Fix #6472: Enable/Disable associated firewall rule when NAT rule changes

2 files changed, 20 insertions, 0 deletions

diff --git a/src/usr/local/www/firewall_nat.php b/src/usr/local/www/firewall_nat.php
index f7433cf..ac2498f 100644
--- a/src/usr/local/www/firewall_nat.php
+++ b/src/usr/local/www/firewall_nat.php
@@ -193,9 +193,20 @@ if (isset($_POST['del_x'])) {
 	if ($a_nat[$_GET['id']]) {
 		if (isset($a_nat[$_GET['id']]['disabled'])) {
 			unset($a_nat[$_GET['id']]['disabled']);
+			$rule_status = true;
 		} else {
 			$a_nat[$_GET['id']]['disabled'] = true;
+			$rule_status = false;
 		}
+
+		// Check for filter rule associations
+		if (isset($a_nat[$_GET['id']]['associated-rule-id'])) {
+			toggle_id($a_nat[$_GET['id']]['associated-rule-id'],
+			    $config['filter']['rule'], $rule_status);
+			unset($rule_status);
+			mark_subsystem_dirty('filter');
+		}
+
 		if (write_config(gettext("Firewall: NAT: Port forward, enable/disable NAT rule"))) {
 			mark_subsystem_dirty('natconf');
 		}
diff --git a/src/usr/local/www/firewall_nat_edit.php b/src/usr/local/www/firewall_nat_edit.php
index f517592..3474da5 100644
--- a/src/usr/local/www/firewall_nat_edit.php
+++ b/src/usr/local/www/firewall_nat_edit.php
@@ -528,6 +528,15 @@ if ($_POST) {
 
 		// Update the NAT entry now
 		if (isset($id) && $a_nat[$id]) {
+
+			if (isset($natent['associated-rule-id']) &&
+			    (isset($a_nat[$id]['disabled']) !== isset($natent['disabled']))) {
+				// Check for filter rule associations
+				toggle_id($natent['associated-rule-id'],
+				    $config['filter']['rule'],
+				    !isset($natent['disabled']));
+				mark_subsystem_dirty('filter');
+			}
 			$a_nat[$id] = $natent;
 		} else {
 			$natent['created'] = make_config_revision_entry();