diff options
-rw-r--r-- | etc/inc/filter.inc | 2 | ||||
-rwxr-xr-x | usr/local/www/firewall_rules_edit.php | 9 |
2 files changed, 10 insertions, 1 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index e7c49e2..7b8d11d 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1413,7 +1413,7 @@ function filter_generate_user_rule($rule) { update_filter_reload_status("Setting up pass/block rules {$rule['descr']}"); /* do not process reply-to for gateway'd rules */ - if($rule['gateway'] == "" && interface_has_gateway($rule['interface'])) { + if($rule['gateway'] == "" && interface_has_gateway($rule['interface']) && !isset($rule['disablereplyto'])) { $rg = get_interface_gateway($rule['interface']); if(is_ipaddr($rg)) { $aline['reply'] = "reply-to ( {$ifcfg['if']} {$rg} ) "; diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php index 034a683..9be39b2 100755 --- a/usr/local/www/firewall_rules_edit.php +++ b/usr/local/www/firewall_rules_edit.php @@ -129,6 +129,8 @@ if (isset($id) && $a_filter[$id]) { $pconfig['quick'] = $a_filter[$id]['quick']; if (isset($a_filter[$id]['allowopts'])) $pconfig['allowopts'] = true; + if (isset($a_filter[$id]['disablereplyto'])) + $pconfig['disablereplyto'] = true; /* advanced */ $pconfig['max'] = $a_filter[$id]['max']; @@ -383,6 +385,10 @@ if ($_POST) { $filterent['allowopts'] = true; else unset($filterent['allowopts']); + if ($_POST['disablereplyto'] == "yes") + $filterent['disablereplyto'] = true; + else + unset($filterent['disablereplyto']); $filterent['max'] = $_POST['max']; $filterent['max-src-nodes'] = $_POST['max-src-nodes']; $filterent['max-src-conn'] = $_POST['max-src-conn']; @@ -965,6 +971,9 @@ include("head.inc"); <input type="checkbox" id="allowopts" value="yes" name="allowopts"<?php if($pconfig['allowopts'] == true) echo " checked"; ?>> <br/><span class="vexpl"><?=gettext("This allows packets with IP options to pass. Otherwise they are blocked by default. This is usually only seen with multicast traffic.");?> </span><p> + <input type="checkbox" id="disablereplyto" value="yes" name="disablereplyto"<?php if($pconfig['disablereplyto'] == true) echo " checked"; ?>> + <br/><span class="vexpl"><?=gettext("This will disable auto generated reply-to for this rule.");?> + </span><p> <input name="tag" id="tag" value="<?=htmlspecialchars($pconfig['tag']);?>"> <br /><span class="vexpl"><?=gettext("You can mark a packet matching this rule and use this mark to match on other NAT/filter rules. It is called <b>Policy filtering</b>");?> </span><p> |