diff options
author | jim-p <jimp@pfsense.org> | 2012-10-01 10:56:16 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2012-10-01 10:59:51 -0400 |
commit | b4147482efca1524c423df5219e612332444e540 (patch) | |
tree | a6c05a4f72387d865ae2f0cb2273ee1ac4a28959 /etc/inc/easyrule.inc | |
parent | 51271f743301453dd1688ed1876cbd68c8d6f123 (diff) | |
download | pfsense-b4147482efca1524c423df5219e612332444e540.zip pfsense-b4147482efca1524c423df5219e612332444e540.tar.gz |
Fixup processing of IPv6 IPs for EasyRule. Fixes #2649
Diffstat (limited to 'etc/inc/easyrule.inc')
-rw-r--r-- | etc/inc/easyrule.inc | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/etc/inc/easyrule.inc b/etc/inc/easyrule.inc index 2435008..5444285 100644 --- a/etc/inc/easyrule.inc +++ b/etc/inc/easyrule.inc @@ -136,6 +136,7 @@ function easyrule_block_alias_getid($int = 'wan') { function easyrule_block_alias_add($host, $int = 'wan') { global $blockaliasname, $config; /* If the host isn't a valid IP address, bail */ + $host = trim($host, "[]"); if (!is_ipaddr($host) && !is_subnet($host)) return false; @@ -156,6 +157,8 @@ function easyrule_block_alias_add($host, $int = 'wan') { list($host, $mask) = explode("/", $host); } elseif (is_specialnet($host)) { $mask = 0; + } elseif (is_ipaddrv6($host)) { + $mask = 128; } else { $mask = 32; } @@ -196,6 +199,7 @@ function easyrule_block_alias_add($host, $int = 'wan') { function easyrule_block_host_add($host, $int = 'wan') { global $retval; /* Bail if the supplied host is not a valid IP address */ + $host = trim($host, "[]"); if (!is_ipaddr($host) && !is_subnet($host)) return false; @@ -299,6 +303,7 @@ function easyrule_pass_rule_add($int, $proto, $srchost, $dsthost, $dstport, $ipp function easyrule_parse_block($int, $src) { if (!empty($src) && !empty($int)) { + $src = trim($src, "[]"); if (!is_ipaddr($src) && !is_subnet($src)) { return gettext("Tried to block invalid IP:") . ' ' . htmlspecialchars($src); } @@ -319,6 +324,8 @@ function easyrule_parse_block($int, $src) { function easyrule_parse_pass($int, $proto, $src, $dst, $dstport = 0, $ipproto = inet) { /* Check for valid int, srchost, dsthost, dstport, and proto */ global $protocols_with_ports; + $src = trim($src, "[]"); + $dst = trim($dst, "[]"); if (!empty($int) && !empty($proto) && !empty($src) && !empty($dst)) { $int = easyrule_find_rule_interface($int); |