Revision 5015ec4c
Added by Jim Pingle about 12 years ago
| etc/inc/filter.inc | ||
|---|---|---|
| 2293 | 2293 |
} else {
|
| 2294 | 2294 |
$aline['flags'] = "flags S/SA "; |
| 2295 | 2295 |
} |
| 2296 |
|
|
| 2296 |
} |
|
| 2297 |
if (($rule['protocol'] == "tcp") && ($type == "pass")) {
|
|
| 2297 | 2298 |
/* |
| 2298 | 2299 |
* # keep state |
| 2299 | 2300 |
* works with TCP, UDP, and ICMP. |
| ... | ... | |
| 2369 | 2370 |
$aline['flags'] .= " ) "; |
| 2370 | 2371 |
} |
| 2371 | 2372 |
} |
| 2372 |
if($type == "reject" && $rule['protocol'] == "tcp") {
|
|
| 2373 |
if($type == "reject" && $rule['protocol'] == "tcp" && (strpos($aline['flags'], 'flags') === false)) {
|
|
| 2373 | 2374 |
/* special reject packet */ |
| 2374 | 2375 |
$aline['flags'] .= "flags S/SA "; |
| 2375 | 2376 |
} |
Also available in: Unified diff
Ensure that we only add a state type on pass, and that we only add flags to a TCP reject rule if they were not added previously. Fixes #3050