Do not install reflection rules for port forwards when the destination is invalid.

author: Erik Fonnesbeck <efonnes@gmail.com> 2010-05-08 18:17:09 -0600
committer: Erik Fonnesbeck <efonnes@gmail.com> 2010-05-08 18:17:09 -0600
commit: aba2f06d3a16fa5bee0153992a7cc00d69f60a52 (patch)
tree: d52b34ecb3329f3c1eefaed1d7916b3ab2eebc03 /etc/inc/filter.inc
parent: ed69be7ad9c1383b7069acc5224d04fe4e01777f (diff)
download: pfsense-aba2f06d3a16fa5bee0153992a7cc00d69f60a52.zip
pfsense-aba2f06d3a16fa5bee0153992a7cc00d69f60a52.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index 0da950e..eac5877 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -869,6 +869,8 @@ function filter_generate_reflection($rule, $nordr, $rdr_ifs, $srcaddr, $dstaddr_
 		else
 			$rflctintrange = "";
 		$dstaddr = $dstaddr[0];
+		if(empty($dstaddr) || strtolower(trim($dstaddr)) == "port")
+			return "";
 
 		if(isset($rule['destination']['any'])) {
 			if(!$rule['interface'])
author	Erik Fonnesbeck <efonnes@gmail.com>	2010-05-08 18:17:09 -0600
committer	Erik Fonnesbeck <efonnes@gmail.com>	2010-05-08 18:17:09 -0600
commit	aba2f06d3a16fa5bee0153992a7cc00d69f60a52 (patch)
tree	d52b34ecb3329f3c1eefaed1d7916b3ab2eebc03 /etc/inc/filter.inc
parent	ed69be7ad9c1383b7069acc5224d04fe4e01777f (diff)
download	pfsense-aba2f06d3a16fa5bee0153992a7cc00d69f60a52.zip pfsense-aba2f06d3a16fa5bee0153992a7cc00d69f60a52.tar.gz