diff options
| author | Erik Fonnesbeck <efonnes@gmail.com> | 2012-01-20 20:30:50 -0700 |
|---|---|---|
| committer | Erik Fonnesbeck <efonnes@gmail.com> | 2012-01-20 20:56:54 -0700 |
| commit | f314bad6789e05cecfb14242e13be077248ebf13 (patch) | |
| tree | 592aca3dc167ffda1d71476e0b96f5c3ce3c7bfc /etc/inc/filter.inc | |
| parent | d1fc1182cd6ca801f77d97b7d7752613397eb6b4 (diff) | |
| download | pfsense-f314bad6789e05cecfb14242e13be077248ebf13.zip pfsense-f314bad6789e05cecfb14242e13be077248ebf13.tar.gz | |
Only add these lines if there is both an IP address and CIDR. Fixes #1882
Diffstat (limited to 'etc/inc/filter.inc')
| -rw-r--r-- | etc/inc/filter.inc | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 1cb69bf..5c72201 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1585,10 +1585,12 @@ function filter_nat_rules_generate() { if(isset($rule['destination']['any']) && !interface_has_gateway($rule['interface']) && !isset($rule['nordr'])) { $rule_interface_ip = find_interface_ip($natif); $rule_interface_subnet = find_interface_subnet($natif); - $rule_subnet = gen_subnet($rule_interface_ip, $rule_interface_subnet); - $natrules .= "\n"; - $natrules .= "no nat on {$natif} proto tcp from ({$natif}) to {$rule_subnet}/{$rule_interface_subnet}\n"; - $natrules .= "nat on {$natif} proto tcp from {$rule_subnet}/{$rule_interface_subnet} to {$target} port {$dstport[0]} -> ({$natif})\n"; + if(!empty($rule_interface_ip) && !empty($rule_interface_subnet)) { + $rule_subnet = gen_subnet($rule_interface_ip, $rule_interface_subnet); + $natrules .= "\n"; + $natrules .= "no nat on {$natif} proto tcp from ({$natif}) to {$rule_subnet}/{$rule_interface_subnet}\n"; + $natrules .= "nat on {$natif} proto tcp from {$rule_subnet}/{$rule_interface_subnet} to {$target} port {$dstport[0]} -> ({$natif})\n"; + } } $natrules .= filter_generate_reflection($rule, $nordr, $nat_if_list, $srcaddr, $dstaddr, $starting_localhost_port, $reflection_rules); $natrules .= "\n"; |
