diff options
author | Renato Botelho <garga@FreeBSD.org> | 2013-11-13 07:45:09 -0200 |
---|---|---|
committer | Renato Botelho <garga@FreeBSD.org> | 2013-11-13 07:45:09 -0200 |
commit | eef01b14df77186f9c1205e9e5cb83f80407d7fd (patch) | |
tree | b072fabb314ff6c7eac40f843afb4cec6745d024 /etc/inc/filter.inc | |
parent | d5ab3af4e23c7abdc89bb6d867cb0ed9495c5bea (diff) | |
download | pfsense-eef01b14df77186f9c1205e9e5cb83f80407d7fd.zip pfsense-eef01b14df77186f9c1205e9e5cb83f80407d7fd.tar.gz |
Add hybrid and disabled outbound NAT, fixes #2416:
- Add 2 new outbound NAT modes, hybrid and disabled, manual and advanced
keep working the same way
- Hybrid mode applies manual rules first, automatic after
- Disabled do no create any outbound NAT rules
- Remove ipsecpassthru config field and rename advancedoutbound to
outbound
- Save mode on $config['nat']['outbound']['mode'] to simplify the logic
- Modify config.default to reflect changes
- Add code to upgrade config, and change latest_version to 10.3
- Use html to align modes and remove some hacks to align using
Diffstat (limited to 'etc/inc/filter.inc')
-rw-r--r-- | etc/inc/filter.inc | 23 |
1 files changed, 14 insertions, 9 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 8c18857..94610a8 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1570,12 +1570,14 @@ function filter_nat_rules_generate() { } } - $natrules .= "\n# Outbound NAT rules\n"; - /* outbound rules - advanced or standard */ - if(isset($config['nat']['advancedoutbound']['enable'])) { + if ($config['nat']['outbound']['mode'] == "disabled") + $natrules .= "\n# Outbound NAT rules are disabled\n"; + + if ($config['nat']['outbound']['mode'] == "advanced" || $config['nat']['outbound']['mode'] == "hybrid") { + $natrules .= "\n# Outbound NAT rules (manual)\n"; /* advanced outbound rules */ - if(is_array($config['nat']['advancedoutbound']['rule'])) { - foreach ($config['nat']['advancedoutbound']['rule'] as $obent) { + if(is_array($config['nat']['outbound']['rule'])) { + foreach ($config['nat']['outbound']['rule'] as $obent) { if (isset($obent['disabled'])) continue; update_filter_reload_status(sprintf(gettext("Creating advanced outbound rule %s"), $obent['descr'])); @@ -1608,7 +1610,11 @@ function filter_nat_rules_generate() { ); } } - } else { + } + + /* outbound rules */ + if ($config['nat']['outbound']['mode'] == "automatic" || $config['nat']['outbound']['mode'] == "hybrid") { + $natrules .= "\n# Outbound NAT rules (automatic)\n"; /* standard outbound rules (one for each interface) */ update_filter_reload_status(gettext("Creating outbound NAT rules")); $tonathosts = ""; @@ -1699,7 +1705,7 @@ function filter_nat_rules_generate() { $natrules .= "tonatsubnets = \"{ {$tonathosts} }\"\n"; $macroortable = "\$tonatsubnets"; } - if($numberofnathosts > 0): + if($numberofnathosts > 0) { foreach ($FilterIflist as $if => $ifcfg) { if (substr($ifcfg['if'], 0, 4) == "ovpn") continue; @@ -1711,10 +1717,9 @@ function filter_nat_rules_generate() { "{$macroortable}", 500, "", 500, $target, 500, false); $natrules .= filter_nat_rules_generate_if($if, "{$macroortable}", null, "", null, $target, null, isset($ifcfg['nonat'])); - $natrules .= "\n"; } } - endif; + } } /* load balancer anchor */ |