From edcc29ab5cdc5c6e8ea9a656a13ffdfb1ec67db7 Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Mon, 1 Aug 2022 16:56:28 +0200
Subject: [PATCH] filter - cleanup some php8 warnings

---
 src/etc/inc/filter.inc                        |  4 ++--
 .../library/OPNsense/Firewall/DNatRule.php    |  4 ++--
 .../library/OPNsense/Firewall/FilterRule.php  |  8 ++++----
 .../library/OPNsense/Firewall/ForwardRule.php |  4 ++--
 .../app/library/OPNsense/Firewall/Plugin.php  | 19 ++++++++++---------
 .../app/library/OPNsense/Firewall/Rule.php    |  2 +-
 6 files changed, 21 insertions(+), 20 deletions(-)

diff --git a/src/etc/inc/filter.inc b/src/etc/inc/filter.inc
index 2647312e3..ece1055be 100644
--- a/src/etc/inc/filter.inc
+++ b/src/etc/inc/filter.inc
@@ -323,7 +323,7 @@ function filter_configure_sync($verbose = false, $load_aliases = true)
                 log_error(sprintf("Ignore down %s gateways : %s", $ipprotocol, implode(",", $down_gateways)));
             }
             $default_gw = $fw->getGateways()->getDefaultGW($down_gateways, $ipprotocol);
-            if ($default_gw !== null) {
+            if ($default_gw !== null && !empty($default_gw['gateway'])) {
                 system_default_route(
                     $default_gw['gateway'],
                     $ipprotocol,
@@ -422,7 +422,7 @@ function filter_configure_sync($verbose = false, $load_aliases = true)
         $limitrules .= "set limit frags {$config['system']['maximumfrags']}\n";
     }
 
-    if (isset($config['system']['lb_use_sticky']) && is_numeric($config['system']['srctrack']) && ($config['system']['srctrack'] > 0)) {
+    if (isset($config['system']['lb_use_sticky']) && is_numeric($config['system']['srctrack'] ?? null) && ($config['system']['srctrack'] > 0)) {
         $limitrules .= "set timeout src.track {$config['system']['srctrack']}\n";
     }
 
diff --git a/src/opnsense/mvc/app/library/OPNsense/Firewall/DNatRule.php b/src/opnsense/mvc/app/library/OPNsense/Firewall/DNatRule.php
index 6b6b5fea2..4af371556 100644
--- a/src/opnsense/mvc/app/library/OPNsense/Firewall/DNatRule.php
+++ b/src/opnsense/mvc/app/library/OPNsense/Firewall/DNatRule.php
@@ -114,7 +114,7 @@ class DNatRule extends Rule
             // yield reflection rdr rules when enabled
             $interface = $rule['interface'];
             $reflinterf = $this->reflectionInterfaces($interface);
-            if (!$rule['disabled'] && $rule['natreflection'] == "enable") {
+            if (empty($rule['disabled']) && ($rule['natreflection'] ?? "") == "enable") {
                 foreach ($reflinterf as $interf) {
                     $is_ipv4 = $this->isIpV4($rule);
                     if (
@@ -129,7 +129,7 @@ class DNatRule extends Rule
             }
 
             // yield reflection nat rules when enabled, but only for interfaces with networks configured
-            if (!$rule['disabled'] && !empty($rule['enablenatreflectionhelper'])) {
+            if (empty($rule['disabled']) && !empty($rule['enablenatreflectionhelper'])) {
                 $reflinterf[] = $interface;
                 foreach ($reflinterf as $interf) {
                     if (!empty($this->interfaceMapping[$interf])) {
diff --git a/src/opnsense/mvc/app/library/OPNsense/Firewall/FilterRule.php b/src/opnsense/mvc/app/library/OPNsense/Firewall/FilterRule.php
index 20c77e59e..6192b2475 100644
--- a/src/opnsense/mvc/app/library/OPNsense/Firewall/FilterRule.php
+++ b/src/opnsense/mvc/app/library/OPNsense/Firewall/FilterRule.php
@@ -130,7 +130,7 @@ class FilterRule extends Rule
                     $rule['reply'] = "reply-to {$if} ";
                 }
             }
-        } elseif (!isset($rule['disablereplyto']) && $rule['direction'] != 'any') {
+        } elseif (!isset($rule['disablereplyto']) && ($rule['direction'] ?? "") != 'any') {
             $proto = $rule['ipprotocol'];
             if (!empty($this->interfaceMapping[$rule['interface']]['if']) && empty($rule['gateway'])) {
                 $if = $this->interfaceMapping[$rule['interface']]['if'];
@@ -209,7 +209,7 @@ class FilterRule extends Rule
                 }
             }
             // restructure state settings for easier output parsing
-            if (!empty($rule['statetype']) && ($rule['type'] == 'pass' || empty($rule['type']))) {
+            if (!empty($rule['statetype']) && (empty($rule['type']) || $rule['type'] == 'pass')) {
                 $rule['state'] = array('type' => 'keep', 'options' => array());
                 switch ($rule['statetype']) {
                     case 'none':
@@ -232,7 +232,7 @@ class FilterRule extends Rule
                             $rule['state']['options'][] = $state_tag . " " . $rule[$state_tag];
                         }
                     }
-                    if (is_numeric($rule['adaptivestart']) && is_numeric($rule['adaptiveend'])) {
+                    if (!empty($rule['adaptivestart']) && is_numeric($rule['adaptivestart']) && is_numeric($rule['adaptiveend'])) {
                         $rule['state']['options'][] = "adaptive.start " . $rule['adaptivestart'] . ", adaptive.end " . $rule['adaptiveend'];
                     }
                     if (!empty($rule['statetimeout'])) {
@@ -246,7 +246,7 @@ class FilterRule extends Rule
                 }
             }
             // icmp-type switch (ipv4/ipv6)
-            if ($rule['protocol'] == "icmp" && !empty($rule['icmptype'])) {
+            if (!empty($rule['protocol']) && $rule['protocol'] == "icmp" && !empty($rule['icmptype'])) {
                 if ($rule['ipprotocol'] == 'inet') {
                     $rule['icmp-type'] = $rule['icmptype'];
                 } elseif ($rule['ipprotocol'] == 'inet6') {
diff --git a/src/opnsense/mvc/app/library/OPNsense/Firewall/ForwardRule.php b/src/opnsense/mvc/app/library/OPNsense/Firewall/ForwardRule.php
index 9a7731a6c..5249b5013 100644
--- a/src/opnsense/mvc/app/library/OPNsense/Firewall/ForwardRule.php
+++ b/src/opnsense/mvc/app/library/OPNsense/Firewall/ForwardRule.php
@@ -145,7 +145,7 @@ class ForwardRule extends Rule
 
             // When reflection is enabled our ruleset should cover all
             $interflist = array($tmp['interface']);
-            if (!$tmp['disabled'] && !$tmp['nordr'] && in_array($tmp['natreflection'], array("purenat", "enable"))) {
+            if (empty($tmp['disabled']) && !$tmp['nordr'] && in_array($tmp['natreflection'], array("purenat", "enable"))) {
                 $is_ipv4 = $this->isIpV4($tmp);
                 $reflinterf = $this->reflectionInterfaces($tmp['interface']);
                 foreach ($reflinterf as $interf) {
@@ -160,7 +160,7 @@ class ForwardRule extends Rule
             foreach ($interflist as $interf) {
                 $rule = $tmp;
                 // automatically generate nat rule when enablenatreflectionhelper is set
-                if (!$rule['disabled'] && empty($rule['nordr']) && !empty($rule['enablenatreflectionhelper'])) {
+                if (empty($rule['disabled']) && empty($rule['nordr']) && !empty($rule['enablenatreflectionhelper'])) {
                     if (
                         !empty($this->interfaceMapping[$rule['interface']]) && (
                         !empty($this->interfaceMapping[$rule['interface']]['ifconfig']['ipv4']) ||
diff --git a/src/opnsense/mvc/app/library/OPNsense/Firewall/Plugin.php b/src/opnsense/mvc/app/library/OPNsense/Firewall/Plugin.php
index 54e33c8da..934bc0113 100644
--- a/src/opnsense/mvc/app/library/OPNsense/Firewall/Plugin.php
+++ b/src/opnsense/mvc/app/library/OPNsense/Firewall/Plugin.php
@@ -102,17 +102,18 @@ class Plugin
     {
         $this->gateways = $gateways;
         foreach ($gateways->gatewaysIndexedByName(false, true) as $key => $gw) {
-            if (!empty($gw['gateway_interface']) || Util::isIpAddress($gw['gateway'])) {
-                if (Util::isIpAddress($gw['gateway'])) {
-                    $logic = "route-to ( {$gw['if']} {$gw['gateway']} )";
+            if (!empty($gw['gateway_interface']) || Util::isIpAddress($gw['gateway'] ?? null)) {
+                $this->gatewayMapping[$key] = [
+                    "interface" => $gw['if'],
+                    "proto" => $gw['ipprotocol'],
+                    "type" => "gateway"
+                ];
+                if (!empty($gw['gateway']) && Util::isIpAddress($gw['gateway'])) {
+                    $this->gatewayMapping[$key]['logic'] = "route-to ( {$gw['if']} {$gw['gateway']} )";
+                    $this->gatewayMapping[$key]['gateway'] = $gw['gateway'];
                 } else {
-                    $logic = "route-to {$gw['if']}";
+                    $this->gatewayMapping[$key]['logic'] = "route-to {$gw['if']}";
                 }
-                $this->gatewayMapping[$key] = array("logic" => $logic,
-                                                    "interface" => $gw['if'],
-                                                    "gateway" => $gw['gateway'],
-                                                    "proto" => $gw['ipprotocol'],
-                                                    "type" => "gateway");
             }
         }
     }
diff --git a/src/opnsense/mvc/app/library/OPNsense/Firewall/Rule.php b/src/opnsense/mvc/app/library/OPNsense/Firewall/Rule.php
index 08fe00766..26b706435 100644
--- a/src/opnsense/mvc/app/library/OPNsense/Firewall/Rule.php
+++ b/src/opnsense/mvc/app/library/OPNsense/Firewall/Rule.php
@@ -282,7 +282,7 @@ abstract class Rule
                     $rule[$target] = "!" . $rule[$target];
                 }
                 if (isset($rule['protocol']) && in_array(strtolower($rule['protocol']), array("tcp","udp","tcp/udp"))) {
-                    $port = str_replace('-', ':', $rule[$tag]['port']);
+                    $port =!empty($rule[$tag]['port']) ? str_replace('-', ':', $rule[$tag]['port']) : null;
                     if (strpos($port, ':any') !== false xor strpos($port, 'any:') !== false) {
                         // convert 'any' to upper or lower bound when provided in range. e.g. 80:any --> 80:65535
                         $port = str_replace('any', strpos($port, ':any') !== false ? '65535' : '1', $port);