From 74a03187903410d887e243cf210fbecb1d2d3a0d Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Fri, 11 Mar 2005 18:02:05 +0000 Subject: keep state on pfsync interface and carp traffic --- packages/carp_rules.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'packages') diff --git a/packages/carp_rules.php b/packages/carp_rules.php index 67bb4ba9..00cde66d 100644 --- a/packages/carp_rules.php +++ b/packages/carp_rules.php @@ -46,11 +46,11 @@ foreach($config['installedpackages']['carp']['config'] as $carp) { add_rule_to_anchor("natrules", $rule, $ip); } } -add_rule_to_anchor("carp", "pass quick on pfsync0", "pfsync0" . "3"); +add_rule_to_anchor("carp", "pass quick on pfsync0 keep state", "pfsync0" . "3"); foreach($config['installedpackages']['carpsettings']['config'] as $carp) $carp_sync_int = convert_friendly_interface_to_real_interface_name($carp['pfsyncinterface']); if($carp_sync_int <> "") { - add_rule_to_anchor("carp", "pass quick on {$carp_sync_int}", $carp_sync_int . "3"); + add_rule_to_anchor("carp", "pass quick on {$carp_sync_int} keep state", $carp_sync_int . "3"); add_rule_to_anchor("carp", "pass quick on {$carp_sync_int} proto carp from {$carp_sync_int}:network to 224.0.0.18 keep state \(no-sync\)", $carp_sync_int . "2"); } -- cgit v1.2.3