diff options
| author | Erik Fonnesbeck <efonnes@gmail.com> | 2010-05-03 20:05:11 -0600 |
|---|---|---|
| committer | Erik Fonnesbeck <efonnes@gmail.com> | 2010-05-03 20:05:11 -0600 |
| commit | c6bfc426ef13f0d59493ebef79ea244aa9baac1f (patch) | |
| tree | ee51f77e2dadbfc6a737971608380dd62c8b5f81 | |
| parent | e5995f9dd8ae7d5ee76f58d619464d01555cbd6e (diff) | |
| download | pfsense-c6bfc426ef13f0d59493ebef79ea244aa9baac1f.zip pfsense-c6bfc426ef13f0d59493ebef79ea244aa9baac1f.tar.gz | |
Move the reflection enabled check out of filter_generate_reflection, so this function can be used elsewhere regardless of the system setting for it (in preparation for reflection support on 1:1 NAT mappings).
| -rw-r--r-- | etc/inc/filter.inc | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index ed16434..288da31 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -798,7 +798,7 @@ function filter_generate_reflection($rule, $nordr, $rdr_ifs, $srcaddr, $dstport, $natrules = ""; $reflection_txt = array(); - if(!isset($config['system']['disablenatreflection'])) { + if(!empty($rdr_ifs)) { if($config['system']['reflectiontimeout']) $reflectiontimeout = $config['system']['reflectiontimeout']; else @@ -806,9 +806,6 @@ function filter_generate_reflection($rule, $nordr, $rdr_ifs, $srcaddr, $dstport, update_filter_reload_status("Creating reflection rule for {$rule['descr']}..."); - if(empty($rdr_ifs)) - return ""; - $rdr_if_list = implode(" ", $rdr_ifs); if(count($rdr_ifs) > 1) $rdr_if_list = "{ {$rdr_if_list} }"; @@ -1257,6 +1254,12 @@ function filter_nat_rules_generate() { else $nordr = ""; + if(!isset($config['system']['disablenatreflection'])) { + $nat_if_list = filter_get_reflection_interfaces($natif); + } else { + $nat_if_list = array(); + } + if($srcaddr <> "" && $dstaddr <> "") { /* is rule a port range? */ if($natif) @@ -1271,7 +1274,7 @@ function filter_nat_rules_generate() { $natrules .= "no nat on {$natif} proto tcp from ({$natif}) to {$rule_subnet}/{$rule_interface_subnet}\n"; $natrules .= "nat on {$natif} proto tcp from {$rule_subnet}/{$rule_interface_subnet} to {$target} port {$dstport[0]} -> ({$natif})\n"; } - $natrules .= filter_generate_reflection($rule, $nordr, filter_get_reflection_interfaces($natif), $srcaddr, $dstport, $starting_localhost_port, $reflection_rules); + $natrules .= filter_generate_reflection($rule, $nordr, $nat_if_list, $srcaddr, $dstport, $starting_localhost_port, $reflection_rules); $natrules .= "\n"; foreach ($reflection_rules as $txtline) |
