summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChris Buechler <cmb@pfsense.org>2011-12-20 16:36:49 -0500
committerChris Buechler <cmb@pfsense.org>2011-12-20 16:36:49 -0500
commit184a6cebbd1a27b55b61f1be4474df39470fb760 (patch)
treef7bf70fb093a72f622346582f520c4b7eaac3569
parentdd72c4183812777245ac44491988413ceaed22e0 (diff)
downloadpfsense-184a6cebbd1a27b55b61f1be4474df39470fb760.zip
pfsense-184a6cebbd1a27b55b61f1be4474df39470fb760.tar.gz
until 2.0.1 is tagged, Revert "Add a checkbox that disabled automatically generates negate rules for directly connected networks and VPNs"RELENG_2_0_1
This reverts commit 9ae39b01fb7dfd9c27091e3fae7e034e9e115519.
-rw-r--r--etc/inc/filter.inc2
-rw-r--r--usr/local/www/system_advanced_firewall.php16
2 files changed, 1 insertions, 17 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index 967991b..bcd9f4b 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -2045,7 +2045,7 @@ function filter_generate_user_rule($rule) {
$line = "";
/* exception(s) to a user rules can go here. */
/* rules with a gateway or pool should create another rule for routing to vpns */
- if((($aline['route'] <> "") && (trim($aline['type']) == "pass") && strstr($dst, "any")) && (!isset($config['system']['disablenegate']))) {
+ if(($aline['route'] <> "") && (trim($aline['type']) == "pass") && strstr($dst, "any")) {
/* negate VPN/PPTP/PPPoE/Static Route networks for load balancer/gateway rules */
$negate_networks = " to <negate_networks> ";
$line .= $aline['type'] . $aline['direction'] . $aline['log'] . $aline['quick'] .
diff --git a/usr/local/www/system_advanced_firewall.php b/usr/local/www/system_advanced_firewall.php
index 6983422..2b3f5dd 100644
--- a/usr/local/www/system_advanced_firewall.php
+++ b/usr/local/www/system_advanced_firewall.php
@@ -57,7 +57,6 @@ $pconfig['optimization'] = $config['filter']['optimization'];
$pconfig['maximumstates'] = $config['system']['maximumstates'];
$pconfig['maximumtableentries'] = $config['system']['maximumtableentries'];
$pconfig['disablereplyto'] = isset($config['system']['disablereplyto']);
-$pconfig['disablenegate'] = isset($config['system']['disablenegate']);
$pconfig['disablenatreflection'] = $config['system']['disablenatreflection'];
if (!isset($config['system']['enablebinatreflection']))
$pconfig['disablebinatreflection'] = "yes";
@@ -136,11 +135,6 @@ if ($_POST) {
else
unset($config['system']['disablereplyto']);
- if($_POST['disablenegate'] == "yes")
- $config['system']['disablenegate'] = $_POST['disablenegate'];
- else
- unset($config['system']['disablenegate']);
-
if($_POST['enablenatreflectionhelper'] == "yes")
$config['system']['enablenatreflectionhelper'] = "yes";
else
@@ -363,16 +357,6 @@ function update_description(itemnum) {
</td>
</tr>
<tr>
- <td width="22%" valign="top" class="vncell">Disable Negate rules</td>
- <td width="78%" class="vtable">
- <input name="disablenegate" type="checkbox" id="disablenegate" value="yes" <?php if ($pconfig['disablenegate']) echo "checked"; ?> />
- <strong><?=gettext("Disable Negate rule on policy routing rules");?></strong>
- <br />
- <?=gettext("With Multi-WAN you generally want to ensure traffic reaches directly connected networks and VPN networks when using policy routing. You can disable this for special purposes but it requires manually creating rules for these networks");?>
- <br />
- </td>
- </tr>
- <tr>
<td colspan="2" class="list" height="12">&nbsp;</td>
</tr>
<?php if(count($config['interfaces']) > 1): ?>
OpenPOWER on IntegriCloud