diff --git a/src/etc/inc/filter.inc b/src/etc/inc/filter.inc
index 8134b2270..7c8ab5552 100644
--- a/src/etc/inc/filter.inc
+++ b/src/etc/inc/filter.inc
@@ -550,7 +550,8 @@ function filter_generate_scrubing(&$FilterIflist)
if (!empty($config['filter']['scrub']['rule'])) {
foreach ($config['filter']['scrub']['rule'] as $scrub_rule) {
if (!isset($scrub_rule['disabled'])) {
- $scrub_rule_out = "scrub";
+ $scrub_rule_out = !empty($scrub_rule['noscrub']) ? "no " : "";
+ $scrub_rule_out .= "scrub";
$scrub_rule_out .= !empty($scrub_rule['direction']) ? " " . $scrub_rule['direction'] : "";
$scrub_rule_out .= " on ";
$interfaces = array();
@@ -600,11 +601,13 @@ function filter_generate_scrubing(&$FilterIflist)
} else {
$scrub_rule_out .= !empty($scrub_rule['dstport']) ? " port " . $scrub_rule['dstport'] : "";
}
- $scrub_rule_out .= !empty($scrub_rule['no-df']) ? " no-df " : "";
- $scrub_rule_out .= !empty($scrub_rule['random-id']) ? " random-id " : "";
- $scrub_rule_out .= !empty($scrub_rule['max-mss']) ? " max-mss " . $scrub_rule['max-mss'] . " " : "";
- $scrub_rule_out .= !empty($scrub_rule['min-ttl']) ? " min-ttl " . $scrub_rule['min-ttl'] . " " : "";
- $scrub_rule_out .= !empty($scrub_rule['set-tos']) ? " set-tos " . $scrub_rule['set-tos'] . " " : "";
+ if (empty($scrub_rule['noscrub'])) {
+ $scrub_rule_out .= !empty($scrub_rule['no-df']) ? " no-df " : "";
+ $scrub_rule_out .= !empty($scrub_rule['random-id']) ? " random-id " : "";
+ $scrub_rule_out .= !empty($scrub_rule['max-mss']) ? " max-mss " . $scrub_rule['max-mss'] . " " : "";
+ $scrub_rule_out .= !empty($scrub_rule['min-ttl']) ? " min-ttl " . $scrub_rule['min-ttl'] . " " : "";
+ $scrub_rule_out .= !empty($scrub_rule['set-tos']) ? " set-tos " . $scrub_rule['set-tos'] . " " : "";
+ }
$scrub_rule_out .= "\n";
if (count($interfaces) == 0) {
# unknown interface, skip rule
diff --git a/src/www/firewall_scrub_edit.php b/src/www/firewall_scrub_edit.php
index 889da54ba..b1d828eba 100644
--- a/src/www/firewall_scrub_edit.php
+++ b/src/www/firewall_scrub_edit.php
@@ -79,7 +79,7 @@ $a_scrub = &config_read_array('filter', 'scrub', 'rule');
// define form fields
$config_fields = array('interface', 'proto', 'srcnot', 'src', 'srcmask', 'dstnot', 'dst', 'dstmask', 'dstport',
'no-df', 'random-id', 'max-mss', 'min-ttl', 'set-tos', 'descr', 'disabled', 'direction',
- 'srcport');
+ 'srcport', 'noscrub');
if ($_SERVER['REQUEST_METHOD'] === 'GET') {
// input record id, if valid
@@ -169,7 +169,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
}
}
}
-
+ $scrubent['noscrub'] = !empty($pconfig['noscrub']);
$scrubent['updated'] = make_config_revision_entry();
// update or insert item
@@ -270,6 +270,19 @@ include("head.inc");
$("#show_srcport_adv").parent().hide();
});
+ $("#noscrub").change(function(){
+ if ($("#noscrub").prop('checked')) {
+ $(".act_noscrub").addClass("hidden");
+ $(".act_noscrub :input").prop( "disabled", true );
+ } else {
+ $(".act_noscrub").removeClass("hidden");
+ $(".act_noscrub :input").prop( "disabled", false );
+ }
+ $(".act_noscrub .selectpicker").selectpicker('refresh');
+ });
+ $("#noscrub").change();
+
+
// IPv4/IPv6 select
hook_ipv4v6('ipv4v6net', 'network-id');
});
@@ -575,6 +588,15 @@ include("head.inc");
|
+ | |
+
+ />
+
+
+
+ |
+
+
| |
@@ -583,7 +605,7 @@ include("head.inc");
|
-
+
| |
|
-
+
| |
@@ -606,7 +628,7 @@ include("head.inc");
|
-
+
| |
/>
@@ -615,7 +637,7 @@ include("head.inc");
|
-
+
| |
/>
|