From 12d174e79d0acd8028c52fdfee2155f4c2385bdb Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Wed, 27 Dec 2017 18:24:17 +0100
Subject: [PATCH] firewall/rule engine, keep some behaviour from legacy code as
 long as we're not sure wrong data can enter the config. for
 https://github.com/opnsense/core/issues/1326

---
 .../mvc/app/library/OPNsense/Firewall/SNatRule.php     | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/opnsense/mvc/app/library/OPNsense/Firewall/SNatRule.php b/src/opnsense/mvc/app/library/OPNsense/Firewall/SNatRule.php
index 1385ec088..92995ba02 100644
--- a/src/opnsense/mvc/app/library/OPNsense/Firewall/SNatRule.php
+++ b/src/opnsense/mvc/app/library/OPNsense/Firewall/SNatRule.php
@@ -63,7 +63,13 @@ class SNatRule extends Rule
     private function parseNatRules()
     {
         foreach ($this->reader() as $rule) {
-            if (empty($rule['target'])) {
+            if (!empty($rule['nonat'])) {
+                // Just a precaution, when no nat is selected make sure we're not going to enter a target.
+                // (keep behaviour from legacy code as long as we don't know for sure the fields are always empty)
+                $rule['target'] = null;
+                $rule['poolopts'] = null;
+                $rule['staticnatport'] = null;
+            } elseif (empty($rule['target'])) {
                 $interf = $rule['interface'];
                 if (!empty($this->interfaceMapping[$interf])) {
                     if (($this->isIpV4($rule) && !empty($this->interfaceMapping[$interf]['ifconfig']['ipv4'])) ||
@@ -84,7 +90,7 @@ class SNatRule extends Rule
                     $rule[$fieldname] = "$".$rule[$fieldname];
                 }
             }
-            if (!empty($rule['staticnatport'])) {
+            if (!empty($rule['staticnatport']) || !empty($rule['nonat'])) {
                 $rule['natport'] = '';
             } elseif (empty($rule['natport'])) {
                 $rule['natport'] = "1024:65535";