lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-13 16:14:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

Firewall/SourceNat, don't store interace address, but a reference. closes https://github.com/opnsense/core/issues/3712

Browse Source
This commit is contained in:
Ad Schellevis 2019-10-07 21:34:48 +02:00
parent 371447e6f1
commit da4a241cfd
3 changed files with 12 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/opnsense/mvc/app/library/OPNsense/Firewall/SNatRule.php
View File

@ -91,6 +91,12 @@ class SNatRule extends Rule
$this->log('SNAT / pool type not round-robin');
$rule['disabled'] = true;
}
} elseif (preg_match("/^(wan|lan|opt[0-9]+)ip$/", $rule['target'], $matches)) {
$rule['target'] = "({$this->interfaceMapping["{$matches[1]}"]['if']}:0)";
if (empty($this->interfaceMapping["{$matches[1]}"])) {
$this->log("SNAT / target missing");
$rule['disabled'] = true;
}
}
foreach (array("sourceport", "dstport", "natport") as $fieldname) {
if (!empty($rule[$fieldname]) && Util::isAlias($rule[$fieldname])) {

2
src/www/firewall_nat_out.php
View File

@ -455,6 +455,8 @@ include("head.inc");
$nat_address = '<I>NO NAT</I>';
} elseif (empty($natent['target'])) {
$nat_address = gettext("Interface address");
} elseif (is_specialnet($natent['target'])) {
$nat_address = htmlspecialchars(get_specialnets()[$natent['target']]);
} elseif ($natent['target'] == "other-subnet") {
$nat_address = $natent['targetip'] . '/' . $natent['targetip_subnet'];
} else {

9
src/www/firewall_nat_out_edit.php
View File

@ -39,10 +39,8 @@ function formTranslateAddresses() {
$retval = array();
// add this hosts ips
foreach ($config['interfaces'] as $intf => $intfdata) {
if (isset($intfdata['ipaddr']) && is_ipaddr($intfdata['ipaddr'])) {
$retval[$intfdata['ipaddr']] = (!empty($intfdata['descr']) ? $intfdata['descr'] : $intf ) . " " . gettext("address");
}
foreach (legacy_config_get_interfaces(array('virtual' => false, "enable" => true)) as $intf => $intfdata) {
$retval[$intf."ip"] = (!empty($intfdata['descr']) ? $intfdata['descr'] : $intf ) . " " . gettext("address");
}
// add VIPs's
@ -188,7 +186,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$input_errors[] = gettext("Negating destination address of \"any\" is invalid.");
}
if (!empty($pconfig['targetip']) && !is_ipaddr($pconfig['targetip']) && !is_subnet($pconfig['targetip']) && !is_alias($pconfig['targetip']) && empty($pconfig['nonat'])) {
if (!empty($pconfig['targetip']) && !is_ipaddr($pconfig['targetip']) && !is_subnet($pconfig['targetip'])
&& !is_specialnet($pconfig['targetip']) && !is_alias($pconfig['targetip']) && empty($pconfig['nonat'])) {
$input_errors[] = gettext("A valid target IP address must be specified.");
}
/* Verify Pool Options */