diff options
| author | sullrich <sullrich@pfsense.org> | 2009-11-29 19:30:45 -0500 |
|---|---|---|
| committer | sullrich <sullrich@pfsense.org> | 2009-11-29 19:30:45 -0500 |
| commit | b93a3dd5087ee7c719ce4a6c2b190350fcc81c8b (patch) | |
| tree | def194a7e29ab986372ff01b85e5306583f47860 /etc/inc | |
| parent | f7973cafe4e17ddb68c3295eadab920fcc92b2f5 (diff) | |
| download | pfsense-b93a3dd5087ee7c719ce4a6c2b190350fcc81c8b.zip pfsense-b93a3dd5087ee7c719ce4a6c2b190350fcc81c8b.tar.gz | |
Do not allow duplicate netcat reflection entries. Resolves #193
Diffstat (limited to 'etc/inc')
| -rw-r--r-- | etc/inc/filter.inc | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index c16327a..513b92e 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -713,16 +713,16 @@ function filter_generate_reflection($rule, $extport, &$starting_localhost_port) case "tcp/udp": $protocol = "{ tcp udp }"; foreach($toadd_array as $tda) { - $reflection_txt = "{$starting_localhost_port}\tstream\ttcp/udp\tnowait/0\tnobody\t/usr/bin/nc nc -w {$reflectiontimeout}{$target} {$tda}\n"; + $reflection_txt = "\tstream\ttcp/udp\tnowait/0\tnobody\t/usr/bin/nc nc -w {$reflectiontimeout}{$target} {$tda}\n"; if(!in_array($reflection_txt, $reflection_seen)) { - fwrite($inetd_fd, $reflection_txt); + fwrite($inetd_fd, $starting_localhost_port . $reflection_txt); $reflection_seen[] = $reflection_txt; } $natrules .= "rdr on {$ifname['if']} proto tcp from any to {$extaddr} port {$xxx} tag PFREFLECT -> 127.0.0.1 port {$starting_localhost_port}\n"; $starting_localhost_port++; - $reflection_txt = "{$starting_localhost_port}\tstream\ttcp/udp\tnowait/0\tnobody\t/usr/bin/nc nc -u -w {$reflectiontimeout} {$target} {$tda}\n"; + $reflection_txt = "\tstream\ttcp/udp\tnowait/0\tnobody\t/usr/bin/nc nc -u -w {$reflectiontimeout} {$target} {$tda}\n"; if(!in_array($reflection_txt, $reflection_seen)) { - fwrite($inetd_fd, $reflection_txt); + fwrite($inetd_fd, $starting_localhost_port . $reflection_txt); $reflection_seen[] = $reflection_txt; } $natrules .= "rdr on { {$ifname['if']} } proto udp from any to {$extaddr} port {$xxx} tag PFREFLECT -> 127.0.0.1 port {$starting_localhost_port}\n"; @@ -745,9 +745,9 @@ function filter_generate_reflection($rule, $extport, &$starting_localhost_port) $reflectiontimeout = $config['system']['reflectiontimeout']; else $reflectiontimeout = "20"; - $reflection_txt = "{$starting_localhost_port}\t{$socktype}\t{$protocol}\tnowait/0\tnobody\t/usr/bin/nc nc {$dash_u}-w {$reflectiontimeout} {$target} {$tda}\n"; + $reflection_txt = "\t{$socktype}\t{$protocol}\tnowait/0\tnobody\t/usr/bin/nc nc {$dash_u}-w {$reflectiontimeout} {$target} {$tda}\n"; if(!in_array($reflection_txt, $reflection_seen)) { - fwrite($inetd_fd, $reflection_txt); + fwrite($inetd_fd, $starting_localhost_port . $reflection_txt); $reflection_seen[] = $reflection_txt; } $natrules .= "rdr on { {$ifname['if']} } proto {$protocol} from any to {$extaddr} port {$xxx} tag PFREFLECT -> 127.0.0.1 port {$starting_localhost_port}\n"; |
