diff options
author | Chris Buechler <cmb@pfsense.org> | 2015-10-20 12:56:07 -0500 |
---|---|---|
committer | Chris Buechler <cmb@pfsense.org> | 2015-10-20 12:56:07 -0500 |
commit | 4f1bf9029c9b30ff648f5a6df29f95c872e5b5e4 (patch) | |
tree | 094a4d82f4e273a627c430ea1523f1caa59f390b | |
parent | ca35be37bf73efc5fd98a473bdc3a8b4fc6b90ca (diff) | |
download | pfsense-4f1bf9029c9b30ff648f5a6df29f95c872e5b5e4.zip pfsense-4f1bf9029c9b30ff648f5a6df29f95c872e5b5e4.tar.gz |
Check whether the P2 or its associated P1 are disabled before adding NAT
rules. Ticket #5320
-rw-r--r-- | etc/inc/filter.inc | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 402f064..586c9e7 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1791,9 +1791,16 @@ function filter_nat_rules_generate() { if (is_array($config['ipsec']) && isset($config['ipsec']['enable'])) { if (is_array($config['ipsec']['phase2'])) { foreach ($config['ipsec']['phase2'] as $ph2ent) { - if ($ph2ent['mode'] != 'transport' && !empty($ph2ent['natlocalid'])) { + if ($ph2ent['mode'] != 'transport' && !empty($ph2ent['natlocalid']) && !isset($ph2ent['disabled'])) { if (!function_exists('ipsec_idinfo_to_cidr')) require_once("ipsec.inc"); + ipsec_lookup_phase1($ph2ent, $ph1ent); + if (!is_array($ph1ent)) { + continue; + } + if (isset($ph1ent['disabled'])) { + continue; + } if (!is_array($ph2ent['localid'])) $ph2ent['localid'] = array(); $ph2ent['localid']['mode'] = $ph2ent['mode']; |