diff options
| author | Renato Botelho <garga@FreeBSD.org> | 2013-01-05 12:08:39 -0200 |
|---|---|---|
| committer | Renato Botelho <garga@FreeBSD.org> | 2013-01-05 12:13:55 -0200 |
| commit | e99ba2d66e915904626fd90ecc87711169189bdc (patch) | |
| tree | f8f5365492cf5d47df27236887b7365e186a080d | |
| parent | aca65de524027e9aedfa38f83665907b41abce58 (diff) | |
| download | pfsense-e99ba2d66e915904626fd90ecc87711169189bdc.zip pfsense-e99ba2d66e915904626fd90ecc87711169189bdc.tar.gz | |
Fix outbound NAT rules when interface is deleted:
- When delete interface, do not touch outbound NAT rules
- Skip outbound NAT rules when interface doesn't exist
- Bump latest_config to 9.2
- Since rules with no interface were considered as wan, convert old
rules adding interface 'wan' to avoid breaking old configs
It should fix #2338
| -rw-r--r-- | etc/inc/filter.inc | 12 | ||||
| -rw-r--r-- | etc/inc/globals.inc | 2 | ||||
| -rw-r--r-- | etc/inc/upgrade_config.inc | 13 | ||||
| -rwxr-xr-x | usr/local/www/firewall_nat_out.php | 15 | ||||
| -rwxr-xr-x | usr/local/www/interfaces_assign.php | 6 |
5 files changed, 27 insertions, 21 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 38765df..aa89b1a 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1439,18 +1439,14 @@ function filter_nat_rules_generate() { $dst = $obent['destination']['address']; if(isset($obent['destination']['not']) && !isset($obent['destination']['any'])) $dst = "!" . $dst; - if(!$obent['interface']) - $natif = "wan"; - else - $natif = $obent['interface']; + + if(!$obent['interface'] || !isset($FilterIflist[$obent['interface']])) + continue; $obtarget = ($obent['target'] == "other-subnet") ? $obent['targetip'] . '/' . $obent['targetip_subnet']: $obent['target']; $poolopts = (is_subnet($obtarget) || is_alias($obtarget)) ? $obent['poolopts'] : ""; - if (!isset($FilterIflist[$natif])) - continue; - - $natrules .= filter_nat_rules_generate_if($natif, + $natrules .= filter_nat_rules_generate_if($obent['interface'], $src, $obent['sourceport'], $dst, diff --git a/etc/inc/globals.inc b/etc/inc/globals.inc index ac085fc..af93de5 100644 --- a/etc/inc/globals.inc +++ b/etc/inc/globals.inc @@ -77,7 +77,7 @@ $g = array( "disablecrashreporter" => false, "crashreporterurl" => "http://crashreporter.pfsense.org/crash_reporter.php", "debug" => false, - "latest_config" => "9.1", + "latest_config" => "9.2", "nopkg_platforms" => array("cdrom"), "minimum_ram_warning" => "101", "minimum_ram_warning_text" => "128 MB", diff --git a/etc/inc/upgrade_config.inc b/etc/inc/upgrade_config.inc index 4ddb7f1..216ce2c 100644 --- a/etc/inc/upgrade_config.inc +++ b/etc/inc/upgrade_config.inc @@ -2965,4 +2965,17 @@ function upgrade_090_to_091() { } } } + +function upgrade_091_to_092() { + global $config; + + if (is_array($config['nat']['advancedoutbound']) && is_array($config['nat']['advancedoutbound']['rule'])) { + $nat_rules = &$config['nat']['advancedoutbound']['rule']; + for ($i = 0; isset($nat_rules[$i]); $i++) { + if (empty($nat_rules[$i]['interface'])) { + $nat_rules[$i]['interface'] = 'wan'; + } + } + } +} ?> diff --git a/usr/local/www/firewall_nat_out.php b/usr/local/www/firewall_nat_out.php index 7485965..3c3fc54 100755 --- a/usr/local/www/firewall_nat_out.php +++ b/usr/local/www/firewall_nat_out.php @@ -368,16 +368,19 @@ include("head.inc"); </td> </tr> <?php $nnats = $i = 0; foreach ($a_out as $natent): ?> + <?php + global $FilterIflist; + if(empty($FilterIflist)) { + filter_generate_optcfg_array(); + } + if (!$natent['interface'] || !isset($FilterIflist[$natent['interface']])) + continue; + ?> <tr valign="top" id="fr<?=$nnats;?>"> <td class="listt"><input type="checkbox" id="frc<?=$nnats;?>" name="rule[]" value="<?=$i;?>" onClick="fr_bgcolor('<?=$nnats;?>')" style="margin: 0; padding: 0; width: 15px; height: 15px;"></td> <td class="listt" align="center"></td> <td class="listlr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_out_edit.php?id=<?=$nnats;?>';"> - <?php - if (!$natent['interface']) - echo htmlspecialchars(convert_friendly_interface_to_friendly_descr("wan")); - else - echo htmlspecialchars(convert_friendly_interface_to_friendly_descr($natent['interface'])); - ?> + <?php echo htmlspecialchars(convert_friendly_interface_to_friendly_descr($natent['interface'])); ?> </td> <td class="listr" onClick="fr_toggle(<?=$nnats;?>)" id="frd<?=$nnats;?>" ondblclick="document.location='firewall_nat_out_edit.php?id=<?=$nnats;?>';"> diff --git a/usr/local/www/interfaces_assign.php b/usr/local/www/interfaces_assign.php index 565dca7..88b7bae 100755 --- a/usr/local/www/interfaces_assign.php +++ b/usr/local/www/interfaces_assign.php @@ -284,12 +284,6 @@ if ($_GET['act'] == "del") { unset($config['filter']['rule'][$x]); } } - if (is_array($config['nat']['advancedoutbound']) && count($config['nat']['advancedoutbound']['rule']) > 0) { - foreach ($config['nat']['advancedoutbound']['rule'] as $x => $rule) { - if($rule['interface'] == $id) - unset($config['nat']['advancedoutbound']['rule'][$x]['interface']); - } - } if (is_array($config['nat']['rule']) && count($config['nat']['rule']) > 0) { foreach ($config['nat']['rule'] as $x => $rule) { if($rule['interface'] == $id) |
