Check whether the P2 or its associated P1 are disabled before adding NAT

rules. Ticket #5320
author: Chris Buechler <cmb@pfsense.org> 2015-10-20 12:59:45 -0500
committer: Chris Buechler <cmb@pfsense.org> 2015-10-20 12:59:45 -0500
commit: 0b84a5a64203e94ab988c0abac245f0d562c0ac0 (patch)
tree: b243b607f4383e497636c9e0a51df46cb9971987
parent: bf69f2f84efa01ba86ea9ff01d1b0e245212bae3 (diff)
download: pfsense-0b84a5a64203e94ab988c0abac245f0d562c0ac0.zip
pfsense-0b84a5a64203e94ab988c0abac245f0d562c0ac0.tar.gz
1 files changed, 8 insertions, 1 deletions
diff --git a/src/etc/inc/filter.inc b/src/etc/inc/filter.inc
index ff634c4..71471c1 100644
--- a/src/etc/inc/filter.inc
+++ b/src/etc/inc/filter.inc
@@ -1899,10 +1899,17 @@ function filter_nat_rules_generate() {
 	if (is_array($config['ipsec']) && isset($config['ipsec']['enable'])) {
 		if (is_array($config['ipsec']['phase2'])) {
 			foreach ($config['ipsec']['phase2'] as $ph2ent) {
-				if ($ph2ent['mode'] != 'transport' && !empty($ph2ent['natlocalid'])) {
+				if ($ph2ent['mode'] != 'transport' && !empty($ph2ent['natlocalid']) && !isset($ph2ent['disabled'])) {
 					if (!function_exists('ipsec_idinfo_to_cidr')) {
 						require_once("ipsec.inc");
 					}
+					ipsec_lookup_phase1($ph2ent, $ph1ent);
+					if (!is_array($ph1ent)) {
+						continue;
+					}
+					if (isset($ph1ent['disabled'])) {
+						continue;
+					}
 					if (!is_array($ph2ent['localid'])) {
 						$ph2ent['localid'] = array();
 					}
author	Chris Buechler <cmb@pfsense.org>	2015-10-20 12:59:45 -0500
committer	Chris Buechler <cmb@pfsense.org>	2015-10-20 12:59:45 -0500
commit	0b84a5a64203e94ab988c0abac245f0d562c0ac0 (patch)
tree	b243b607f4383e497636c9e0a51df46cb9971987
parent	bf69f2f84efa01ba86ea9ff01d1b0e245212bae3 (diff)
download	pfsense-0b84a5a64203e94ab988c0abac245f0d562c0ac0.zip pfsense-0b84a5a64203e94ab988c0abac245f0d562c0ac0.tar.gz