Revert changes to reflection for port forwards until finished and approved.

1 files changed, 15 insertions, 2 deletions

diff --git a/usr/local/www/system_advanced_firewall.php b/usr/local/www/system_advanced_firewall.php
index 497205d..5fdae68 100644
--- a/usr/local/www/system_advanced_firewall.php
+++ b/usr/local/www/system_advanced_firewall.php
@@ -60,6 +60,7 @@ if (!isset($config['system']['enablebinatreflection']))
 	$pconfig['disablebinatreflection'] = "yes";
 else
 	$pconfig['disablebinatreflection'] = "";
+$pconfig['reflectiontimeout'] = $config['system']['reflectiontimeout'];
 $pconfig['bypassstaticroutes'] = isset($config['filter']['bypassstaticroutes']);
 $pconfig['disablescrub'] = isset($config['system']['disablescrub']);
 $pconfig['tftpinterface'] = $config['system']['tftpinterface']; 
@@ -76,6 +77,9 @@ if ($_POST) {
 	if ($_POST['tcpidletimeout'] && !is_numericint($_POST['tcpidletimeout'])) {
 		$input_errors[] = gettext("The TCP idle timeout must be an integer.");
 	}
+	if ($_POST['reflectiontimeout'] && !is_numericint($_POST['reflectiontimeout'])) {
+		$input_errors[] = gettext("The Reflection timeout must be an integer.");
+	}
 
     ob_flush();
     flush();
@@ -115,6 +119,8 @@ if ($_POST) {
 		else
 			$config['system']['enablebinatreflection'] = "yes";
 
+		$config['system']['reflectiontimeout'] = $_POST['reflectiontimeout'];
+
 		if($_POST['bypassstaticroutes'] == "yes")
 			$config['filter']['bypassstaticroutes'] = $_POST['bypassstaticroutes'];
 		else
@@ -304,14 +310,21 @@ function update_description(itemnum) {
 								<td width="22%" valign="top" class="vncell"><?=gettext("Disable NAT Reflection for port forwards");?></td>
 								<td width="78%" class="vtable">
 									<input name="disablenatreflection" type="checkbox" id="disablenatreflection" value="yes" <?php if (isset($config['system']['disablenatreflection'])) echo "checked"; ?> />
-									<strong><?=gettext("Disables the automatic creation of additional NAT redirect rules for access to port forwards on your external IP addresses from within your internal networks.  Note: Reflection might not fully work in complex routing scenarios.");?></strong>
+									<strong><?=gettext("Disables the automatic creation of additional NAT redirect rules for access to port forwards on your external IP addresses from within your internal networks.  Note: Reflection for port forward entries is skipped for ranges larger than 500 ports.");?></strong>
+								</td>
+							</tr>
+							<tr>
+								<td width="22%" valign="top" class="vncell"><?=gettext("Reflection Timeout");?></td>
+								<td width="78%" class="vtable">
+									<input name="reflectiontimeout" id="reflectiontimeout" value="<?php echo $config['system']['reflectiontimeout']; ?>" /><br/>
+									<strong><?=gettext("Enter value for Reflection timeout in seconds.");?></strong>
 								</td>
 							</tr>
 							<tr>
 								<td width="22%" valign="top" class="vncell"><?=gettext("Disable NAT Reflection for 1:1 NAT");?></td>
 								<td width="78%" class="vtable">
 									<input name="disablebinatreflection" type="checkbox" id="disablebinatreflection" value="yes" <?php if (!isset($config['system']['enablebinatreflection'])) echo "checked"; ?> />
-									<strong><?=gettext("Disables the automatic creation of additional NAT 1:1 mappings for access to 1:1 mappings of your external IP addresses from within your internal networks.  Note: Reflection might not fully work in complex routing scenarios.");?></strong>
+									<strong><?=gettext("Disables the automatic creation of additional NAT 1:1 mappings for access to 1:1 mappings of your external IP addresses from within your internal networks.  Note: Reflection for 1:1 NAT might not fully work in certain complex routing scenarios.");?></strong>
 								</td>
 							</tr>
 							<tr>