From 687e71dc3db5d0df21416ec8471790b79aa4bbe5 Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Fri, 22 Dec 2017 20:59:53 +0100
Subject: [PATCH] firewall/nat, regression in forward.
 https://github.com/opnsense/core/issues/1326

---
 src/opnsense/mvc/app/library/OPNsense/Firewall/NatRule.php | 7 ++++---
 src/opnsense/mvc/app/library/OPNsense/Firewall/Plugin.php  | 2 +-
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/opnsense/mvc/app/library/OPNsense/Firewall/NatRule.php b/src/opnsense/mvc/app/library/OPNsense/Firewall/NatRule.php
index 947859e43..0b976eaaf 100644
--- a/src/opnsense/mvc/app/library/OPNsense/Firewall/NatRule.php
+++ b/src/opnsense/mvc/app/library/OPNsense/Firewall/NatRule.php
@@ -60,7 +60,7 @@ class NatRule extends Rule
             'interface' => 'parseInterface',
             'protocol' => 'parseReplaceSimple,tcp/udp:{tcp udp},proto ',
             'interface.from' => 'parseInterface, from ,:network',
-            'target.to' => 'parsePlainCurly,to ',
+            'localport' => 'parsePlainCurly,to ',
             'interface.to' => 'parseInterface, -> ',
             'staticnatport' => 'parseBool,  static-port , port 1024:65535 '
         )
@@ -168,11 +168,12 @@ class NatRule extends Rule
                     $tmp2['rule_types'][] = "rdr_nat";
                     $tmp2['staticnatport'] = !empty($tmp['staticnatport']);
                     $result[] = $tmp2;
+                } else {
+                    $result[] = $tmp;
                 }
 
-                $result[] = $tmp;
                 // When reflection is enabled our ruleset should cover all
-                if (!$tmp['disabled'] && in_array($this->rule['natreflection'], array("purenat", "enable"))) {
+                if (!$tmp['disabled'] && in_array($tmp['natreflection'], array("purenat", "enable"))) {
                     foreach ($this->reflectionInterfaces($interface) as $refl_interf) {
                         $tmp['interface'] = $refl_interf;
                         $result[] = $tmp;
diff --git a/src/opnsense/mvc/app/library/OPNsense/Firewall/Plugin.php b/src/opnsense/mvc/app/library/OPNsense/Firewall/Plugin.php
index f44c0696d..3353c87d4 100644
--- a/src/opnsense/mvc/app/library/OPNsense/Firewall/Plugin.php
+++ b/src/opnsense/mvc/app/library/OPNsense/Firewall/Plugin.php
@@ -56,7 +56,7 @@ class Plugin
         if (!empty(Config::getInstance()->object()->system->skip_rules_gw_down)) {
             $this->systemDefaults['skip_rules_gw_down'] = true;
         }
-        if (!empty(Config::getInstance()->object()->system->disablenatreflection)) {
+        if (empty(Config::getInstance()->object()->system->disablenatreflection)) {
             $this->systemDefaults['natreflection'] = "enable";
         }
         if (!empty(Config::getInstance()->object()->system->enablenatreflectionhelper)) {