Revision f1beeba5
Added by Luiz Gustavo S. Costa over 14 years ago
| etc/inc/filter.inc | ||
|---|---|---|
| 1740 | 1740 |
update_filter_reload_status("Setting up pass/block rules {$rule['descr']}");
|
| 1741 | 1741 |
|
| 1742 | 1742 |
/* do not process reply-to for gateway'd rules */ |
| 1743 |
if($rule['gateway'] == "" && $aline['direction'] <> "" && interface_has_gateway($rule['interface']) && !isset($rule['disablereplyto'])) {
|
|
| 1743 |
if($rule['gateway'] == "" && $aline['direction'] <> "" && interface_has_gateway($rule['interface']) && !isset($config['system']['disablereplyto'])) {
|
|
| 1744 | 1744 |
$rg = get_interface_gateway($rule['interface']); |
| 1745 | 1745 |
if(is_ipaddr($rg)) {
|
| 1746 | 1746 |
$aline['reply'] = "reply-to ( {$ifcfg['if']} {$rg} ) ";
|
| usr/local/www/system_advanced_firewall.php | ||
|---|---|---|
| 56 | 56 |
$pconfig['optimization'] = $config['filter']['optimization']; |
| 57 | 57 |
$pconfig['maximumstates'] = $config['system']['maximumstates']; |
| 58 | 58 |
$pconfig['maximumtableentries'] = $config['system']['maximumtableentries']; |
| 59 |
$pconfig['disablereplyto'] = isset($config['system']['disablereplyto']); |
|
| 59 | 60 |
$pconfig['disablenatreflection'] = $config['system']['disablenatreflection']; |
| 60 | 61 |
if (!isset($config['system']['enablebinatreflection'])) |
| 61 | 62 |
$pconfig['disablebinatreflection'] = "yes"; |
| ... | ... | |
| 124 | 125 |
else |
| 125 | 126 |
$config['system']['enablebinatreflection'] = "yes"; |
| 126 | 127 |
|
| 128 |
if($_POST['disablereplyto'] == "yes") |
|
| 129 |
$config['system']['disablereplyto'] = $_POST['disablereplyto']; |
|
| 130 |
else |
|
| 131 |
unset($config['system']['disablereplyto']); |
|
| 132 |
|
|
| 127 | 133 |
if($_POST['enablenatreflectionhelper'] == "yes") |
| 128 | 134 |
$config['system']['enablenatreflectionhelper'] = "yes"; |
| 129 | 135 |
else |
| ... | ... | |
| 361 | 367 |
<?=gettext("Currently only applies to 1:1 NAT rules. Required for full functionality of NAT Reflection for 1:1 NAT.");?>
|
| 362 | 368 |
</td> |
| 363 | 369 |
</tr> |
| 370 |
<tr> |
|
| 371 |
<td width="22%" valign="top" class="vncell">Disable reply-to</td> |
|
| 372 |
<td width="78%" class="vtable"> |
|
| 373 |
<input name="disablereplyto" type="checkbox" id="disablereplyto" value="yes" <?php if ($pconfig['disablereplyto']) echo "checked"; ?> /> |
|
| 374 |
<strong><?=gettext("Disable reply-to on WAN rules");?></strong>
|
|
| 375 |
<br /> |
|
| 376 |
<?=gettext("With Multi-WAN you generally want to ensure traffic leaves the same interface it arrives on, hence reply-to is added automatically by default." .
|
|
| 377 |
"When using bridging, you must disable this behavior if the WAN gateway IP is different from the gateway IP of the hosts behind the bridged interface.");?> |
|
| 378 |
<br /> |
|
| 379 |
</td> |
|
| 380 |
</tr> |
|
| 364 | 381 |
<tr> |
| 365 | 382 |
<td width="22%" valign="top" class="vncell"><?=gettext("TFTP Proxy");?></td>
|
| 366 | 383 |
<td width="78%" class="vtable"> |
Also available in: Unified diff
Add Global reply-to disable checkbox, resolves the issue #1137