diff options
| author | smos <seth.mos@dds.nl> | 2011-12-20 20:55:54 +0100 |
|---|---|---|
| committer | smos <seth.mos@dds.nl> | 2011-12-20 21:02:06 +0100 |
| commit | 9ae39b01fb7dfd9c27091e3fae7e034e9e115519 (patch) | |
| tree | 33ca22e7c9dcb869c4009f49774a5df77a5fffa5 /usr/local/www/system_advanced_firewall.php | |
| parent | a56a7ee9d41af90605612f31f476fc25c83eb0b2 (diff) | |
| download | pfsense-9ae39b01fb7dfd9c27091e3fae7e034e9e115519.zip pfsense-9ae39b01fb7dfd9c27091e3fae7e034e9e115519.tar.gz | |
Add a checkbox that disabled automatically generates negate rules for directly connected networks and VPNs
Ticket #2057 in redmine
Diffstat (limited to 'usr/local/www/system_advanced_firewall.php')
| -rw-r--r-- | usr/local/www/system_advanced_firewall.php | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/usr/local/www/system_advanced_firewall.php b/usr/local/www/system_advanced_firewall.php index 2b3f5dd..6983422 100644 --- a/usr/local/www/system_advanced_firewall.php +++ b/usr/local/www/system_advanced_firewall.php @@ -57,6 +57,7 @@ $pconfig['optimization'] = $config['filter']['optimization']; $pconfig['maximumstates'] = $config['system']['maximumstates']; $pconfig['maximumtableentries'] = $config['system']['maximumtableentries']; $pconfig['disablereplyto'] = isset($config['system']['disablereplyto']); +$pconfig['disablenegate'] = isset($config['system']['disablenegate']); $pconfig['disablenatreflection'] = $config['system']['disablenatreflection']; if (!isset($config['system']['enablebinatreflection'])) $pconfig['disablebinatreflection'] = "yes"; @@ -135,6 +136,11 @@ if ($_POST) { else unset($config['system']['disablereplyto']); + if($_POST['disablenegate'] == "yes") + $config['system']['disablenegate'] = $_POST['disablenegate']; + else + unset($config['system']['disablenegate']); + if($_POST['enablenatreflectionhelper'] == "yes") $config['system']['enablenatreflectionhelper'] = "yes"; else @@ -357,6 +363,16 @@ function update_description(itemnum) { </td> </tr> <tr> + <td width="22%" valign="top" class="vncell">Disable Negate rules</td> + <td width="78%" class="vtable"> + <input name="disablenegate" type="checkbox" id="disablenegate" value="yes" <?php if ($pconfig['disablenegate']) echo "checked"; ?> /> + <strong><?=gettext("Disable Negate rule on policy routing rules");?></strong> + <br /> + <?=gettext("With Multi-WAN you generally want to ensure traffic reaches directly connected networks and VPN networks when using policy routing. You can disable this for special purposes but it requires manually creating rules for these networks");?> + <br /> + </td> + </tr> + <tr> <td colspan="2" class="list" height="12"> </td> </tr> <?php if(count($config['interfaces']) > 1): ?> |
