Make the group egress optional (dynamic) in the initial pf rule

This commit is contained in:
reykfloeter 2018-08-15 11:46:21 +02:00
parent 333f7ac6d7
commit 91eb82f902

View file

@ -619,7 +619,7 @@ agent_pf(struct system_config *sc, int open)
return (0); return (0);
if (open) if (open)
ret = shellout("pass out proto tcp from egress to port www\n", ret = shellout("pass out proto tcp from (egress) to port www\n",
NULL, "pfctl", "-f", "-", NULL); NULL, "pfctl", "-f", "-", NULL);
else else
ret = shellout("\n", NULL, "pfctl", "-f", "-", NULL); ret = shellout("\n", NULL, "pfctl", "-f", "-", NULL);