lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-14 16:44:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Filter, "no translation address with matching address family found" fix for https://github.com/opnsense/core/issues/2841

Browse Source 
This might have side affects, stupid thing is that in some situations :network doesn't appear to yield this error (e.g. openvpn:network), although I'm also not 100% it does work when not raising any errors.
Now we validate if there's a matching address for the ip protocol requested, otherwise it will disable the rule (and log in the /tmp/rules.debug file about it)
This commit is contained in:
Ad Schellevis 2019-04-14 15:12:50 +02:00
parent bfca97e2e0
commit 971df3c4bf
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/opnsense/mvc/app/library/OPNsense/Firewall/Rule.php
View File

@ -254,6 +254,17 @@ abstract class Rule
$rule[$target] = "({$interfaces["{$matches[1]}"]['if']})";
}
} elseif (!empty($interfaces[$network_name]['if'])) {
if ($rule['ipprotocol'] == "inet") {
$network_found = !empty($interfaces[$network_name]['ifconfig']['ipv4']);
} else {
$network_found = !empty($interfaces[$network_name]['ifconfig']['ipv6']);
}
if (!$network_found) {
$rule['disabled'] = true;
$this->log(
"network address type {$rule['ipprotocol']} not found on interface {$network_name}"
);
}
$rule[$target] = "({$interfaces[$network_name]['if']}:network)";
} elseif (Util::isIpAddress($rule[$tag]['network']) || Util::isSubnet($rule[$tag]['network'])) {
$rule[$target] = $rule[$tag]['network'];