Revision 184a6ceb
Added by Chris Buechler over 13 years ago
| etc/inc/filter.inc | ||
|---|---|---|
| 2045 | 2045 |
$line = ""; |
| 2046 | 2046 |
/* exception(s) to a user rules can go here. */ |
| 2047 | 2047 |
/* rules with a gateway or pool should create another rule for routing to vpns */ |
| 2048 |
if((($aline['route'] <> "") && (trim($aline['type']) == "pass") && strstr($dst, "any")) && (!isset($config['system']['disablenegate']))) {
|
|
| 2048 |
if(($aline['route'] <> "") && (trim($aline['type']) == "pass") && strstr($dst, "any")) {
|
|
| 2049 | 2049 |
/* negate VPN/PPTP/PPPoE/Static Route networks for load balancer/gateway rules */ |
| 2050 | 2050 |
$negate_networks = " to <negate_networks> "; |
| 2051 | 2051 |
$line .= $aline['type'] . $aline['direction'] . $aline['log'] . $aline['quick'] . |
| usr/local/www/system_advanced_firewall.php | ||
|---|---|---|
| 57 | 57 |
$pconfig['maximumstates'] = $config['system']['maximumstates']; |
| 58 | 58 |
$pconfig['maximumtableentries'] = $config['system']['maximumtableentries']; |
| 59 | 59 |
$pconfig['disablereplyto'] = isset($config['system']['disablereplyto']); |
| 60 |
$pconfig['disablenegate'] = isset($config['system']['disablenegate']); |
|
| 61 | 60 |
$pconfig['disablenatreflection'] = $config['system']['disablenatreflection']; |
| 62 | 61 |
if (!isset($config['system']['enablebinatreflection'])) |
| 63 | 62 |
$pconfig['disablebinatreflection'] = "yes"; |
| ... | ... | |
| 136 | 135 |
else |
| 137 | 136 |
unset($config['system']['disablereplyto']); |
| 138 | 137 |
|
| 139 |
if($_POST['disablenegate'] == "yes") |
|
| 140 |
$config['system']['disablenegate'] = $_POST['disablenegate']; |
|
| 141 |
else |
|
| 142 |
unset($config['system']['disablenegate']); |
|
| 143 |
|
|
| 144 | 138 |
if($_POST['enablenatreflectionhelper'] == "yes") |
| 145 | 139 |
$config['system']['enablenatreflectionhelper'] = "yes"; |
| 146 | 140 |
else |
| ... | ... | |
| 362 | 356 |
<br /> |
| 363 | 357 |
</td> |
| 364 | 358 |
</tr> |
| 365 |
<tr> |
|
| 366 |
<td width="22%" valign="top" class="vncell">Disable Negate rules</td> |
|
| 367 |
<td width="78%" class="vtable"> |
|
| 368 |
<input name="disablenegate" type="checkbox" id="disablenegate" value="yes" <?php if ($pconfig['disablenegate']) echo "checked"; ?> /> |
|
| 369 |
<strong><?=gettext("Disable Negate rule on policy routing rules");?></strong>
|
|
| 370 |
<br /> |
|
| 371 |
<?=gettext("With Multi-WAN you generally want to ensure traffic reaches directly connected networks and VPN networks when using policy routing. You can disable this for special purposes but it requires manually creating rules for these networks");?>
|
|
| 372 |
<br /> |
|
| 373 |
</td> |
|
| 374 |
</tr> |
|
| 375 | 359 |
<tr> |
| 376 | 360 |
<td colspan="2" class="list" height="12"> </td> |
| 377 | 361 |
</tr> |
Also available in: Unified diff
until 2.0.1 is tagged, Revert "Add a checkbox that disabled automatically generates negate rules for directly connected networks and VPNs"
This reverts commit 9ae39b01fb7dfd9c27091e3fae7e034e9e115519.