From 8a0ac7ca25f904346251ebcdcce9af33cfd6153c Mon Sep 17 00:00:00 2001 From: Ad Schellevis Date: Tue, 26 Dec 2017 18:45:24 +0100 Subject: [PATCH] Firewall/rule parsing, ok, someone thought it was a good idea to use the "network" field in outbound rules as the "address" field in all the other rule types.... not a big fan of duplicating code, but for now it's bett er to keep the address conversion in one spot (which some duplicate code). All still for https://github.com/opnsense/core/issues/1326 --- .../mvc/app/library/OPNsense/Firewall/Rule.php | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/src/opnsense/mvc/app/library/OPNsense/Firewall/Rule.php b/src/opnsense/mvc/app/library/OPNsense/Firewall/Rule.php index 9e1a8f727..6f82dd767 100644 --- a/src/opnsense/mvc/app/library/OPNsense/Firewall/Rule.php +++ b/src/opnsense/mvc/app/library/OPNsense/Firewall/Rule.php @@ -227,10 +227,14 @@ abstract class Rule if (!empty($interfaces[$matches[1]]['if'])) { $rule[$target] = "({$interfaces["{$matches[1]}"]['if']})"; } - } else { - if (!empty($interfaces[$network_name]['if'])) { - $rule[$target] = "({$interfaces[$network_name]['if']}:network)"; - } + } elseif (!empty($interfaces[$network_name]['if'])) { + $rule[$target] = "({$interfaces[$network_name]['if']}:network)"; + } elseif (Util::isIpAddress($rule[$tag]['network']) || Util::isSubnet($rule[$tag]['network'])) { + $rule[$target] = $rule[$tag]['network']; + } elseif (Util::isAlias($rule[$tag]['network'])) { + $rule[$target] = '$'.$rule[$tag]['network']; + } elseif ($rule[$tag]['network'] == 'any') { + $rule[$target] = $rule[$tag]['network']; } } elseif (!empty($rule[$tag]['address'])) { if (Util::isIpAddress($rule[$tag]['address']) || Util::isSubnet($rule[$tag]['address']) ||