diff options
| author | Scott Ullrich <sullrich@pfsense.org> | 2006-04-12 03:01:14 +0000 |
|---|---|---|
| committer | Scott Ullrich <sullrich@pfsense.org> | 2006-04-12 03:01:14 +0000 |
| commit | 642220bd2dd3989cc3542236e5ee3686590819fd (patch) | |
| tree | d9723fb362a95d4cf1ff943743459979a49fe9b5 | |
| parent | e45d5f07143c53685dfa1be6cabd9a585f556dcc (diff) | |
| download | pfsense-642220bd2dd3989cc3542236e5ee3686590819fd.zip pfsense-642220bd2dd3989cc3542236e5ee3686590819fd.tar.gz | |
MFC
Reflection fixes from billm
| -rw-r--r-- | etc/inc/filter.inc | 28 |
1 files changed, 16 insertions, 12 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index d4bf493..b8495a5 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -865,27 +865,31 @@ function filter_nat_rules_generate() { log_error("Not installing nat reflection rules for a port range > 500"); } else { /* only install reflection rules for < 19991 items */ - /* only install reflection rules for < 19991 items */ if($starting_localhost_port < 19991) { for($x=$extport[0]; $x<$range_end; $x++) { update_filter_reload_status("Creating reflection rule for {$rule['descr']}..."); $starting_localhost_port++; + + $ifname_real = convert_friendly_interface_to_friendly_descr(strtolower($ifname)); - if($rule['protocol'] == "tcp/udp") { - $protocol = "{ tcp udp }"; - fwrite($fd, "{$starting_localhost_port}\tstream\ttcp/udp\tnowait\tnobody\t/usr/bin/nc nc -w 20 {$target} {$x}\n"); - } else { - $protocol = $rule['protocol']; - fwrite($fd, "{$starting_localhost_port}\tstream\t{$protocol}\tnowait\tnobody\t/usr/bin/nc nc -w 20 {$target} {$x}\n"); + switch($rule['protocol']) { + case "tcp/udp": + $protocol = "{ tcp udp }"; + fwrite($fd, "{$starting_localhost_port}\tstream\ttcp/udp\tnowait\tnobody\t/usr/bin/nc nc -w 20 {$target} {$x}\n"); + $natrules .= "rdr on \${$ifname_real} proto {$protocol} from any to {$extaddr} port { {$x} } -> 127.0.0.1 port {$starting_localhost_port}\n"; + break; + case "tcp": + case "udp": + $protocol = $rule['protocol']; + fwrite($fd, "{$starting_localhost_port}\tstream\t{$protocol}\tnowait\tnobody\t/usr/bin/nc nc -w 20 {$target} {$x}\n"); + $natrules .= "rdr on \${$ifname_real} proto {$protocol} from any to {$extaddr} port { {$x} } -> 127.0.0.1 port {$starting_localhost_port}\n"; + break; + default: + break; } - $ifname_lower = convert_friendly_interface_to_friendly_descr(strtolower($ifname)); - - $natrules .= - "rdr on \${$ifname_lower} proto {$protocol} from any to {$extaddr} port { {$x} } -> 127.0.0.1 port {$starting_localhost_port}\n"; - if($starting_localhost_port > 19990) { log_error("Not installing nat reflection rules. Maximum 1,000 reached."); $x = $range_end+1; |
