flags S/SA keep state label "FTP PROXY: PASV mode data connection" # Fix sites that violate RFC 959 which specifies that the data connection # be sourced from the command port - 1 (typicaly port 20) # This workaround doesn't expose us to any extra risk as we'll still only allow -- cgit v1.1