summaryrefslogtreecommitdiffstats
path: root/usr/local/www/firewall_rules_edit.php
diff options
context:
space:
mode:
authorRenato Botelho <garga@FreeBSD.org>2013-11-12 10:45:29 -0200
committerRenato Botelho <garga@FreeBSD.org>2013-11-12 10:45:29 -0200
commitc4421dfa4fa1eb6c52f7135378e639e66ec9b238 (patch)
tree3a41a9fd2e227be38f5931524f36d30f53fc5a40 /usr/local/www/firewall_rules_edit.php
parentd60ba078198042aa11a1a9297be558627f5f1a3b (diff)
downloadpfsense-c4421dfa4fa1eb6c52f7135378e639e66ec9b238.zip
pfsense-c4421dfa4fa1eb6c52f7135378e639e66ec9b238.tar.gz
Add an option to set no-sync on rules to keep states from being synced via pfsync. Fix #2501
Diffstat (limited to 'usr/local/www/firewall_rules_edit.php')
-rwxr-xr-xusr/local/www/firewall_rules_edit.php19
1 files changed, 16 insertions, 3 deletions
diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php
index cbdc3af..99d6172 100755
--- a/usr/local/www/firewall_rules_edit.php
+++ b/usr/local/www/firewall_rules_edit.php
@@ -157,6 +157,7 @@ if (isset($id) && $a_filter[$id]) {
$pconfig['max-src-states'] = $a_filter[$id]['max-src-states'];
$pconfig['statetype'] = $a_filter[$id]['statetype'];
$pconfig['statetimeout'] = $a_filter[$id]['statetimeout'];
+ $pconfig['nopfsync'] = isset($a_filter[$id]['nopfsync']);
/* advanced - nosync */
$pconfig['nosync'] = isset($a_filter[$id]['nosync']);
@@ -585,6 +586,10 @@ if ($_POST) {
$filterent['statetimeout'] = $_POST['statetimeout'];
$filterent['statetype'] = $_POST['statetype'];
$filterent['os'] = $_POST['os'];
+ if($_POST['nopfsync'] <> "")
+ $filterent['nopfsync'] = true;
+ else
+ unset($filterent['nopfsync']);
/* Nosync directive - do not xmlrpc sync this item */
if($_POST['nosync'] <> "")
@@ -1310,16 +1315,24 @@ $i--): ?>
<tr>
<td width="22%" valign="top" class="vncell"><?=gettext("State Type");?></td>
<td width="78%" class="vtable">
- <div id="showadvstatebox" <?php if (!empty($pconfig['statetype']) && $pconfig['statetype'] != "keep state") echo "style='display:none'"; ?>>
+ <div id="showadvstatebox" <?php if (!empty($pconfig['nopfsync']) || (!empty($pconfig['statetype']) && $pconfig['statetype'] != "keep state")) echo "style='display:none'"; ?>>
<input type="button" onclick="show_advanced_state()" value="<?=gettext("Advanced"); ?>" /> - <?=gettext("Show advanced option");?>
</div>
- <div id="showstateadv" <?php if (empty($pconfig['statetype']) || $pconfig['statetype'] == "keep state") echo "style='display:none'"; ?>>
+ <div id="showstateadv" <?php if (empty($pconfig['nopfsync']) && (empty($pconfig['statetype']) || $pconfig['statetype'] == "keep state")) echo "style='display:none'"; ?>>
+ <input name="nopfsync" type="checkbox" id="nopfsync" value="yes" <?php if ($pconfig['nopfsync']) echo "checked=\"checked\""; ?> />
+ <span class="vexpl">
+ NO pfsync<br/>
+ <?=gettext("Hint: This prevents states created by this rule to be sync'ed over pfsync.");?><br/>
+ </span><br/>
<select name="statetype">
<option value="keep state" <?php if(!isset($pconfig['statetype']) or $pconfig['statetype'] == "keep state") echo "selected=\"selected\""; ?>><?=gettext("keep state");?></option>
<option value="sloppy state" <?php if($pconfig['statetype'] == "sloppy state") echo "selected=\"selected\""; ?>><?=gettext("sloppy state");?></option>
<option value="synproxy state"<?php if($pconfig['statetype'] == "synproxy state") echo "selected=\"selected\""; ?>><?=gettext("synproxy state");?></option>
<option value="none"<?php if($pconfig['statetype'] == "none") echo "selected=\"selected\""; ?>><?=gettext("none");?></option>
- </select><br/><?=gettext("Hint: Select which type of state tracking mechanism you would like to use. If in doubt, use keep state.");?>
+ </select><br/>
+ <span class="vexpl">
+ <?=gettext("Hint: Select which type of state tracking mechanism you would like to use. If in doubt, use keep state.");?>
+ </span>
<table width="90%">
<tr><td width="25%"><ul><li><?=gettext("keep state");?></li></ul></td><td><?=gettext("Works with all IP protocols.");?></td></tr>
<tr><td width="25%"><ul><li><?=gettext("sloppy state");?></li></ul></td><td><?=gettext("Works with all IP protocols.");?></td></tr>
OpenPOWER on IntegriCloud