From f38dea081471248addbd737f1cabd7975594fd9e Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Tue, 15 Mar 2005 19:18:13 +0000 Subject: Add reply-to (aka return gateway) rule support for multiple WAN support. And the crowd goes nuts! --- etc/inc/filter.inc | 4 ++++ usr/local/www/firewall_rules_edit.php | 14 ++++++++++++++ 2 files changed, 18 insertions(+) diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index db1e47d..451389f 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1353,6 +1353,10 @@ EOD; $line .= "on \$" . $interface . " "; } + if($rule['returngateway'] <> "") { + $line .= "reply-to (" . $rule['returngateway'] . ") "; + } + if (isset($rule['protocol'])) { if($rule['protocol'] == "tcp/udp") $line .= "proto { tcp udp } "; diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php index e267fb2..10e47c1 100755 --- a/usr/local/www/firewall_rules_edit.php +++ b/usr/local/www/firewall_rules_edit.php @@ -148,6 +148,8 @@ if (isset($id) && $a_filter[$id]) { $pconfig['dstmask'], $pconfig['dstnot'], $pconfig['dstbeginport'], $pconfig['dstendport']); + $pconfig['returngateway'] = $a_filter[$id]['returngateway']; + $pconfig['disabled'] = isset($a_filter[$id]['disabled']); $pconfig['log'] = isset($a_filter[$id]['log']); $pconfig['frags'] = isset($a_filter[$id]['frags']); @@ -268,6 +270,9 @@ if ($_POST) { $input_errors[] = "The end destination port must be an alias or integer between 1 and 65535."; } + if (($_POST['returngateway'] && !is_ipaddroranyalias($_POST['returngateway']))) + $input_errors[] = "A valid return gateway IP address or alias must be specified."; + if (!is_specialnet($_POST['srctype'])) { if (($_POST['src'] && !is_ipaddroranyalias($_POST['src']))) { $input_errors[] = "A valid source IP address or alias must be specified."; @@ -825,6 +830,15 @@ Hint: the difference between block and reject is that with reject, a packet (TCP + + Return gateway + + +

Leave blank for default. Enter the next-hop gateway for the return path. + + + +   -- cgit v1.1