Hi Tapani Tarvainen, So the code will be overwritten on reboot - right? If so one simple script that copy the file before rebooting and one script that overwrite original file after boot. Is this sound any sense?
On Fri, Dec 18, 2009 at 11:13 AM, Tapani Tarvainen <pfse...@tapanitarvainen.fi> wrote: > On Fri, Dec 18, 2009 at 10:53:40AM +0200, Peter Todorov (pmi...@gmail.com) > wrote >> Hi Chris, >> Can he just edit the conf file on hand and bypass webgui? > > Not quite that easy. I took a look at the code, and pfSense doesn't > keep the raw pf conf file, but rebuilds it out of its own xml config > at every reload, and the code that does that (filter.inc) has "any" > hardwired as source address. > > I took a stab at hacking filter.inc and modified it so that if > there's <source-address> modifier in the nat rule, it uses it > as source in the rdr entry. I tested it with backup/restore: > backed config up, added <source-address> entry, restored, > and it seems to work. Somewhat surprisingly the rule even > survived adding another NAT rule from the GUI. > > This is not exactly convenient, however, and I haven't > taken a look at the GUI code to see how hard it'd be > to make necessary changes there. > > -- > Tapani Tarvainen > > --------------------------------------------------------------------- > To unsubscribe, e-mail: support-unsubscr...@pfsense.com > For additional commands, e-mail: support-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org > > -- честността не е порок --------------------------------------------------------------------- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org