no rdr rules shouldon't have ->, take care of nat reflection rules either

author: Renato Botelho <renato.botelho@bluepex.com> 2010-04-26 09:44:17 -0300
committer: Renato Botelho <renato.botelho@bluepex.com> 2010-04-26 09:44:17 -0300
commit: ec0d9beffa2cb0ee6018c989beecc0f2916a3f77 (patch)
tree: 36413242d11178004800f4e23824e277e94d5095 /etc
parent: a94ee3fa3009841bf3fed7e7e23c0d2f92d39360 (diff)
download: pfsense-ec0d9beffa2cb0ee6018c989beecc0f2916a3f77.zip
pfsense-ec0d9beffa2cb0ee6018c989beecc0f2916a3f77.tar.gz
1 files changed, 6 insertions, 4 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index a33c701..b229e7d 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -813,7 +813,8 @@ function filter_generate_reflection($rule, $nordr, $srcaddr, $dstport, &$startin
 					$reflection_txt[] = "{$inetdport}\tdgram\tudp\tnowait/0\tnobody\t/usr/bin/nc\tnc -u -w {$reflectiontimeout} {$target} {$tda}\n";
 						$inetdport++;
 					}
-				$natrules .= "{$nordr}rdr on {$rdr_if_list} proto {$protocol} from {$srcaddr} to {$dstaddr} port {$rflctintrange} tag PFREFLECT -> 127.0.0.1 port {$rflctrange}\n";
+				$natrules .= "{$nordr}rdr on {$rdr_if_list} proto {$protocol} from {$srcaddr} to {$dstaddr} port {$rflctintrange} tag PFREFLECT" .
+								($nordr == "" ? " -> 127.0.0.1 port {$rflctrange}" : "") . "\n";
 				break;
 			case "tcp":
 			case "udp":
@@ -829,7 +830,8 @@ function filter_generate_reflection($rule, $nordr, $srcaddr, $dstport, &$startin
 					$reflection_txt[] = "{$inetdport}\t{$socktype}\t{$protocol}\tnowait/0\tnobody\t/usr/bin/nc\tnc {$dash_u}-w {$reflectiontimeout} {$target} {$tda}\n";
 					$inetdport++;
 				}
-				$natrules .= "{$nordr}rdr on {$rdr_if_list} proto {$protocol} from {$srcaddr} to {$dstaddr} port {$rflctintrange} tag PFREFLECT -> 127.0.0.1 port {$rflctrange}\n";
+				$natrules .= "{$nordr}rdr on {$rdr_if_list} proto {$protocol} from {$srcaddr} to {$dstaddr} port {$rflctintrange} tag PFREFLECT" .
+								($nordr == "" ? " -> 127.0.0.1 port {$rflctrange}" : "") . "\n";
 				break;
 			}
 		}
@@ -1151,7 +1153,7 @@ function filter_nat_rules_generate() {
 			}
 
 			if($rule['associated-rule-id'] == "pass")
-				$rdrpass = "pass";
+				$rdrpass = "pass ";
 			else
 				$rdrpass = "";
 			if(!$rule['interface'])
@@ -1178,7 +1180,7 @@ function filter_nat_rules_generate() {
 			if($srcaddr <> "" && $dstaddr <> "") {
 				/* is rule a port range? */
 				if($natif)
-					$natrules .= "{$nordr}rdr {$rdrpass} on {$natif} proto {$protocol} from {$srcaddr} to {$dstaddr} -> {$target}{$localport}";
+					$natrules .= "{$nordr}rdr {$rdrpass}on {$natif} proto {$protocol} from {$srcaddr} to {$dstaddr}" . ($nordr == "" ? " -> {$target}{$localport}" : "");
 
 				/* Does this rule redirect back to a internal host? */
 				if($dstaddr == "any" && !interface_has_gateway($rule['interface'])) {
author	Renato Botelho <renato.botelho@bluepex.com>	2010-04-26 09:44:17 -0300
committer	Renato Botelho <renato.botelho@bluepex.com>	2010-04-26 09:44:17 -0300
commit	ec0d9beffa2cb0ee6018c989beecc0f2916a3f77 (patch)
tree	36413242d11178004800f4e23824e277e94d5095 /etc
parent	a94ee3fa3009841bf3fed7e7e23c0d2f92d39360 (diff)
download	pfsense-ec0d9beffa2cb0ee6018c989beecc0f2916a3f77.zip pfsense-ec0d9beffa2cb0ee6018c989beecc0f2916a3f77.tar.gz