From d0f745a70e71fc322be5e9e766387cb2135244ca Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Mon, 14 Apr 2025 17:09:39 +0200
Subject: [PATCH] Services: Captive Portal - fix display issue for pass rule
 when client not in zone

inverse rules unfortunately contain some mappings, which means we need to map them differently for legacy and mvc code.
---
 .../mvc/app/library/OPNsense/Firewall/FilterRule.php      | 4 ++--
 src/opnsense/scripts/filter/list_non_mvc_rules.php        | 8 ++++++++
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/opnsense/mvc/app/library/OPNsense/Firewall/FilterRule.php b/src/opnsense/mvc/app/library/OPNsense/Firewall/FilterRule.php
index 150895d67..3e6fdd2a5 100644
--- a/src/opnsense/mvc/app/library/OPNsense/Firewall/FilterRule.php
+++ b/src/opnsense/mvc/app/library/OPNsense/Firewall/FilterRule.php
@@ -352,7 +352,7 @@ class FilterRule extends Rule
     }
     public function isUIFromNot()
     {
-        return isset($this->rule['source']) && isset($this->rule['source']['not']);
+        return (isset($this->rule['source']) && isset($this->rule['source']['not'])) || !empty($this->rule['from_not']);
     }
     public function getUIFromPort()
     {
@@ -378,7 +378,7 @@ class FilterRule extends Rule
     }
     public function isUIToNot()
     {
-        return isset($this->rule['destination']) && isset($this->rule['destination']['not']);
+        return isset($this->rule['destination']) && isset($this->rule['destination']['not']) || !empty($this->rule['to_not']);
     }
     public function getUIToPort()
     {
diff --git a/src/opnsense/scripts/filter/list_non_mvc_rules.php b/src/opnsense/scripts/filter/list_non_mvc_rules.php
index 1e18b601c..c5b651a05 100755
--- a/src/opnsense/scripts/filter/list_non_mvc_rules.php
+++ b/src/opnsense/scripts/filter/list_non_mvc_rules.php
@@ -76,6 +76,14 @@ foreach ($fw->iterateFilterRules() as $prio => $item) {
         }
         $rule['action'] = $rule['action'] ?? 'pass';
         $rule['ipprotocol'] = $rule['ipprotocol'] ?? 'inet';
+        if (!empty($rule['from_not'])) {
+            unset($rule['from_not']);
+            $rule['source_not'] = true;
+        }
+        if (!empty($rule['to_not'])) {
+            unset($rule['destination_not']);
+            $rule['destination_not'] = true;
+        }
 
         /**
          * Evaluation order consists of a priority group and a sequence within the set,