From 36fcb5d4828a908c61003500fe8d92bedfffec08 Mon Sep 17 00:00:00 2001 From: Bill Marquette Date: Fri, 4 Mar 2005 16:51:49 +0000 Subject: move ssh lockout outside of the foreach user rule loop so we only have one instance of the rule --- etc/inc/filter.inc | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'etc') diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index b8d0fdc..986d9fb 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1571,11 +1571,13 @@ EOD; $ipfrules .= $line; } - $ipfrules .= "block in log quick proto tcp from to any port 22 label \"sshlockout\"\n\n"; $i++; } + $ipfrules .= "\n# SSH lockout\n" + $ipfrules .= "block in log quick proto tcp from to any port 22 label \"sshlockout\"\n\n"; + $ipfrules .= "\n# VPN Rules\n"; $lan_ip = $config['interfaces']['lan']['ipaddr']; $lan_subnet = $config['interfaces']['lan']['subnet']; -- cgit v1.1