Project

General

Profile

« Previous | Next » 

Revision dd965531

Added by → luckman212 over 3 years ago

adds option to not auto-create static routes for dpinger (squashed)

View differences:

src/etc/inc/gwlb.inc
239 239
			 * Add static routes for each gateway with their monitor IP
240 240
			 * not strictly necessary but is a added level of protection.
241 241
			 */
242
			if (is_ipaddrv4($gateway['gateway']) && $gateway['monitor'] != $gateway['gateway']) {
243
				log_error(sprintf(gettext('Removing static route for monitor %1$s and adding a new route through %2$s'), $gateway['monitor'], $gateway['gateway']));
244
				if (interface_isppp_type($gateway['friendlyiface'])) {
245
					route_add_or_change($gateway['monitor'],
246
					    '', $gateway['interface']);
247
					system_staticroutes_configure($gateway['friendlyiface']);
248
				} else {
249
					route_add_or_change($gateway['monitor'],
250
					    $gateway['gateway']);
251
				}
242
			if (!isset($config['system']['dpinger_dont_add_static_routes']) &&
243
					!isset($gateway['dpinger_dont_add_static_route'])) {
244
				if (is_ipaddrv4($gateway['gateway']) && $gateway['monitor'] != $gateway['gateway']) {
245
					log_error(sprintf(gettext('Removing static route for monitor %1$s and adding a new route through %2$s'), $gateway['monitor'], $gateway['gateway']));
246
					if (interface_isppp_type($gateway['friendlyiface'])) {
247
						route_add_or_change($gateway['monitor'],
248
						    '', $gateway['interface']);
249
						system_staticroutes_configure($gateway['friendlyiface']);
250
					} else {
251
						route_add_or_change($gateway['monitor'],
252
						    $gateway['gateway']);
253
					}
252 254

  
253
				pfSense_kill_states("0.0.0.0/0", utf8_encode($gateway['monitor']), utf8_encode($gateway['interface']), "icmp");
255
					pfSense_kill_states("0.0.0.0/0", utf8_encode($gateway['monitor']), utf8_encode($gateway['interface']), "icmp");
256
				}
254 257
			}
255 258
		} else if ($gateway['ipprotocol'] == "inet6") { // This is an IPv6 gateway...
256 259
			if (is_linklocal($gateway['gateway']) &&
......
282 285
			 * Add static routes for each gateway with their monitor IP
283 286
			 * not strictly necessary but is a added level of protection.
284 287
			 */
285
			if ($gateway['gateway'] != $gateways_arr[$gwname]['monitor']) {
286
				log_error(sprintf(gettext('Removing static route for monitor %1$s and adding a new route through %2$s'), $gateway['monitor'], $gateway['gateway']));
287
				if (interface_isppp_type($gateway['friendlyiface'])) {
288
					route_add_or_change($gateway['monitor'],
289
					    '', $gateway['interface']);
290
					system_staticroutes_configure($gateway['friendlyiface']);
291
				} else {
292
					route_add_or_change($gateway['monitor'],
293
					    $gateway['gateway']);
294
				}
295 288

  
296
				pfSense_kill_states("::0.0.0.0/0", utf8_encode($gateway['monitor']), utf8_encode($gateway['interface']), "icmpv6");
289
			if (!isset($config['system']['dpinger_dont_add_static_routes']) &&
290
					!isset($gateway['dpinger_dont_add_static_route'])) {
291
				if ($gateway['gateway'] != $gateways_arr[$gwname]['monitor']) {
292
					log_error(sprintf(gettext('Removing static route for monitor %1$s and adding a new route through %2$s'), $gateway['monitor'], $gateway['gateway']));
293
					if (interface_isppp_type($gateway['friendlyiface'])) {
294
						route_add_or_change($gateway['monitor'],
295
						    '', $gateway['interface']);
296
						system_staticroutes_configure($gateway['friendlyiface']);
297
					} else {
298
						route_add_or_change($gateway['monitor'],
299
						    $gateway['gateway']);
300
					}
301

  
302
					pfSense_kill_states("::0.0.0.0/0", utf8_encode($gateway['monitor']), utf8_encode($gateway['interface']), "icmpv6");
303
				}
297 304
			}
298 305
		} else {
299 306
			continue;
......
2078 2085
	if ($gateway_settings['nonlocalgateway'] == "yes") {
2079 2086
		$gateway['nonlocalgateway'] = true;
2080 2087
	}
2088
	if ($gateway_settings['dpinger_dont_add_static_route'] == "yes") {
2089
		$gateway['dpinger_dont_add_static_route'] = true;
2090
	}
2081 2091
	if ($gateway_settings['force_down'] == "yes") {
2082 2092
		$gateway['force_down'] = true;
2083 2093
	}
src/usr/local/pfSense/include/www/system_advanced_misc.inc
56 56
	$pconfig['schedule_states'] = isset($config['system']['schedule_states']);
57 57
	$pconfig['gw_down_kill_states'] = isset($config['system']['gw_down_kill_states']);
58 58
	$pconfig['skip_rules_gw_down'] = isset($config['system']['skip_rules_gw_down']);
59
	$pconfig['dpinger_dont_add_static_routes'] = isset($config['system']['dpinger_dont_add_static_routes']);
59 60
	$pconfig['use_mfs_tmpvar'] = isset($config['system']['use_mfs_tmpvar']);
60 61
	$pconfig['use_mfs_tmp_size'] = $config['system']['use_mfs_tmp_size'];
61 62
	$pconfig['use_mfs_var_size'] = $config['system']['use_mfs_var_size'];
src/usr/local/www/system_advanced_misc.php
304 304
	'down, the rule is created omitting the gateway. This option overrides that '.
305 305
	'behavior by omitting the entire rule instead.');
306 306

  
307
$section->addInput(new Form_Checkbox(
308
	'dpinger_dont_add_static_routes',
309
	'Static routes',
310
	'Do not add static routes for gateway monitor IP addresses',
311
	$pconfig['dpinger_dont_add_static_routes']
312
))->setHelp('By default the firewall adds static routes for gateway monitor IP addresses '.
313
	'to ensure traffic to the monitor IP address leaves via the correct interface. '.
314
	'Enabling this checkbox overrides that behavior.');
315

  
307 316
$form->add($section);
308 317
$section = new Form_Section('RAM Disk Settings (Reboot to Apply Changes)');
309 318

  
src/usr/local/www/system_gateways_edit.php
72 72
	$pconfig['losslow'] = $a_gateways[$id]['losslow'];
73 73
	$pconfig['losshigh'] = $a_gateways[$id]['losshigh'];
74 74
	$pconfig['monitor'] = $a_gateways[$id]['monitor'];
75
	$pconfig['dpinger_dont_add_static_route'] = isset($a_gateways[$id]['dpinger_dont_add_static_route']);
75 76
	$pconfig['monitor_disable'] = isset($a_gateways[$id]['monitor_disable']);
76 77
	$pconfig['action_disable'] = isset($a_gateways[$id]['action_disable']);
77 78
	$pconfig['data_payload'] = $a_gateways[$id]['data_payload'];
......
223 224
	'requests (pings).');
224 225
$section->add($group);
225 226

  
227
$section->addInput(new Form_Checkbox(
228
	'dpinger_dont_add_static_route',
229
	'Static route',
230
	'Do not add static route for gateway monitor IP address via the chosen interface',
231
	$pconfig['dpinger_dont_add_static_route']
232
))->setHelp('By default the firewall adds static routes for gateway monitor IP addresses '.
233
	'to ensure traffic to the monitor IP address leaves via the correct interface. '.
234
	'Enabling this checkbox overrides that behavior.');
235

  
236
$form->add($section);
237

  
226 238
$section->addInput(new Form_Checkbox(
227 239
	'force_down',
228 240
	'Force state',

Also available in: Unified diff