lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-16 17:44:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

firewall: always push interface resolve into the kernel #2625

Browse Source
This commit is contained in:
Franco Fichtner 2018-08-16 08:22:16 +02:00
parent 8222fe7700
commit 075c0a92aa
1 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/opnsense/mvc/app/library/OPNsense/Firewall/SNatRule.php
View File

@ -73,16 +73,16 @@ class SNatRule extends Rule
$interf = $rule['interface'];
if (!empty($this->interfaceMapping[$interf])) {
$interf_settings = $this->interfaceMapping[$interf];
if ((($this->isIpV4($rule) && !empty($interf_settings['ifconfig']['ipv4'])) ||
if (((($this->isIpV4($rule) && !empty($interf_settings['ifconfig']['ipv4'])) ||
(!$this->isIpV4($rule) && !empty($interf_settings['ifconfig']['ipv6'])))
&& (!empty($rule['poolopts']) || $rule['poolopts'] != 'round-robin')
&& (!empty($rule['poolopts']) || $rule['poolopts'] != 'round-robin')) ||
!empty($interf_settings['if']) /* XXX needed? */
) {
// When pool options are set, we may not specify our interface as a list
// (which doesn't require the same network validations as single items do).
$rule['target'] = "{$interf_settings['if']}:0";
} elseif (!empty($interf_settings['if'])) {
// Define target as list, to prevent "no IP address found for *Interface*" when pf can't
// find an address on the interface for the same protocol family.
/*
* ":0" does not work for IPv6, but NAT is not relevant there anyway.
* The reason for this is that it selects the first address which is
* the link local address so the real global address is not found.
*/
$rule['target'] = "({$interf_settings['if']}:0)";
}
}