diff options
| author | Phil Davis <phil.davis@inf.org> | 2017-02-23 10:41:50 +0545 |
|---|---|---|
| committer | jim-p <jimp@pfsense.org> | 2017-02-26 17:52:45 -0500 |
| commit | 61ea29be72fe3315aac5066af15554d1f4626cdb (patch) | |
| tree | 58403c968668efe502003243098e7a86d6a2c931 | |
| parent | e35d7d0e2cbad1ff4494a9d83b81a983eecc2e81 (diff) | |
| download | pfsense-61ea29be72fe3315aac5066af15554d1f4626cdb.zip pfsense-61ea29be72fe3315aac5066af15554d1f4626cdb.tar.gz | |
Fix #7299 and other stuff
As far as I can see, filter_generate_user_rule() is always supposed to be called with 'ipprotocol' set to 'inet' or 'inet6'. The cases of rules for both ('inet46') are handled by calling filter_generate_user_rule() twice, passing 'inet' then 'inet6'.
So at this point, if 'ipprotocol' is blank, then it is from an old rule, and it [can|should|must] default to 'inet'.
This would provide a generic fix for old rules that do not have 'ipprotocol' specified.
The other thing that could be done is make some upgrade code that fills in 'ipprotocol' on old rules at upgrade.
| -rw-r--r-- | src/etc/inc/filter.inc | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/etc/inc/filter.inc b/src/etc/inc/filter.inc index e003e33..b3e1a7f 100644 --- a/src/etc/inc/filter.inc +++ b/src/etc/inc/filter.inc @@ -2712,7 +2712,7 @@ function filter_generate_user_rule($rule) { $aline['ipprotocol'] = "inet6"; break; default: - $aline['ipprotocol'] = ""; + $aline['ipprotocol'] = "inet"; break; } |
