diff options
author | Phil Davis <phil.davis@world.inf.org> | 2013-02-04 10:00:59 +0545 |
---|---|---|
committer | Phil Davis <phil.davis@world.inf.org> | 2013-02-04 10:00:59 +0545 |
commit | 2cd249edf03e1bcf68ac136e6bd4fa498d1805ff (patch) | |
tree | 6063b216899d256b11bae7dcf2cd4e5b58fc1b78 | |
parent | 990fa101b6a2ce09e813a8d58f0f43178e54fc45 (diff) | |
download | pfsense-2cd249edf03e1bcf68ac136e6bd4fa498d1805ff.zip pfsense-2cd249edf03e1bcf68ac136e6bd4fa498d1805ff.tar.gz |
Make not LAN address etc rules work
I cannot understand how this worked anywhere in the recent past. The code fragment:
if(isset($rule[$target]['not']))
$src = " !{$src}";$src = " !{$src}";
Appeared in multiple if/else clauses but was missing in 2 places, which I have added.
Actually, it is now duplicated in every part of the filter_generate_address if/else structure, and so it could be applied once at the end of the routine.
I have taken the minimal risk approach here, since I am not in a position to test every if/else case properly. But I can easily create a version that removes the code duplication, and someone else can test it well before committing (this is a fundamental bit of rule code that everyone uses, so I don't want to accidenatally break it worse for some poor sod.)
-rw-r--r-- | etc/inc/filter.inc | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 39f3ea7..6bd9401 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1953,6 +1953,8 @@ function filter_generate_address(& $rule, $target = "source", $isnat = false) { $src = "{$pppoesav6}/{$pppoesnv6}"; } } + if(isset($rule[$target]['not'])) + $src = " !{$src}"; } else { switch ($rule[$target]['network']) { case 'wan': @@ -1989,6 +1991,8 @@ function filter_generate_address(& $rule, $target = "source", $isnat = false) { } break; } + if(isset($rule[$target]['not'])) + $src = " !{$src}"; } } } else if($rule[$target]['address']) { |