lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-16 17:44:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

Firwall/Nat, when using "Reflection for port forwards" we should only add nat rules for interfaces with configured addresses.

Browse Source 
Although this looks a bit duplicate at first, when the nat interface itself (e.g. openvpn) is missing a network, we should add a rdr, but skip the nat rule.

closes https://github.com/opnsense/core/issues/3023
This commit is contained in:
Ad Schellevis 2018-12-09 19:52:23 +01:00
parent 6b848aba4a
commit d8f23d5210
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/opnsense/mvc/app/library/OPNsense/Firewall/ForwardRule.php
View File

@ -156,8 +156,13 @@ class ForwardRule extends Rule
$rule = $tmp;
// automatically generate nat rule when enablenatreflectionhelper is set
if (!$rule['disabled'] && empty($rule['nordr']) && !empty($rule['enablenatreflectionhelper'])) {
$rule['rule_types'][] = "rdr_nat";
$rule['staticnatport'] = !empty($rule['staticnatport']);
if (!empty($this->interfaceMapping[$rule['interface']]) && (
!empty($this->interfaceMapping[$rule['interface']]['ifconfig']['ipv4']) ||
!empty($this->interfaceMapping[$rule['interface']]['ifconfig']['ipv6'])
)) {
$rule['rule_types'][] = "rdr_nat";
$rule['staticnatport'] = !empty($rule['staticnatport']);
}
}
$rule['interface'] = $interf;
yield $rule;