diff options
-rw-r--r-- | etc/inc/filter.inc | 7 | ||||
-rwxr-xr-x | usr/local/www/firewall_rules_edit.php | 19 |
2 files changed, 22 insertions, 4 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index cabc3d6..3bfda11 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -2409,6 +2409,9 @@ function filter_generate_user_rule($rule) { } else $aline['flags'] .= "keep state "; + if ($noadvoptions == false && isset($rule['nopfsync'])) + $rule['nopfsync'] = true; + if ($noadvoptions == false || $l7_present) if ((isset($rule['source-track']) and $rule['source-track'] <> "") or (isset($rule['max']) and $rule['max'] <> "") or @@ -2419,10 +2422,12 @@ function filter_generate_user_rule($rule) { (isset($rule['max-src-conn']) and $rule['max-src-conn'] <> "") or (isset($rule['max-src-conn-rate']) and $rule['max-src-conn-rate'] <> "") or (isset($rule['max-src-conn-rates']) and $rule['max-src-conn-rates'] <> ""))) or - isset($rule['sloppy']) or $l7_present) { + isset($rule['sloppy']) or isset($rule['nopfsync']) or $l7_present) { $aline['flags'] .= "( "; if (isset($rule['sloppy'])) $aline['flags'] .= "sloppy "; + if (isset($rule['nopfsync'])) + $aline['flags'] .= "no-sync "; if (isset($rule['source-track']) and $rule['source-track'] <> "") $aline['flags'] .= "source-track rule "; if (isset($rule['max']) and $rule['max'] <> "") diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php index cbdc3af..99d6172 100755 --- a/usr/local/www/firewall_rules_edit.php +++ b/usr/local/www/firewall_rules_edit.php @@ -157,6 +157,7 @@ if (isset($id) && $a_filter[$id]) { $pconfig['max-src-states'] = $a_filter[$id]['max-src-states']; $pconfig['statetype'] = $a_filter[$id]['statetype']; $pconfig['statetimeout'] = $a_filter[$id]['statetimeout']; + $pconfig['nopfsync'] = isset($a_filter[$id]['nopfsync']); /* advanced - nosync */ $pconfig['nosync'] = isset($a_filter[$id]['nosync']); @@ -585,6 +586,10 @@ if ($_POST) { $filterent['statetimeout'] = $_POST['statetimeout']; $filterent['statetype'] = $_POST['statetype']; $filterent['os'] = $_POST['os']; + if($_POST['nopfsync'] <> "") + $filterent['nopfsync'] = true; + else + unset($filterent['nopfsync']); /* Nosync directive - do not xmlrpc sync this item */ if($_POST['nosync'] <> "") @@ -1310,16 +1315,24 @@ $i--): ?> <tr> <td width="22%" valign="top" class="vncell"><?=gettext("State Type");?></td> <td width="78%" class="vtable"> - <div id="showadvstatebox" <?php if (!empty($pconfig['statetype']) && $pconfig['statetype'] != "keep state") echo "style='display:none'"; ?>> + <div id="showadvstatebox" <?php if (!empty($pconfig['nopfsync']) || (!empty($pconfig['statetype']) && $pconfig['statetype'] != "keep state")) echo "style='display:none'"; ?>> <input type="button" onclick="show_advanced_state()" value="<?=gettext("Advanced"); ?>" /> - <?=gettext("Show advanced option");?> </div> - <div id="showstateadv" <?php if (empty($pconfig['statetype']) || $pconfig['statetype'] == "keep state") echo "style='display:none'"; ?>> + <div id="showstateadv" <?php if (empty($pconfig['nopfsync']) && (empty($pconfig['statetype']) || $pconfig['statetype'] == "keep state")) echo "style='display:none'"; ?>> + <input name="nopfsync" type="checkbox" id="nopfsync" value="yes" <?php if ($pconfig['nopfsync']) echo "checked=\"checked\""; ?> /> + <span class="vexpl"> + NO pfsync<br/> + <?=gettext("Hint: This prevents states created by this rule to be sync'ed over pfsync.");?><br/> + </span><br/> <select name="statetype"> <option value="keep state" <?php if(!isset($pconfig['statetype']) or $pconfig['statetype'] == "keep state") echo "selected=\"selected\""; ?>><?=gettext("keep state");?></option> <option value="sloppy state" <?php if($pconfig['statetype'] == "sloppy state") echo "selected=\"selected\""; ?>><?=gettext("sloppy state");?></option> <option value="synproxy state"<?php if($pconfig['statetype'] == "synproxy state") echo "selected=\"selected\""; ?>><?=gettext("synproxy state");?></option> <option value="none"<?php if($pconfig['statetype'] == "none") echo "selected=\"selected\""; ?>><?=gettext("none");?></option> - </select><br/><?=gettext("Hint: Select which type of state tracking mechanism you would like to use. If in doubt, use keep state.");?> + </select><br/> + <span class="vexpl"> + <?=gettext("Hint: Select which type of state tracking mechanism you would like to use. If in doubt, use keep state.");?> + </span> <table width="90%"> <tr><td width="25%"><ul><li><?=gettext("keep state");?></li></ul></td><td><?=gettext("Works with all IP protocols.");?></td></tr> <tr><td width="25%"><ul><li><?=gettext("sloppy state");?></li></ul></td><td><?=gettext("Works with all IP protocols.");?></td></tr> |