lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-17 10:04:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

Firewall/snat, add default sticky option for outbound nat rules. https://github.com/opnsense/core/issues/1326

Browse Source
This commit is contained in:
Ad Schellevis 2017-12-29 12:05:23 +01:00
parent 8928b99b92
commit 9af1ae60db
2 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/etc/inc/filter.inc
View File

@ -266,12 +266,14 @@ function filter_configure_sync($verbose = false)
}
}
foreach ($fw->getInterfaceMapping() as $intf => $ifcfg) {
$pool_opts = !empty($config['system']['snat_use_sticky']) ? "sticky-address" : "";
if (substr($ifcfg['if'], 0, 4) != 'ovpn' && !empty($ifcfg['gateway'])) {
foreach (array(500, null) as $dstport) {
$rule = array(
"interface" => $intf,
"dstport" => $dstport,
"staticnatport" => !empty($dstport),
"poolopts" => $pool_opts,
"destination" => array("any" => true),
"ipprotocol" => 'inet',
"descr" => "Automatic outbound rule"

11
src/www/system_advanced_firewall.php
View File

@ -70,6 +70,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
}
$pconfig['enablebinatreflection'] = !empty($config['system']['enablebinatreflection']);
$pconfig['enablenatreflectionhelper'] = isset($config['system']['enablenatreflectionhelper']) ? $config['system']['enablenatreflectionhelper'] : null;
$pconfig['snat_use_sticky'] = !empty($config['system']['snat_use_sticky']);
$pconfig['bypassstaticroutes'] = isset($config['filter']['bypassstaticroutes']);
} elseif ($_SERVER['REQUEST_METHOD'] === 'POST') {
$pconfig = $_POST;
@ -170,6 +171,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
} elseif (isset($config['system']['enablebinatreflection'])) {
unset($config['system']['enablebinatreflection']);
}
$config['system']['snat_use_sticky'] = !empty($pconfig['snat_use_sticky']);
if (!empty($pconfig['disablereplyto'])) {
$config['system']['disablereplyto'] = $pconfig['disablereplyto'];
@ -322,6 +324,15 @@ include("head.inc");
</div>
</td>
</tr>
<tr>
<td><a id="help_for_snat_use_sticky" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Sticky oubound NAT");?></td>
<td>
<input name="snat_use_sticky" type="checkbox" id="snat_use_sticky" <?=!empty($pconfig['snat_use_sticky']) ? "checked=\"checked\"" : "";?> />
<div class="hidden" for="help_for_snat_use_sticky">
<?=gettext("When using automatic outbound nat rules make addresses sticky when there are more configured on the same interface.");?>
</div>
</td>
</tr>
<?php endif; ?>
<tr>
<th colspan="2" valign="top" class="listtopic"><?=gettext("Bogon Networks");?></th>