Last message in my monologue now, for it is resolved!
I was half-way through hacking in some rudimentary support to add a
reply-to setting to individual firewall rules when I stumbled upon this
in /etc/inc/filter.inc - turns out somebody already solved this problem
before me!
if($rule['gateway'] == "" && $aline['direction'] <> "" &&
interface_has_gateway($rule['interface']) &&
!isset($config['system']['disablereplyto'])) {
$rg = get_interface_gateway($rule['interface']);
if(is_ipaddr($rg)) {
$aline['reply'] = "reply-to ( {$ifcfg['if']}
{$rg} ) ";
} else {
if($rule['interface'] <> "pptp") {
log_error("Could not find gateway for
interface({$rule['interface']}).");
}
}
}
After printlining the code I was able to determine that it wasn't adding
the reply-to clause because interface_has_gateway($rule['interface'])
was false. Turns out I had neglected to set the "Gateway" on the network
interfaces themselves, in the interface settings! So, finally, I was
able to get a point-and-click solution and I don't have to patch
anything. Yay!
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
Commercial support available - https://portal.pfsense.org
