diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2005-03-15 19:18:13 +0000 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2005-03-15 19:18:13 +0000 |
commit | f38dea081471248addbd737f1cabd7975594fd9e (patch) | |
tree | e930f607b877ee34278cc8297b6992637d0d17fd | |
parent | ade51705571c70b5c066dbe7751c179bc81c4c49 (diff) | |
download | pfsense-f38dea081471248addbd737f1cabd7975594fd9e.zip pfsense-f38dea081471248addbd737f1cabd7975594fd9e.tar.gz |
Add reply-to (aka return gateway) rule support for multiple WAN support.
And the crowd goes nuts!
-rw-r--r-- | etc/inc/filter.inc | 4 | ||||
-rwxr-xr-x | usr/local/www/firewall_rules_edit.php | 14 |
2 files changed, 18 insertions, 0 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index db1e47d..451389f 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1353,6 +1353,10 @@ EOD; $line .= "on \$" . $interface . " "; } + if($rule['returngateway'] <> "") { + $line .= "reply-to (" . $rule['returngateway'] . ") "; + } + if (isset($rule['protocol'])) { if($rule['protocol'] == "tcp/udp") $line .= "proto { tcp udp } "; diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php index e267fb2..10e47c1 100755 --- a/usr/local/www/firewall_rules_edit.php +++ b/usr/local/www/firewall_rules_edit.php @@ -148,6 +148,8 @@ if (isset($id) && $a_filter[$id]) { $pconfig['dstmask'], $pconfig['dstnot'], $pconfig['dstbeginport'], $pconfig['dstendport']); + $pconfig['returngateway'] = $a_filter[$id]['returngateway']; + $pconfig['disabled'] = isset($a_filter[$id]['disabled']); $pconfig['log'] = isset($a_filter[$id]['log']); $pconfig['frags'] = isset($a_filter[$id]['frags']); @@ -268,6 +270,9 @@ if ($_POST) { $input_errors[] = "The end destination port must be an alias or integer between 1 and 65535."; } + if (($_POST['returngateway'] && !is_ipaddroranyalias($_POST['returngateway']))) + $input_errors[] = "A valid return gateway IP address or alias must be specified."; + if (!is_specialnet($_POST['srctype'])) { if (($_POST['src'] && !is_ipaddroranyalias($_POST['src']))) { $input_errors[] = "A valid source IP address or alias must be specified."; @@ -825,6 +830,15 @@ Hint: the difference between block and reject is that with reject, a packet (TCP </td> </tr> + <tr> + <td width="22%" valign="top" class="vncell">Return gateway</td> + <td width="78%" class="vtable"> + <input name="returngateway" value="<?php echo $pconfig['returngateway'] ?>"> + <p><strong>Leave blank for default. Enter the next-hop gateway for the return path. + </strong> + </td> + </tr> + <tr> <td width="22%" valign="top"> </td> <td width="78%"> |