diff options
| author | Scott Ullrich <sullrich@pfsense.org> | 2005-10-25 01:29:14 +0000 |
|---|---|---|
| committer | Scott Ullrich <sullrich@pfsense.org> | 2005-10-25 01:29:14 +0000 |
| commit | dd084ea51b3b8dfd2db1ff3e5fea9382a34c5a03 (patch) | |
| tree | 530966e3d89952409b1ed52c1d0ed91f38cd13f3 /etc/inc | |
| parent | f70c887f252387d503b47447d035b7763f9827e7 (diff) | |
| download | pfsense-dd084ea51b3b8dfd2db1ff3e5fea9382a34c5a03.zip pfsense-dd084ea51b3b8dfd2db1ff3e5fea9382a34c5a03.tar.gz | |
MFC 7140
Only install wan spoof check rule if a lan ip address is set
Diffstat (limited to 'etc/inc')
| -rw-r--r-- | etc/inc/filter.inc | 20 |
1 files changed, 11 insertions, 9 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index a7ae3c4..188617d 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -364,17 +364,15 @@ function filter_nat_rules_generate_if($if, $src, $srcport, $dst, $natport, $targ if ($dst == "") $dst = "any"; - /* Match on this destination port */ - if ($natport) - $dst .= " port {$natport}"; + /* Match on this source port */ + if ($srcport) + $src .= " port {$srcport}"; /* set the source port the world sees */ - if ($srcport) - $srcport_rule .= " port {$srcport}"; - else - $srcport_rule = ""; + if ($natport) + $second_half_of_rule .= " port {$natport}"; - $natrule = "{$nat} on {$if} from {$src}{$srcport_rule} to {$dst} {$second_half_of_rule}\n"; + $natrule = "{$nat} on {$if} from {$src} to {$dst} {$second_half_of_rule}\n"; return $natrule; } @@ -1356,13 +1354,17 @@ EOD; } } - $ipfrules .= <<<EOD + /* install wan spoof check rule if lan address exists */ + if($lansa) { + + $ipfrules .= <<<EOD # WAN spoof check anchor "wanspoof" block in $log quick on $wanif from $lansa/$lansn to any label "WAN spoof check" EOD; + } foreach ($optcfg as $oc) { if (!$oc['bridge']) |
