Revision dd965531
Added by → luckman212 over 3 years ago
src/etc/inc/gwlb.inc | ||
---|---|---|
239 | 239 |
* Add static routes for each gateway with their monitor IP |
240 | 240 |
* not strictly necessary but is a added level of protection. |
241 | 241 |
*/ |
242 |
if (is_ipaddrv4($gateway['gateway']) && $gateway['monitor'] != $gateway['gateway']) { |
|
243 |
log_error(sprintf(gettext('Removing static route for monitor %1$s and adding a new route through %2$s'), $gateway['monitor'], $gateway['gateway'])); |
|
244 |
if (interface_isppp_type($gateway['friendlyiface'])) { |
|
245 |
route_add_or_change($gateway['monitor'], |
|
246 |
'', $gateway['interface']); |
|
247 |
system_staticroutes_configure($gateway['friendlyiface']); |
|
248 |
} else { |
|
249 |
route_add_or_change($gateway['monitor'], |
|
250 |
$gateway['gateway']); |
|
251 |
} |
|
242 |
if (!isset($config['system']['dpinger_dont_add_static_routes']) && |
|
243 |
!isset($gateway['dpinger_dont_add_static_route'])) { |
|
244 |
if (is_ipaddrv4($gateway['gateway']) && $gateway['monitor'] != $gateway['gateway']) { |
|
245 |
log_error(sprintf(gettext('Removing static route for monitor %1$s and adding a new route through %2$s'), $gateway['monitor'], $gateway['gateway'])); |
|
246 |
if (interface_isppp_type($gateway['friendlyiface'])) { |
|
247 |
route_add_or_change($gateway['monitor'], |
|
248 |
'', $gateway['interface']); |
|
249 |
system_staticroutes_configure($gateway['friendlyiface']); |
|
250 |
} else { |
|
251 |
route_add_or_change($gateway['monitor'], |
|
252 |
$gateway['gateway']); |
|
253 |
} |
|
252 | 254 |
|
253 |
pfSense_kill_states("0.0.0.0/0", utf8_encode($gateway['monitor']), utf8_encode($gateway['interface']), "icmp"); |
|
255 |
pfSense_kill_states("0.0.0.0/0", utf8_encode($gateway['monitor']), utf8_encode($gateway['interface']), "icmp"); |
|
256 |
} |
|
254 | 257 |
} |
255 | 258 |
} else if ($gateway['ipprotocol'] == "inet6") { // This is an IPv6 gateway... |
256 | 259 |
if (is_linklocal($gateway['gateway']) && |
... | ... | |
282 | 285 |
* Add static routes for each gateway with their monitor IP |
283 | 286 |
* not strictly necessary but is a added level of protection. |
284 | 287 |
*/ |
285 |
if ($gateway['gateway'] != $gateways_arr[$gwname]['monitor']) { |
|
286 |
log_error(sprintf(gettext('Removing static route for monitor %1$s and adding a new route through %2$s'), $gateway['monitor'], $gateway['gateway'])); |
|
287 |
if (interface_isppp_type($gateway['friendlyiface'])) { |
|
288 |
route_add_or_change($gateway['monitor'], |
|
289 |
'', $gateway['interface']); |
|
290 |
system_staticroutes_configure($gateway['friendlyiface']); |
|
291 |
} else { |
|
292 |
route_add_or_change($gateway['monitor'], |
|
293 |
$gateway['gateway']); |
|
294 |
} |
|
295 | 288 |
|
296 |
pfSense_kill_states("::0.0.0.0/0", utf8_encode($gateway['monitor']), utf8_encode($gateway['interface']), "icmpv6"); |
|
289 |
if (!isset($config['system']['dpinger_dont_add_static_routes']) && |
|
290 |
!isset($gateway['dpinger_dont_add_static_route'])) { |
|
291 |
if ($gateway['gateway'] != $gateways_arr[$gwname]['monitor']) { |
|
292 |
log_error(sprintf(gettext('Removing static route for monitor %1$s and adding a new route through %2$s'), $gateway['monitor'], $gateway['gateway'])); |
|
293 |
if (interface_isppp_type($gateway['friendlyiface'])) { |
|
294 |
route_add_or_change($gateway['monitor'], |
|
295 |
'', $gateway['interface']); |
|
296 |
system_staticroutes_configure($gateway['friendlyiface']); |
|
297 |
} else { |
|
298 |
route_add_or_change($gateway['monitor'], |
|
299 |
$gateway['gateway']); |
|
300 |
} |
|
301 |
|
|
302 |
pfSense_kill_states("::0.0.0.0/0", utf8_encode($gateway['monitor']), utf8_encode($gateway['interface']), "icmpv6"); |
|
303 |
} |
|
297 | 304 |
} |
298 | 305 |
} else { |
299 | 306 |
continue; |
... | ... | |
2078 | 2085 |
if ($gateway_settings['nonlocalgateway'] == "yes") { |
2079 | 2086 |
$gateway['nonlocalgateway'] = true; |
2080 | 2087 |
} |
2088 |
if ($gateway_settings['dpinger_dont_add_static_route'] == "yes") { |
|
2089 |
$gateway['dpinger_dont_add_static_route'] = true; |
|
2090 |
} |
|
2081 | 2091 |
if ($gateway_settings['force_down'] == "yes") { |
2082 | 2092 |
$gateway['force_down'] = true; |
2083 | 2093 |
} |
src/usr/local/pfSense/include/www/system_advanced_misc.inc | ||
---|---|---|
56 | 56 |
$pconfig['schedule_states'] = isset($config['system']['schedule_states']); |
57 | 57 |
$pconfig['gw_down_kill_states'] = isset($config['system']['gw_down_kill_states']); |
58 | 58 |
$pconfig['skip_rules_gw_down'] = isset($config['system']['skip_rules_gw_down']); |
59 |
$pconfig['dpinger_dont_add_static_routes'] = isset($config['system']['dpinger_dont_add_static_routes']); |
|
59 | 60 |
$pconfig['use_mfs_tmpvar'] = isset($config['system']['use_mfs_tmpvar']); |
60 | 61 |
$pconfig['use_mfs_tmp_size'] = $config['system']['use_mfs_tmp_size']; |
61 | 62 |
$pconfig['use_mfs_var_size'] = $config['system']['use_mfs_var_size']; |
src/usr/local/www/system_advanced_misc.php | ||
---|---|---|
304 | 304 |
'down, the rule is created omitting the gateway. This option overrides that '. |
305 | 305 |
'behavior by omitting the entire rule instead.'); |
306 | 306 |
|
307 |
$section->addInput(new Form_Checkbox( |
|
308 |
'dpinger_dont_add_static_routes', |
|
309 |
'Static routes', |
|
310 |
'Do not add static routes for gateway monitor IP addresses', |
|
311 |
$pconfig['dpinger_dont_add_static_routes'] |
|
312 |
))->setHelp('By default the firewall adds static routes for gateway monitor IP addresses '. |
|
313 |
'to ensure traffic to the monitor IP address leaves via the correct interface. '. |
|
314 |
'Enabling this checkbox overrides that behavior.'); |
|
315 |
|
|
307 | 316 |
$form->add($section); |
308 | 317 |
$section = new Form_Section('RAM Disk Settings (Reboot to Apply Changes)'); |
309 | 318 |
|
src/usr/local/www/system_gateways_edit.php | ||
---|---|---|
72 | 72 |
$pconfig['losslow'] = $a_gateways[$id]['losslow']; |
73 | 73 |
$pconfig['losshigh'] = $a_gateways[$id]['losshigh']; |
74 | 74 |
$pconfig['monitor'] = $a_gateways[$id]['monitor']; |
75 |
$pconfig['dpinger_dont_add_static_route'] = isset($a_gateways[$id]['dpinger_dont_add_static_route']); |
|
75 | 76 |
$pconfig['monitor_disable'] = isset($a_gateways[$id]['monitor_disable']); |
76 | 77 |
$pconfig['action_disable'] = isset($a_gateways[$id]['action_disable']); |
77 | 78 |
$pconfig['data_payload'] = $a_gateways[$id]['data_payload']; |
... | ... | |
223 | 224 |
'requests (pings).'); |
224 | 225 |
$section->add($group); |
225 | 226 |
|
227 |
$section->addInput(new Form_Checkbox( |
|
228 |
'dpinger_dont_add_static_route', |
|
229 |
'Static route', |
|
230 |
'Do not add static route for gateway monitor IP address via the chosen interface', |
|
231 |
$pconfig['dpinger_dont_add_static_route'] |
|
232 |
))->setHelp('By default the firewall adds static routes for gateway monitor IP addresses '. |
|
233 |
'to ensure traffic to the monitor IP address leaves via the correct interface. '. |
|
234 |
'Enabling this checkbox overrides that behavior.'); |
|
235 |
|
|
236 |
$form->add($section); |
|
237 |
|
|
226 | 238 |
$section->addInput(new Form_Checkbox( |
227 | 239 |
'force_down', |
228 | 240 |
'Force state', |
Also available in: Unified diff
adds option to not auto-create static routes for dpinger (squashed)