From 30bd17f5508e5d668013f7e402c8d912a8493b62 Mon Sep 17 00:00:00 2001 From: Ermal Date: Wed, 10 Nov 2010 23:10:39 +0000 Subject: Make the antilockout rule match the webgui and ssh(if enabled) rather than any traffic destined to pfSense itself. --- etc/inc/filter.inc | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) (limited to 'etc') diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 71030d6..e23a104 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -5,7 +5,7 @@ Copyright (C) 2004-2006 Scott Ullrich Copyright (C) 2005 Bill Marquette Copyright (C) 2006 Peter Allgeyer - Copyright (C) 2008 Ermal Luci + Copyright (C) 2008-2010 Ermal Luci All rights reserved. originally part of m0n0wall (http://m0n0.ch/wall) @@ -2148,6 +2148,15 @@ pass out on \$IPsec all keep state label "IPsec internal host to host" EOD; if(!isset($config['system']['webgui']['noantilockout'])) { + $portarg = 80; + if (isset($config['system']['webgui']['port']) && $config['system']['webgui']['port'] <> "") + $portarg = "{$config['system']['webgui']['port']}"; + $sshport = ""; + if (isset($config['system']['enablesshd'])) { + $sshport = 22; + if($config['system']['ssh']['port'] <> "") + $sshport = $config['system']['ssh']['port']; + } if(count($config['interfaces']) > 1 && !empty($FilterIflist['lan']['if'])) { /* if antilockout is enabled, LAN exists and has * an IP and subnet mask assigned @@ -2156,7 +2165,7 @@ EOD; $ipfrules .= <<