aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorScott Ullrich <sullrich@pfsense.org>2005-02-23 02:49:31 +0000
committerScott Ullrich <sullrich@pfsense.org>2005-02-23 02:49:31 +0000
commitfec830db890e201caabc99507c2d1ba91d7603c9 (patch)
tree5a96d38b2e6e3b33e1a049542d3d4ba7809cffb5
parentf124332e9344165d9f1618ffb8e732e835710d65 (diff)
downloadpfsense-packages-fec830db890e201caabc99507c2d1ba91d7603c9.tar.gz
pfsense-packages-fec830db890e201caabc99507c2d1ba91d7603c9.tar.bz2
pfsense-packages-fec830db890e201caabc99507c2d1ba91d7603c9.zip
Add a pass out rule for each carp interface. Use updated add_rule_to_anchor by passing a label too.
-rw-r--r--packages/carp_rules.php3
1 files changed, 2 insertions, 1 deletions
diff --git a/packages/carp_rules.php b/packages/carp_rules.php
index d3ace240..33256bed 100644
--- a/packages/carp_rules.php
+++ b/packages/carp_rules.php
@@ -36,10 +36,11 @@ foreach($config['installedpackages']['carp']['config'] as $carp) {
$ip = $carp['ipaddress'];
$int = find_ip_interface($ip);
$carp_int = find_carp_interface($ip);
+ add_rule_to_anchor("firewallout", "pass out quick on {$carp_int} keep state", $carp_int)
if($int <> false && $int <> $wan_interface) {
$ipnet = convert_ip_to_network_format($ip, $carp['netmask']);
$rule = "nat on {$int} inet from {$ipnet} to any -> ({$carp_int}) \n";
- add_rule_to_anchor("natrules", $rule);
+ add_rule_to_anchor("natrules", $rule, $ip);
}
}