diff options
author | Erik Fonnesbeck <efonnes@gmail.com> | 2010-05-08 18:17:09 -0600 |
---|---|---|
committer | Erik Fonnesbeck <efonnes@gmail.com> | 2010-05-08 18:17:09 -0600 |
commit | aba2f06d3a16fa5bee0153992a7cc00d69f60a52 (patch) | |
tree | d52b34ecb3329f3c1eefaed1d7916b3ab2eebc03 /etc/inc/filter.inc | |
parent | ed69be7ad9c1383b7069acc5224d04fe4e01777f (diff) | |
download | pfsense-aba2f06d3a16fa5bee0153992a7cc00d69f60a52.zip pfsense-aba2f06d3a16fa5bee0153992a7cc00d69f60a52.tar.gz |
Do not install reflection rules for port forwards when the destination is invalid.
Diffstat (limited to 'etc/inc/filter.inc')
-rw-r--r-- | etc/inc/filter.inc | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 0da950e..eac5877 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -869,6 +869,8 @@ function filter_generate_reflection($rule, $nordr, $rdr_ifs, $srcaddr, $dstaddr_ else $rflctintrange = ""; $dstaddr = $dstaddr[0]; + if(empty($dstaddr) || strtolower(trim($dstaddr)) == "port") + return ""; if(isset($rule['destination']['any'])) { if(!$rule['interface']) |