diff options
author | Ermal Luçi <eri@pfsense.org> | 2009-12-25 13:59:08 +0000 |
---|---|---|
committer | Ermal Luçi <eri@pfsense.org> | 2009-12-25 13:59:08 +0000 |
commit | 1d2f84a198e02e39e369813e363f97c4cec51411 (patch) | |
tree | f680b4e129a99813c2b09ff10686c89cd19365d8 | |
parent | a84d971d06b0d25b02d75bde96916baffe29ec59 (diff) | |
download | pfsense-packages-1d2f84a198e02e39e369813e363f97c4cec51411.tar.gz pfsense-packages-1d2f84a198e02e39e369813e363f97c4cec51411.tar.bz2 pfsense-packages-1d2f84a198e02e39e369813e363f97c4cec51411.zip |
Add allow-opts directive to better suit igmpproxy.
-rw-r--r-- | config/igmpproxy/filter.tmp | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/config/igmpproxy/filter.tmp b/config/igmpproxy/filter.tmp index 631a1bb4..027fa204 100644 --- a/config/igmpproxy/filter.tmp +++ b/config/igmpproxy/filter.tmp @@ -2590,7 +2590,7 @@ if (!isset($config['shaper']['enable']) && !is_array($config['shaper']['queue']) # let out anything from the firewall host itself and decrypted IPsec traffic pass out quick on \$lan proto icmp keep state label "let out anything from firewall host itself" pass out quick on \$wan proto icmp keep state label "let out anything from firewall host itself" -pass out quick on $wanif all keep state label "let out anything from firewall host itself" +pass out quick on $wanif all allow-opts keep state label "let out anything from firewall host itself" EOD; @@ -2605,7 +2605,7 @@ EOD; # let out anything from the firewall host itself and decrypted IPsec traffic pass out quick on {$oc['if']} proto icmp keep state label "let out anything from firewall host itself" -pass out quick on {$oc['if']} all keep state label "let out anything from firewall host itself" +pass out quick on {$oc['if']} all allow-opts keep state label "let out anything from firewall host itself" EOD; @@ -2989,7 +2989,7 @@ function create_firewall_outgoing_rules_to_itself() { } else { $q = "queue ({$queue['name']}, {$ackq})"; } - $rule .="pass out quick on {$int} all keep state tagged {$queue['name']} {$q} label \"let out anything from firewall host itself\"\n"; + $rule .="pass out quick on {$int} all allow-opts keep state tagged {$queue['name']} {$q} label \"let out anything from firewall host itself\"\n"; } /* Handle untagged packets */ if ($ackq == "" || $defq == "") { @@ -2998,10 +2998,10 @@ function create_firewall_outgoing_rules_to_itself() { } else { $q = "queue ({$defq}, {$ackq})"; } - $rule .="pass out quick on {$int} all keep state {$q} label \"let out anything from firewall host itself\"\n"; + $rule .="pass out quick on {$int} all keep state {$q} allow-opts label \"let out anything from firewall host itself\"\n"; } else { /* first add a rule for the real interface, then for ng0 */ - $rule .="pass out quick on {$int} all keep state label \"let out anything from firewall host itself\"\n"; + $rule .="pass out quick on {$int} all allow-opts keep state label \"let out anything from firewall host itself\"\n"; } } @@ -3009,16 +3009,16 @@ function create_firewall_outgoing_rules_to_itself() { /* is bridging turned on? */ for($x=0; $x<10; $x++) { if(does_interface_exist("bridge{$x}") == true) - $rule .="pass out quick on bridge{$x} all keep state label \"let out anything from firewall host itself\"\n"; + $rule .="pass out quick on bridge{$x} all allow-opts keep state label \"let out anything from firewall host itself\"\n"; } update_filter_reload_status("Setting up pptp items"); if($config['pptpd']['mode'] == "server") - $rule .="pass out quick on \$pptp all keep state label \"let out anything from firewall host itself pptp\"\n"; + $rule .="pass out quick on \$pptp all allow-opts keep state label \"let out anything from firewall host itself pptp\"\n"; update_filter_reload_status("Setting up pppoe items"); if($config['pppoe']['mode'] == "server") - $rule .="pass out quick on \$pppoe all keep state label \"let out anything from firewall host itself pppoe\"\n"; + $rule .="pass out quick on \$pppoe all allow-opts keep state label \"let out anything from firewall host itself pppoe\"\n"; update_filter_reload_status("Setting up gif tunnels"); /* setup outgoing gif tunnels */ @@ -3026,7 +3026,7 @@ function create_firewall_outgoing_rules_to_itself() { $number_of_gifs++; for($x=0; $x<$number_of_gifs; $x++) { if(does_interface_exist("gif{$x}") == true) - $rule .="pass out quick on gif{$x} all keep state label \"let out anything from firewall host itself ipsec gif\"\n"; + $rule .="pass out quick on gif{$x} all allow-opts keep state label \"let out anything from firewall host itself ipsec gif\"\n"; } update_filter_reload_status("Setting up tun interfaces (openvpn)"); |