diff options
author | Renato Botelho <garga@FreeBSD.org> | 2013-11-13 07:45:09 -0200 |
---|---|---|
committer | Renato Botelho <garga@FreeBSD.org> | 2013-11-13 07:45:09 -0200 |
commit | eef01b14df77186f9c1205e9e5cb83f80407d7fd (patch) | |
tree | b072fabb314ff6c7eac40f843afb4cec6745d024 /conf.default | |
parent | d5ab3af4e23c7abdc89bb6d867cb0ed9495c5bea (diff) | |
download | pfsense-eef01b14df77186f9c1205e9e5cb83f80407d7fd.zip pfsense-eef01b14df77186f9c1205e9e5cb83f80407d7fd.tar.gz |
Add hybrid and disabled outbound NAT, fixes #2416:
- Add 2 new outbound NAT modes, hybrid and disabled, manual and advanced
keep working the same way
- Hybrid mode applies manual rules first, automatic after
- Disabled do no create any outbound NAT rules
- Remove ipsecpassthru config field and rename advancedoutbound to
outbound
- Save mode on $config['nat']['outbound']['mode'] to simplify the logic
- Modify config.default to reflect changes
- Add code to upgrade config, and change latest_version to 10.3
- Use html to align modes and remove some hacks to align using
Diffstat (limited to 'conf.default')
-rw-r--r-- | conf.default/config.xml | 41 |
1 files changed, 19 insertions, 22 deletions
diff --git a/conf.default/config.xml b/conf.default/config.xml index 6585795..b6c30db 100644 --- a/conf.default/config.xml +++ b/conf.default/config.xml @@ -401,9 +401,25 @@ </captiveportal> --> <nat> - <ipsecpassthru> - <enable/> - </ipsecpassthru> + <outbound> + <mode>automatic</mode> + <!-- + <rule> + <interface></interface> + <source> + <network>xxx.xxx.xxx.xxx/xx</network> + </source> + <destination> + <not/> + <any/> + *or* + <network>xxx.xxx.xxx.xxx/xx</network> + </destination> + <target>xxx.xxx.xxx.xxx</target> + <descr></descr> + </rule> + --> + </outbound> <!-- <rule> <interface></interface> @@ -425,25 +441,6 @@ </onetoone> --> <!-- - <advancedoutbound> - <enable/> - <rule> - <interface></interface> - <source> - <network>xxx.xxx.xxx.xxx/xx</network> - </source> - <destination> - <not/> - <any/> - *or* - <network>xxx.xxx.xxx.xxx/xx</network> - </destination> - <target>xxx.xxx.xxx.xxx</target> - <descr></descr> - </rule> - </advancedoutbound> - --> - <!-- <servernat> <ipaddr></ipaddr> <descr></descr> |