vuurmuur: Fix accept rule for outgoing verserver connections.

Since vuurmuur doesn't have native support for "internal" networks, we
can't limit this rule to just vservers.

diff --git a/etc/vuurmuur/rules/rules.conf b/etc/vuurmuur/rules/rules.conf
index b7085fe6b03e1b2373454d605ff988d46eb857f8..1532bbe9fd619caa95d73476c7e32d1a8d7e3b14 100644 (file)
--- a/etc/vuurmuur/rules/rules.conf
+++ b/etc/vuurmuur/rules/rules.conf
@@ -1,6 +1,6 @@
 RULE="Accept service ping from any to any options comment=\"ping\""
 RULE="Accept service any from firewall to world.inet options comment=\"Outgoing host traffic\""
-RULE="Accept service any from vservers.internal to world.inet options comment=\"Outgoing vserver traffic\""
+RULE="Accept service any from any to world.inet options comment=\"Outgoing vserver traffic (but from any due to vuurmuur limits)\""
 RULE="Snat service any from vservers.internal to world.inet options comment=\"snat for vservers\""
 RULE="separator"
 RULE="Accept service any from zeratul.direct to firewall options comment=\"direct traffic from zeratul\""