| 69 |
69 |
'inet46' => array('name' => 'IPv4+6', 'icmptypes' => $icmptypes46, 'helpmsg' => sprintf(gettext('For ICMP rules on IPv4+IPv6, one or more of these ICMP subtypes may be specified. (Other ICMP subtypes are only valid under IPv4 %1$sor%2$s IPv6, not both)'), '<i>', '</i>'))
|
| 70 |
70 |
);
|
| 71 |
71 |
|
|
72 |
$statepolicy_values = [
|
|
73 |
'' => gettext('Use global default'),
|
|
74 |
'if-bound' => gettext('Interface Bound States'),
|
|
75 |
'floating' => gettext('Floating States'),
|
|
76 |
];
|
|
77 |
|
| 72 |
78 |
$statetype_values = array(
|
| 73 |
79 |
'keep state' => gettext('Keep'),
|
| 74 |
80 |
'sloppy state' => gettext('Sloppy'),
|
| ... | ... | |
| 119 |
125 |
($rule_config['tcpflags2'] != "") ||
|
| 120 |
126 |
($rule_config['tcpflags_any']) ||
|
| 121 |
127 |
($rule_config['nopfsync']) ||
|
|
128 |
($rule_config['statepolicy'] != "") ||
|
| 122 |
129 |
(($rule_config['statetype'] != "") && ($rule_config['statetype'] != "keep state")) ||
|
| 123 |
130 |
($rule_config['nosync']) ||
|
| 124 |
131 |
($rule_config['vlanprio'] != "") ||
|
| ... | ... | |
| 284 |
291 |
$pconfig['max-src-nodes'] = $a_filter[$id]['max-src-nodes'];
|
| 285 |
292 |
$pconfig['max-src-conn'] = $a_filter[$id]['max-src-conn'];
|
| 286 |
293 |
$pconfig['max-src-states'] = $a_filter[$id]['max-src-states'];
|
|
294 |
$pconfig['statepolicy'] = $a_filter[$id]['statepolicy'];
|
| 287 |
295 |
$pconfig['statetype'] = $a_filter[$id]['statetype'];
|
| 288 |
296 |
$pconfig['statetimeout'] = $a_filter[$id]['statetimeout'];
|
| 289 |
297 |
$pconfig['nopfsync'] = isset($a_filter[$id]['nopfsync']);
|
| ... | ... | |
| 828 |
836 |
if ($_POST['tagged'] && !is_validaliasname($_POST['tagged'])) {
|
| 829 |
837 |
$input_errors[] = gettext("Invalid tagged value.");
|
| 830 |
838 |
}
|
|
839 |
if ($_POST['statepolicy'] && !array_key_exists($_POST['statepolicy'], $statepolicy_values)) {
|
|
840 |
$input_errors[] = gettext("Invalid State Policy.");
|
|
841 |
}
|
| 831 |
842 |
if ($_POST['statetype'] && !array_key_exists($_POST['statetype'], $statetype_values)) {
|
| 832 |
843 |
$input_errors[] = gettext("Invalid State Type.");
|
| 833 |
844 |
}
|
| ... | ... | |
| 929 |
940 |
$filterent['max-src-conn'] = $_POST['max-src-conn'];
|
| 930 |
941 |
$filterent['max-src-states'] = $_POST['max-src-states'];
|
| 931 |
942 |
$filterent['statetimeout'] = $_POST['statetimeout'];
|
|
943 |
$filterent['statepolicy'] = $_POST['statepolicy'];
|
| 932 |
944 |
$filterent['statetype'] = $_POST['statetype'];
|
| 933 |
945 |
$filterent['os'] = $_POST['os'];
|
| 934 |
946 |
if ($_POST['nopfsync'] <> "") {
|
| ... | ... | |
| 1627 |
1639 |
$pconfig['nopfsync']
|
| 1628 |
1640 |
));
|
| 1629 |
1641 |
|
|
1642 |
$section->addInput(new Form_Select(
|
|
1643 |
'statepolicy',
|
|
1644 |
'State Policy',
|
|
1645 |
(isset($pconfig['statepolicy'])) ? $pconfig['statepolicy'] : "",
|
|
1646 |
$statepolicy_values
|
|
1647 |
))->setHelp('Optionally overrides the default state policy behavior to force a specific policy ' .
|
|
1648 |
'for connections matching this rule. Only effective when rules keep state.%1$s' .
|
|
1649 |
'The global default policy option is located at System > Advanced, Firewall & NAT tab.',
|
|
1650 |
'<br />');
|
|
1651 |
|
| 1630 |
1652 |
$section->addInput(new Form_Select(
|
| 1631 |
1653 |
'statetype',
|
| 1632 |
1654 |
'State type',
|
Added by Jim Pingle over 1 year ago
Per-rule State Policy option. Implements #15183
Adds a setting in the advanced section when editing a firewall rule
which allows a rule to use a state policy that differs from the
configured default.