4. Disable reply-to setting should also disable built-in route-to

Disable reply-to setting should also disable built-in route-to

  • A

    For installations that do not use multi-wan load balancing the auto-generated reply-to and route-to options that are applied to the rule base are really not needed.  Why put them in?  They can just cause problems with installations that require static routes or a routing protocol to adjust traffic flow. This is especially true for installations that do not use NAT and still want firewalling but need to switch routes between interfaces.

    For multi-wan failover (not load balance)  I would want the states to stay alive and get routed through the new WAN (even connections from the firewall which are currently forced with a route-to even with disable reply-to option set).  The connections flowing through would still be valid for the new WAN.  Forcing connections to a specific WAN and ignoring routing just seems like it would be the exception for most setups to me.

    The same goes for gateway state killing.

    Could we have another setting for disable route-to?  Or maybe combine them into a settings that basically means always use the routing table?

    0
Locked
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy