diff options
author | Chris Buechler <cmb@pfsense.org> | 2015-04-09 00:30:18 -0500 |
---|---|---|
committer | Chris Buechler <cmb@pfsense.org> | 2015-04-09 00:30:18 -0500 |
commit | 5274ecf01c68ea863a96f66a043aee5ad1e6d78a (patch) | |
tree | 8435e5a8b03ad973b0b1203c4dded28a1fd497fb /etc/inc/filter.inc | |
parent | 3a29236006408fc18c31667c95286d143bccaed3 (diff) | |
download | pfsense-5274ecf01c68ea863a96f66a043aee5ad1e6d78a.zip pfsense-5274ecf01c68ea863a96f66a043aee5ad1e6d78a.tar.gz |
Skip reflection rdrs where the interface doesn't have an IP. Ticket #4564
Diffstat (limited to 'etc/inc/filter.inc')
-rw-r--r-- | etc/inc/filter.inc | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 9982019..b7d2051 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -2203,7 +2203,14 @@ function filter_nat_rules_generate() { if (isset($rule['destination']['any'])) { /* With reflection enabled, destination of 'any' has side effects * that most people would not expect, so change it on reflection rules. */ - $dstaddr_reflect = $FilterIflist[$natif]['ip']; + + if (!empty($FilterIflist[$natif]['ip'])) { + $dstaddr_reflect = $FilterIflist[$natif]['ip']; + } else { + // no IP, bail + continue; + } + if (!empty($FilterIflist[$natif]['sn'])) { $dstaddr_reflect = gen_subnet($dstaddr_reflect, $FilterIflist[$natif]['sn']) . '/' . $FilterIflist[$natif]['sn']; } |