summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorScott Ullrich <sullrich@pfsense.org>2005-03-15 19:18:13 +0000
committerScott Ullrich <sullrich@pfsense.org>2005-03-15 19:18:13 +0000
commitf38dea081471248addbd737f1cabd7975594fd9e (patch)
treee930f607b877ee34278cc8297b6992637d0d17fd
parentade51705571c70b5c066dbe7751c179bc81c4c49 (diff)
downloadpfsense-f38dea081471248addbd737f1cabd7975594fd9e.zip
pfsense-f38dea081471248addbd737f1cabd7975594fd9e.tar.gz
Add reply-to (aka return gateway) rule support for multiple WAN support.
And the crowd goes nuts!
-rw-r--r--etc/inc/filter.inc4
-rwxr-xr-xusr/local/www/firewall_rules_edit.php14
2 files changed, 18 insertions, 0 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index db1e47d..451389f 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -1353,6 +1353,10 @@ EOD;
$line .= "on \$" . $interface . " ";
}
+ if($rule['returngateway'] <> "") {
+ $line .= "reply-to (" . $rule['returngateway'] . ") ";
+ }
+
if (isset($rule['protocol'])) {
if($rule['protocol'] == "tcp/udp")
$line .= "proto { tcp udp } ";
diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php
index e267fb2..10e47c1 100755
--- a/usr/local/www/firewall_rules_edit.php
+++ b/usr/local/www/firewall_rules_edit.php
@@ -148,6 +148,8 @@ if (isset($id) && $a_filter[$id]) {
$pconfig['dstmask'], $pconfig['dstnot'],
$pconfig['dstbeginport'], $pconfig['dstendport']);
+ $pconfig['returngateway'] = $a_filter[$id]['returngateway'];
+
$pconfig['disabled'] = isset($a_filter[$id]['disabled']);
$pconfig['log'] = isset($a_filter[$id]['log']);
$pconfig['frags'] = isset($a_filter[$id]['frags']);
@@ -268,6 +270,9 @@ if ($_POST) {
$input_errors[] = "The end destination port must be an alias or integer between 1 and 65535.";
}
+ if (($_POST['returngateway'] && !is_ipaddroranyalias($_POST['returngateway'])))
+ $input_errors[] = "A valid return gateway IP address or alias must be specified.";
+
if (!is_specialnet($_POST['srctype'])) {
if (($_POST['src'] && !is_ipaddroranyalias($_POST['src']))) {
$input_errors[] = "A valid source IP address or alias must be specified.";
@@ -825,6 +830,15 @@ Hint: the difference between block and reject is that with reject, a packet (TCP
</td>
</tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell">Return gateway</td>
+ <td width="78%" class="vtable">
+ <input name="returngateway" value="<?php echo $pconfig['returngateway'] ?>">
+ <p><strong>Leave blank for default. Enter the next-hop gateway for the return path.
+ </strong>
+ </td>
+ </tr>
+
<tr>
<td width="22%" valign="top">&nbsp;</td>
<td width="78%">
OpenPOWER on IntegriCloud