diff options
author | Erik Fonnesbeck <efonnes@gmail.com> | 2010-05-02 04:21:24 -0600 |
---|---|---|
committer | Erik Fonnesbeck <efonnes@gmail.com> | 2010-05-02 04:21:24 -0600 |
commit | 4818f161e4f6b1cde33dfa2aaa6350b571de697a (patch) | |
tree | 0599194ffa133f8dc422337915e5465d277bb7e9 | |
parent | 414e21e0a2ca2ce1fcfb021eafcffd48bb179784 (diff) | |
download | pfsense-4818f161e4f6b1cde33dfa2aaa6350b571de697a.zip pfsense-4818f161e4f6b1cde33dfa2aaa6350b571de697a.tar.gz |
Moving reflection's interface listing code to its own function, for use in future NAT reflection improvements.
-rw-r--r-- | etc/inc/filter.inc | 40 |
1 files changed, 27 insertions, 13 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 4dead3e..54ffbbd 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -772,7 +772,26 @@ function filter_flush_state_table() { return mwexec("/sbin/pfctl -F state"); } -function filter_generate_reflection($rule, $nordr, $srcaddr, $dstport, &$starting_localhost_port, &$reflection_txt) { +function filter_get_reflection_interfaces($natif = "") { + global $FilterIflist; + + $nat_if_list = array(); + + foreach ($FilterIflist as $ifent => $ifname) { + if($ifname['if'] == $natif) + continue; + + /* Do not add reflection redirects for interfaces with gateways */ + if(interface_has_gateway($ifent)) + continue; + + $nat_if_list[] = $ifname['if']; + } + + return $nat_if_list; +} + +function filter_generate_reflection($rule, $nordr, $rdr_ifs, $srcaddr, $dstport, &$starting_localhost_port, &$reflection_txt) { global $FilterIflist, $config; // Initialize natrules holder string @@ -785,21 +804,16 @@ function filter_generate_reflection($rule, $nordr, $srcaddr, $dstport, &$startin else $reflectiontimeout = "2000"; - update_filter_reload_status("Setting up NAT Reflection"); + update_filter_reload_status("Creating reflection rule for {$rule['descr']}..."); - $natrules .= "\n# Reflection redirects\n"; - $rdr_if_list = ""; - foreach ($FilterIflist as $ifent => $ifname) { - /* do not process interfaces with gateways*/ - if(interface_has_gateway($ifent)) - continue; + if(empty($rdr_ifs)) + return ""; - $rdr_if_list .= " " . $ifname['if']; - } - if (!empty($rdr_if_list)) + $rdr_if_list = implode(" ", $rdr_ifs); + if(count($rdr_ifs) > 1) $rdr_if_list = "{ {$rdr_if_list} }"; - update_filter_reload_status("Creating reflection rule for {$rule['descr']}..."); + $natrules .= "\n# Reflection redirects\n"; if($dstport[1]) $range_end = ($dstport[1]); @@ -1252,7 +1266,7 @@ function filter_nat_rules_generate() { $natrules .= "no nat on {$natif} proto tcp from ({$natif}) to {$rule_subnet}/{$rule_interface_subnet}\n"; $natrules .= "nat on {$natif} proto tcp from {$rule_subnet}/{$rule_interface_subnet} to {$target} port {$dstport[0]} -> ({$natif})\n"; } - $natrules .= filter_generate_reflection($rule, $nordr, $srcaddr, $dstport, $starting_localhost_port, $reflection_rules); + $natrules .= filter_generate_reflection($rule, $nordr, filter_get_reflection_interfaces($natif), $srcaddr, $dstport, $starting_localhost_port, $reflection_rules); $natrules .= "\n"; foreach ($reflection_rules as $txtline) |