diff options
author | Renato Botelho <garga@FreeBSD.org> | 2013-11-12 10:45:29 -0200 |
---|---|---|
committer | Renato Botelho <garga@FreeBSD.org> | 2013-11-12 10:45:29 -0200 |
commit | c4421dfa4fa1eb6c52f7135378e639e66ec9b238 (patch) | |
tree | 3a41a9fd2e227be38f5931524f36d30f53fc5a40 /etc | |
parent | d60ba078198042aa11a1a9297be558627f5f1a3b (diff) | |
download | pfsense-c4421dfa4fa1eb6c52f7135378e639e66ec9b238.zip pfsense-c4421dfa4fa1eb6c52f7135378e639e66ec9b238.tar.gz |
Add an option to set no-sync on rules to keep states from being synced via pfsync. Fix #2501
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/filter.inc | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index cabc3d6..3bfda11 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -2409,6 +2409,9 @@ function filter_generate_user_rule($rule) { } else $aline['flags'] .= "keep state "; + if ($noadvoptions == false && isset($rule['nopfsync'])) + $rule['nopfsync'] = true; + if ($noadvoptions == false || $l7_present) if ((isset($rule['source-track']) and $rule['source-track'] <> "") or (isset($rule['max']) and $rule['max'] <> "") or @@ -2419,10 +2422,12 @@ function filter_generate_user_rule($rule) { (isset($rule['max-src-conn']) and $rule['max-src-conn'] <> "") or (isset($rule['max-src-conn-rate']) and $rule['max-src-conn-rate'] <> "") or (isset($rule['max-src-conn-rates']) and $rule['max-src-conn-rates'] <> ""))) or - isset($rule['sloppy']) or $l7_present) { + isset($rule['sloppy']) or isset($rule['nopfsync']) or $l7_present) { $aline['flags'] .= "( "; if (isset($rule['sloppy'])) $aline['flags'] .= "sloppy "; + if (isset($rule['nopfsync'])) + $aline['flags'] .= "no-sync "; if (isset($rule['source-track']) and $rule['source-track'] <> "") $aline['flags'] .= "source-track rule "; if (isset($rule['max']) and $rule['max'] <> "") |