|
1
|
--- /root/test/etc/inc/filter.inc 2010-01-07 12:30:29.000000000 +0000
|
|
2
|
+++ /etc/inc/filter.inc 2010-01-07 20:54:27.000000000 +0000
|
|
3
|
@@ -1394,7 +1394,7 @@
|
|
4
|
update_filter_reload_status("Setting up pass/block rules {$rule['descr']}");
|
|
5
|
|
|
6
|
/* do not process reply-to for gateway'd rules */
|
|
7
|
- if($rule['gateway'] == "" && interface_has_gateway($rule['interface'])) {
|
|
8
|
+ if($rule['gateway'] == "" && interface_has_gateway($rule['interface']) && !isset($rule['disablereplyto'])) {
|
|
9
|
$rg = get_interface_gateway($rule['interface']);
|
|
10
|
if(is_ipaddr($rg)) {
|
|
11
|
$aline['reply'] = "reply-to ( {$ifcfg['if']} {$rg} ) ";
|
|
12
|
|
|
13
|
--- /root/test/usr/local/www/firewall_rules_edit.php 2010-01-07 12:30:29.000000000 +0000
|
|
14
|
+++ /usr/local/www/firewall_rules_edit.php 2010-01-07 20:02:32.000000000 +0000
|
|
15
|
@@ -129,6 +129,8 @@
|
|
16
|
$pconfig['quick'] = $a_filter[$id]['quick'];
|
|
17
|
if (isset($a_filter[$id]['allowopts']))
|
|
18
|
$pconfig['allowopts'] = true;
|
|
19
|
+ if (isset($a_filter[$id]['disablereplyto']))
|
|
20
|
+ $pconfig['disablereplyto'] = true;
|
|
21
|
|
|
22
|
/* advanced */
|
|
23
|
$pconfig['max'] = $a_filter[$id]['max'];
|
|
24
|
@@ -383,6 +385,10 @@
|
|
25
|
$filterent['allowopts'] = true;
|
|
26
|
else
|
|
27
|
unset($filterent['allowopts']);
|
|
28
|
+ if ($_POST['disablereplyto'] == "yes")
|
|
29
|
+ $filterent['disablereplyto'] = true;
|
|
30
|
+ else
|
|
31
|
+ unset($filterent['disablereplyto']);
|
|
32
|
$filterent['max'] = $_POST['max'];
|
|
33
|
$filterent['max-src-nodes'] = $_POST['max-src-nodes'];
|
|
34
|
$filterent['max-src-conn'] = $_POST['max-src-conn'];
|
|
35
|
@@ -957,6 +963,9 @@
|
|
36
|
<input type="checkbox" id="allowopts" value="yes" name="allowopts"<?php if($pconfig['allowopts'] == true) echo " checked"; ?>>
|
|
37
|
<br/><span class="vexpl"><?=gettext("This allows packets with IP options to pass. Otherwise they are blocked by default. This is usually only seen with multicast traffic.");?>
|
|
38
|
</span><p>
|
|
39
|
+ <input type="checkbox" id="disablereplyto" value="yes" name="disablereplyto"<?php if($pconfig['disablereplyto'] == true) echo " checked"; ?>>
|
|
40
|
+ <br/><span class="vexpl"><?=gettext("This will disable reply-to for this rule.");?>
|
|
41
|
+ </span><p>
|
|
42
|
<input name="tag" id="tag" value="<?=htmlspecialchars($pconfig['tag']);?>">
|
|
43
|
<br /><span class="vexpl"><?=gettext("You can mark a packet matching this rule and use this mark to match on other NAT/filter rules. It is called <b>Policy filtering</b>");?>
|
|
44
|
</span><p>
|