diff --git a/src/etc/inc/filter.inc b/src/etc/inc/filter.inc
index 595020b34..6df82143b 100644
--- a/src/etc/inc/filter.inc
+++ b/src/etc/inc/filter.inc
@@ -266,12 +266,14 @@ function filter_configure_sync($verbose = false)
}
}
foreach ($fw->getInterfaceMapping() as $intf => $ifcfg) {
+ $pool_opts = !empty($config['system']['snat_use_sticky']) ? "sticky-address" : "";
if (substr($ifcfg['if'], 0, 4) != 'ovpn' && !empty($ifcfg['gateway'])) {
foreach (array(500, null) as $dstport) {
$rule = array(
"interface" => $intf,
"dstport" => $dstport,
"staticnatport" => !empty($dstport),
+ "poolopts" => $pool_opts,
"destination" => array("any" => true),
"ipprotocol" => 'inet',
"descr" => "Automatic outbound rule"
diff --git a/src/www/system_advanced_firewall.php b/src/www/system_advanced_firewall.php
index d2a28888a..2b3455d69 100644
--- a/src/www/system_advanced_firewall.php
+++ b/src/www/system_advanced_firewall.php
@@ -70,6 +70,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
}
$pconfig['enablebinatreflection'] = !empty($config['system']['enablebinatreflection']);
$pconfig['enablenatreflectionhelper'] = isset($config['system']['enablenatreflectionhelper']) ? $config['system']['enablenatreflectionhelper'] : null;
+ $pconfig['snat_use_sticky'] = !empty($config['system']['snat_use_sticky']);
$pconfig['bypassstaticroutes'] = isset($config['filter']['bypassstaticroutes']);
} elseif ($_SERVER['REQUEST_METHOD'] === 'POST') {
$pconfig = $_POST;
@@ -170,6 +171,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
} elseif (isset($config['system']['enablebinatreflection'])) {
unset($config['system']['enablebinatreflection']);
}
+ $config['system']['snat_use_sticky'] = !empty($pconfig['snat_use_sticky']);
if (!empty($pconfig['disablereplyto'])) {
$config['system']['disablereplyto'] = $pconfig['disablereplyto'];
@@ -322,6 +324,15 @@ include("head.inc");
+
+ | |
+
+ />
+
+
+
+ |
+
|