From bdac13de30d9086126561c9000e980bd46dd0479 Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Tue, 20 Jun 2006 17:36:55 +0000 Subject: MFC Import Static route filtering option from m0n0wall 1.2b5 It appears this knob was missing since after BETA3 and thus may have caused issues with static routes on any interface. --- usr/local/www/system_advanced.php | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) (limited to 'usr/local') diff --git a/usr/local/www/system_advanced.php b/usr/local/www/system_advanced.php index a714621..dd28980 100755 --- a/usr/local/www/system_advanced.php +++ b/usr/local/www/system_advanced.php @@ -54,7 +54,7 @@ $pconfig['enablesshd'] = $config['system']['enablesshd']; $pconfig['sshport'] = $config['system']['ssh']['port']; $pconfig['sharednet'] = $config['system']['sharednet']; $pconfig['polling_enable'] = isset($config['system']['polling']); - +$pconfig['bypassstaticroutes'] = isset($config['filter']['bypassstaticroutes']); $pconfig['disablenatreflection'] = $config['system']['disablenatreflection']; if ($_POST) { @@ -200,6 +200,7 @@ if ($_POST) { $config['ipsec']['preferoldsa'] = $_POST['preferoldsa_enable'] ? true : false; $config['bridge']['filteringbridge'] = $_POST['filteringbridge_enable'] ? true : false; + $config['filter']['bypassstaticroutes'] = $_POST['bypassstaticroutes'] ? true : false; write_config(); @@ -447,6 +448,18 @@ include("head.inc"); + Static route filtering + + /> + Bypass firewall rules for traffic on the same interface +
+ This option only applies if you have defined one or more static routes. If it is enabled, traffic that enters and + leaves through the same interface will not be checked by the firewall. This may be desirable in some situations where + multiple subnets are connected to the same interface. +
+ + + IPsec SA preferral /> @@ -693,4 +706,4 @@ if (($config['system']['webgui']['certificate'] != $oldcert) touch("/tmp/restart_webgui"); } -?> \ No newline at end of file +?> -- cgit v1.1