--- /root/test/etc/inc/filter.inc 2010-01-07 12:30:29.000000000 +0000
+++ /etc/inc/filter.inc 2010-01-07 20:54:27.000000000 +0000
@@ -1394,7 +1394,7 @@
update_filter_reload_status("Setting up pass/block rules {$rule['descr']}");
/* do not process reply-to for gateway'd rules */
- if($rule['gateway'] == "" && interface_has_gateway($rule['interface'])) {
+ if($rule['gateway'] == "" && interface_has_gateway($rule['interface']) && !isset($rule['disablereplyto'])) {
$rg = get_interface_gateway($rule['interface']);
if(is_ipaddr($rg)) {
$aline['reply'] = "reply-to ( {$ifcfg['if']} {$rg} ) ";
--- /root/test/usr/local/www/firewall_rules_edit.php 2010-01-07 12:30:29.000000000 +0000
+++ /usr/local/www/firewall_rules_edit.php 2010-01-07 20:02:32.000000000 +0000
@@ -129,6 +129,8 @@
$pconfig['quick'] = $a_filter[$id]['quick'];
if (isset($a_filter[$id]['allowopts']))
$pconfig['allowopts'] = true;
+ if (isset($a_filter[$id]['disablereplyto']))
+ $pconfig['disablereplyto'] = true;
/* advanced */
$pconfig['max'] = $a_filter[$id]['max'];
@@ -383,6 +385,10 @@
$filterent['allowopts'] = true;
else
unset($filterent['allowopts']);
+ if ($_POST['disablereplyto'] == "yes")
+ $filterent['disablereplyto'] = true;
+ else
+ unset($filterent['disablereplyto']);
$filterent['max'] = $_POST['max'];
$filterent['max-src-nodes'] = $_POST['max-src-nodes'];
$filterent['max-src-conn'] = $_POST['max-src-conn'];
@@ -957,6 +963,9 @@
>
=gettext("This allows packets with IP options to pass. Otherwise they are blocked by default. This is usually only seen with multicast traffic.");?>
+ >
+
=gettext("This will disable reply-to for this rule.");?>
+
=gettext("You can mark a packet matching this rule and use this mark to match on other NAT/filter rules. It is called Policy filtering");?>