diff options
| author | Erik Fonnesbeck <efonnes@gmail.com> | 2010-05-04 01:54:29 -0600 |
|---|---|---|
| committer | Erik Fonnesbeck <efonnes@gmail.com> | 2010-05-04 03:11:19 -0600 |
| commit | f28e13de272d247ee0565525ce784dca2ea929a7 (patch) | |
| tree | 6eecc16fe408eb03301d313badfae5a0a07bfba2 /etc/inc/filter.inc | |
| parent | bb37dc86968bc629125c8f1a8b19fc236629011d (diff) | |
| download | pfsense-f28e13de272d247ee0565525ce784dca2ea929a7.zip pfsense-f28e13de272d247ee0565525ce784dca2ea929a7.tar.gz | |
Skip code for generating inetd.conf entries when 'no rdr' is used.
Diffstat (limited to 'etc/inc/filter.inc')
| -rw-r--r-- | etc/inc/filter.inc | 38 |
1 files changed, 21 insertions, 17 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 1304258..5c202fc 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -841,6 +841,26 @@ function filter_generate_reflection($rule, $nordr, $rdr_ifs, $srcaddr, $dstaddr_ $dstaddr = gen_subnet($dstaddr, $FilterIflist[$natif]['sn']) . '/' . $FilterIflist[$natif]['sn']; } + switch($rule['protocol']) { + case "tcp/udp": + $protocol = "{ tcp udp }"; + $reflect_protos = array('tcp', 'udp'); + break; + case "tcp": + case "udp": + $protocol = $rule['protocol']; + $reflect_protos = array($rule['protocol']); + break; + default: + $reflect_protos = array(); + break; + } + + if(!empty($nordr)) { + $natrules .= "no rdr on {$rdr_if_list} proto {$protocol} from {$srcaddr} to {$dstaddr} port {$rflctintrange}\n"; + return $natrules; + } + if (is_alias($rule['target'])) $target = filter_expand_alias($rule['target']); else if(is_ipaddr($rule['target'])) @@ -894,21 +914,6 @@ function filter_generate_reflection($rule, $nordr, $rdr_ifs, $srcaddr, $dstaddr_ $starting_localhost_port++; } - switch($rule['protocol']) { - case "tcp/udp": - $protocol = "{ tcp udp }"; - $reflect_protos = array('tcp', 'udp'); - break; - case "tcp": - case "udp": - $protocol = $rule['protocol']; - $reflect_protos = array($rule['protocol']); - break; - default: - $reflect_protos = array(); - break; - } - if(!empty($reflect_protos)) { foreach($toadd_array as $tda){ foreach($reflect_protos as $reflect_proto) { @@ -923,8 +928,7 @@ function filter_generate_reflection($rule, $nordr, $rdr_ifs, $srcaddr, $dstaddr_ } $inetdport++; } - $natrules .= "{$nordr}rdr on {$rdr_if_list} proto {$protocol} from {$srcaddr} to {$dstaddr} port {$rflctintrange} tag PFREFLECT" . - ($nordr == "" ? " -> 127.0.0.1 port {$rflctrange}" : "") . "\n"; + $natrules .= "rdr on {$rdr_if_list} proto {$protocol} from {$srcaddr} to {$dstaddr} port {$rflctintrange} tag PFREFLECT -> 127.0.0.1 port {$rflctrange}\n"; } } $reflection_txt = array_unique($reflection_txt); |
