diff options
author | Ermal <eri@pfsense.org> | 2012-10-05 18:07:47 +0000 |
---|---|---|
committer | Ermal <eri@pfsense.org> | 2012-10-05 18:07:47 +0000 |
commit | 67bcb76529d80e3502ce24ddb06e7e7a04884996 (patch) | |
tree | caa7d70d59c147565aed5c1248a242e8d2e5c1e7 | |
parent | 261e72f0580b7ba29ccc58a4236f62e8a0387187 (diff) | |
download | pfsense-67bcb76529d80e3502ce24ddb06e7e7a04884996.zip pfsense-67bcb76529d80e3502ce24ddb06e7e7a04884996.tar.gz |
Be more strict on validation during filter reload
-rw-r--r-- | etc/inc/filter.inc | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 3ffd347..ca3702c 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1446,10 +1446,10 @@ function filter_nat_rules_generate() { else $nataction = "binat"; $local_subnet = ipsec_idinfo_to_cidr($ph2ent['localid']); - if ($local_subnet == "0.0.0.0/0") + if (empty($local_subnet) || !is_subnet($local_subnet) || $local_subnet == "0.0.0.0/0") continue; $natlocal_subnet = ipsec_idinfo_to_cidr($ph2ent['natlocalid']); - if (empty($natlocal_subnet) || ($natlocal_subnet == "0.0.0.0/0")) + if (empty($natlocal_subnet) || !is_subnet($natlocal_subnet) || $natlocal_subnet == "0.0.0.0/0") continue; $natrules .= "{$nataction} on enc0 from {$local_subnet} to any -> {$natlocal_subnet}\n"; } |