diff options
| author | Scott Ullrich <sullrich@pfsense.org> | 2006-03-23 23:25:41 +0000 |
|---|---|---|
| committer | Scott Ullrich <sullrich@pfsense.org> | 2006-03-23 23:25:41 +0000 |
| commit | 8f498445161ab9be7495bf62c50c866a1f3ca59f (patch) | |
| tree | 746d1ff52a9447a32479c816363c04ccc6f9c346 /etc | |
| parent | 8899dcf1a6afa770a0698d3699bf1f3a6603378d (diff) | |
| download | pfsense-8f498445161ab9be7495bf62c50c866a1f3ca59f.zip pfsense-8f498445161ab9be7495bf62c50c866a1f3ca59f.tar.gz | |
Add ability to turn off packet scrubbing.
Ticket #882
Submitted-by: sdier@cs.umn.edu
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/inc/filter.inc | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index a0d2fbc..b68c46d 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -122,6 +122,13 @@ function filter_configure_sync() { else $mssclamp = ""; + /* configure no-df for linux nfs and others */ + + if ($config['system']['scrubnodf']) + $scrubnodf = "no-df random-id"; + else + $scrubnodf = ""; + $fd = fopen("{$g['tmp_path']}/rules.debug", "w"); $rules = $aliases . " \n"; @@ -137,12 +144,12 @@ function filter_configure_sync() { $rules.= "set limit states {$config['system']['maximumstates']}\n"; } $rules.= "\n"; - $rules.= "scrub on {$wanif} all {$mssclamp}\n"; // reassemble all directions + $rules.= "scrub on {$wanif} all {$scrubnodf} {$mssclamp}\n"; // reassemble all directions /* loop through optional interfaces. if a gateway is set, lets scrub em down! */ for ($j = 1; isset($config['interfaces']['opt' . $j]); $j++) { if($config['interfaces']["opt" . $j]['gateway'] <> "") { $if = convert_friendly_interface_to_real_interface_name("opt{$j}"); - $rules.= "scrub on {$if} all {$mssclamp}\n"; // reassemble all directions + $rules.= "scrub on {$if} all {$scrubnodf} {$mssclamp}\n"; // reassemble all directions } } |
