Be more strict on validation during filter reload

author: Ermal <eri@pfsense.org> 2012-10-05 18:07:47 +0000
committer: Ermal <eri@pfsense.org> 2012-10-05 18:07:47 +0000
commit: 67bcb76529d80e3502ce24ddb06e7e7a04884996 (patch)
tree: caa7d70d59c147565aed5c1248a242e8d2e5c1e7 /etc/inc/filter.inc
parent: 261e72f0580b7ba29ccc58a4236f62e8a0387187 (diff)
download: pfsense-67bcb76529d80e3502ce24ddb06e7e7a04884996.zip
pfsense-67bcb76529d80e3502ce24ddb06e7e7a04884996.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index 3ffd347..ca3702c 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -1446,10 +1446,10 @@ function filter_nat_rules_generate() {
 					else
 						$nataction = "binat";
 					$local_subnet = ipsec_idinfo_to_cidr($ph2ent['localid']);
-					if ($local_subnet == "0.0.0.0/0")
+					if (empty($local_subnet) || !is_subnet($local_subnet) || $local_subnet == "0.0.0.0/0")
 						continue;
 					$natlocal_subnet = ipsec_idinfo_to_cidr($ph2ent['natlocalid']);
-					if (empty($natlocal_subnet) || ($natlocal_subnet == "0.0.0.0/0"))
+					if (empty($natlocal_subnet) || !is_subnet($natlocal_subnet) || $natlocal_subnet == "0.0.0.0/0")
 						continue;
 					$natrules .= "{$nataction} on enc0 from {$local_subnet} to any -> {$natlocal_subnet}\n";
 				}
author	Ermal <eri@pfsense.org>	2012-10-05 18:07:47 +0000
committer	Ermal <eri@pfsense.org>	2012-10-05 18:07:47 +0000
commit	67bcb76529d80e3502ce24ddb06e7e7a04884996 (patch)
tree	caa7d70d59c147565aed5c1248a242e8d2e5c1e7 /etc/inc/filter.inc
parent	261e72f0580b7ba29ccc58a4236f62e8a0387187 (diff)
download	pfsense-67bcb76529d80e3502ce24ddb06e7e7a04884996.zip pfsense-67bcb76529d80e3502ce24ddb06e7e7a04884996.tar.gz