diff options
author | Renato Botelho <garga@FreeBSD.org> | 2014-08-22 12:12:44 -0300 |
---|---|---|
committer | Renato Botelho <garga@FreeBSD.org> | 2014-08-22 12:12:44 -0300 |
commit | 2cff71c43a646075dea76bf269c3e4a1eabcbbf5 (patch) | |
tree | c46bbb97d91604d4e791081073a1923f1aae2051 /etc/inc/filter.inc | |
parent | 8c366060e3646cdf6eadc1d2dcec91e78d7be88e (diff) | |
download | pfsense-2cff71c43a646075dea76bf269c3e4a1eabcbbf5.zip pfsense-2cff71c43a646075dea76bf269c3e4a1eabcbbf5.tar.gz |
Take virtual IPs into consideration for automatic outbound NAT rules, it should now fix #983
Diffstat (limited to 'etc/inc/filter.inc')
-rw-r--r-- | etc/inc/filter.inc | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 711dae4..083e77c 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1366,6 +1366,24 @@ function filter_nat_rules_automatic_tonathosts($with_descr = false) { if($oc['sa']) { $tonathosts[] = "{$oc['sa']}/{$oc['sn']}"; $descriptions[] = $oc['descr']; + if (isset($oc['vips']) && is_array($oc['vips'])) { + $if_subnets = array("{$oc['sa']}/{$oc['sn']}"); + foreach ($oc['vips'] as $vip) { + if (!is_ipaddrv4($vip['ip'])) + continue; + + foreach ($if_subnets as $subnet) + if (ip_in_subnet($vip['ip'], $subnet)) + continue 2; + + $network = gen_subnet($vip['ip'], $vip['sn']); + $tonathosts[] = $network . '/' . $vip['sn']; + $descriptions[] = "Virtual IP ({$oc['descr']})"; + $if_subnets[] = $network . '/' . $vip['sn']; + unset($network); + } + unset($if_subnets); + } } } |