From 6227bb9220794571b982080fb3de37128cfae718 Mon Sep 17 00:00:00 2001
From: Franco Fichtner <franco@opnsense.org>
Date: Mon, 16 Jul 2018 19:01:39 +0200
Subject: [PATCH] firewall: actually use wan_stf, we need a hint from NtpRule
 #2546

---
 src/opnsense/mvc/app/library/OPNsense/Firewall/NptRule.php | 2 +-
 src/opnsense/mvc/app/library/OPNsense/Firewall/Rule.php    | 7 +++++--
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/opnsense/mvc/app/library/OPNsense/Firewall/NptRule.php b/src/opnsense/mvc/app/library/OPNsense/Firewall/NptRule.php
index 99b6f57c2..201f94403 100644
--- a/src/opnsense/mvc/app/library/OPNsense/Firewall/NptRule.php
+++ b/src/opnsense/mvc/app/library/OPNsense/Firewall/NptRule.php
@@ -77,7 +77,7 @@ class NptRule extends Rule
      */
     private function parseNptRules()
     {
-        foreach ($this->reader() as $rule) {
+        foreach ($this->reader('npt') as $rule) {
             $rule['rule_type'] = "binat_1";
             yield $rule;
             $rule['rule_type'] = "binat_2";
diff --git a/src/opnsense/mvc/app/library/OPNsense/Firewall/Rule.php b/src/opnsense/mvc/app/library/OPNsense/Firewall/Rule.php
index 895e04be6..15ebf4c24 100644
--- a/src/opnsense/mvc/app/library/OPNsense/Firewall/Rule.php
+++ b/src/opnsense/mvc/app/library/OPNsense/Firewall/Rule.php
@@ -152,9 +152,10 @@ abstract class Rule
 
     /**
      * rule reader, applies standard rule patterns
+     * @param string type of rule to be read
      * @return iterator rules to generate
      */
-    protected function reader()
+    protected function reader($type = null)
     {
         $interfaces = empty($this->rule['interface']) ? array(null) : explode(',', $this->rule['interface']);
         foreach ($interfaces as $interface) {
@@ -162,13 +163,15 @@ abstract class Rule
                 $ipprotos = array('inet', 'inet6');
             } elseif (isset($this->rule['ipprotocol'])) {
                 $ipprotos = array($this->rule['ipprotocol']);
+            } elseif (!empty($type) && $type = 'npt') {
+                $ipprotos = array('inet6');
             } else {
                 $ipprotos = array(null);
             }
 
             foreach ($ipprotos as $ipproto) {
                 $rule = $this->rule;
-                if ($rule['ipprotocol'] == 'inet6' && !empty($this->interfaceMapping[$interface]['IPv6_override'])) {
+                if ($ipproto == 'inet6' && !empty($this->interfaceMapping[$interface]['IPv6_override'])) {
                     $rule['interface'] = $this->interfaceMapping[$interface]['IPv6_override'];
                 } else {
                     $rule['interface'] = $interface;