diff options
author | jim-p <jimp@pfsense.org> | 2013-07-16 09:52:27 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2013-07-16 09:53:31 -0400 |
commit | 241eed1ab71fec5e49224afccbc59fe9a0b03b29 (patch) | |
tree | ee24543a1cb9e44a748a8b404586c938a18af593 | |
parent | 4cc3bb6ce9adfd8c3c1e732de97a0789c3a63a61 (diff) | |
download | pfsense-241eed1ab71fec5e49224afccbc59fe9a0b03b29.zip pfsense-241eed1ab71fec5e49224afccbc59fe9a0b03b29.tar.gz |
Don't generate reflection rules if reflection is disabled for that rule.
-rw-r--r-- | etc/inc/filter.inc | 27 |
1 files changed, 14 insertions, 13 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index de58613..23ef0d9 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1851,19 +1851,20 @@ function filter_nat_rules_generate() { } } - if($reflection_type == "proxy" && !isset($rule['nordr'])) { - $natrules .= filter_generate_reflection_proxy($rule, $nordr, $nat_if_list, $srcaddr, $dstaddr, $starting_localhost_port, $reflection_rules); - $nat_if_list = array($natif); - - foreach ($reflection_rules as $txtline) - fwrite($inetd_fd, $txtline); - } else if($reflection_type == "purenat" || isset($rule['nordr'])) { - $rdr_if_list = implode(" ", $nat_if_list); - if(count($nat_if_list) > 1) - $rdr_if_list = "{ {$rdr_if_list} }"; - $natrules .= "\n# Reflection redirect\n"; - $natrules .= "{$nordr}rdr {$rdrpass}on {$rdr_if_list} proto {$protocol} from {$srcaddr} to {$dstaddr_reflect}" . ($nordr == "" ? " -> {$target}{$localport}" : ""); - $nat_if_list = array_merge(array($natif), $nat_if_list); + if ($reflection_type != "none") { + if($reflection_type == "proxy" && !isset($rule['nordr'])) { + $natrules .= filter_generate_reflection_proxy($rule, $nordr, $nat_if_list, $srcaddr, $dstaddr, $starting_localhost_port, $reflection_rules); + $nat_if_list = array($natif); + foreach ($reflection_rules as $txtline) + fwrite($inetd_fd, $txtline); + } else if($reflection_type == "purenat" || isset($rule['nordr'])) { + $rdr_if_list = implode(" ", $nat_if_list); + if(count($nat_if_list) > 1) + $rdr_if_list = "{ {$rdr_if_list} }"; + $natrules .= "\n# Reflection redirect\n"; + $natrules .= "{$nordr}rdr {$rdrpass}on {$rdr_if_list} proto {$protocol} from {$srcaddr} to {$dstaddr_reflect}" . ($nordr == "" ? " -> {$target}{$localport}" : ""); + $nat_if_list = array_merge(array($natif), $nat_if_list); + } } if(empty($nat_if_list)) |