diff options
author | Erik Fonnesbeck <efonnes@gmail.com> | 2010-05-08 16:40:05 -0600 |
---|---|---|
committer | Erik Fonnesbeck <efonnes@gmail.com> | 2010-05-08 16:40:05 -0600 |
commit | bff9401511deaba751773a57fa938519c881361b (patch) | |
tree | a5d7c9450424f6d3fe013975e02b9aa6dbbc3c3f /usr/local/www/system_advanced_firewall.php | |
parent | e31f58fc03ccaae6b602e183f38e7beb87481235 (diff) | |
download | pfsense-bff9401511deaba751773a57fa938519c881361b.zip pfsense-bff9401511deaba751773a57fa938519c881361b.tar.gz |
Revert changes to reflection for port forwards until finished and approved.
Diffstat (limited to 'usr/local/www/system_advanced_firewall.php')
-rw-r--r-- | usr/local/www/system_advanced_firewall.php | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/usr/local/www/system_advanced_firewall.php b/usr/local/www/system_advanced_firewall.php index 497205d..5fdae68 100644 --- a/usr/local/www/system_advanced_firewall.php +++ b/usr/local/www/system_advanced_firewall.php @@ -60,6 +60,7 @@ if (!isset($config['system']['enablebinatreflection'])) $pconfig['disablebinatreflection'] = "yes"; else $pconfig['disablebinatreflection'] = ""; +$pconfig['reflectiontimeout'] = $config['system']['reflectiontimeout']; $pconfig['bypassstaticroutes'] = isset($config['filter']['bypassstaticroutes']); $pconfig['disablescrub'] = isset($config['system']['disablescrub']); $pconfig['tftpinterface'] = $config['system']['tftpinterface']; @@ -76,6 +77,9 @@ if ($_POST) { if ($_POST['tcpidletimeout'] && !is_numericint($_POST['tcpidletimeout'])) { $input_errors[] = gettext("The TCP idle timeout must be an integer."); } + if ($_POST['reflectiontimeout'] && !is_numericint($_POST['reflectiontimeout'])) { + $input_errors[] = gettext("The Reflection timeout must be an integer."); + } ob_flush(); flush(); @@ -115,6 +119,8 @@ if ($_POST) { else $config['system']['enablebinatreflection'] = "yes"; + $config['system']['reflectiontimeout'] = $_POST['reflectiontimeout']; + if($_POST['bypassstaticroutes'] == "yes") $config['filter']['bypassstaticroutes'] = $_POST['bypassstaticroutes']; else @@ -304,14 +310,21 @@ function update_description(itemnum) { <td width="22%" valign="top" class="vncell"><?=gettext("Disable NAT Reflection for port forwards");?></td> <td width="78%" class="vtable"> <input name="disablenatreflection" type="checkbox" id="disablenatreflection" value="yes" <?php if (isset($config['system']['disablenatreflection'])) echo "checked"; ?> /> - <strong><?=gettext("Disables the automatic creation of additional NAT redirect rules for access to port forwards on your external IP addresses from within your internal networks. Note: Reflection might not fully work in complex routing scenarios.");?></strong> + <strong><?=gettext("Disables the automatic creation of additional NAT redirect rules for access to port forwards on your external IP addresses from within your internal networks. Note: Reflection for port forward entries is skipped for ranges larger than 500 ports.");?></strong> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Reflection Timeout");?></td> + <td width="78%" class="vtable"> + <input name="reflectiontimeout" id="reflectiontimeout" value="<?php echo $config['system']['reflectiontimeout']; ?>" /><br/> + <strong><?=gettext("Enter value for Reflection timeout in seconds.");?></strong> </td> </tr> <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Disable NAT Reflection for 1:1 NAT");?></td> <td width="78%" class="vtable"> <input name="disablebinatreflection" type="checkbox" id="disablebinatreflection" value="yes" <?php if (!isset($config['system']['enablebinatreflection'])) echo "checked"; ?> /> - <strong><?=gettext("Disables the automatic creation of additional NAT 1:1 mappings for access to 1:1 mappings of your external IP addresses from within your internal networks. Note: Reflection might not fully work in complex routing scenarios.");?></strong> + <strong><?=gettext("Disables the automatic creation of additional NAT 1:1 mappings for access to 1:1 mappings of your external IP addresses from within your internal networks. Note: Reflection for 1:1 NAT might not fully work in certain complex routing scenarios.");?></strong> </td> </tr> <tr> |