Correct check since it might be an ip as well

author: Ermal <eri@pfsense.org> 2012-10-05 18:15:47 +0000
committer: Ermal <eri@pfsense.org> 2012-10-05 18:15:47 +0000
commit: 6e97e102b0a2cdb946f495dcb40adbd04d0614b4 (patch)
tree: abfceebb6d4e87fa8dd2158e16100eed22b5eec7 /etc
parent: db535a1c39140b8c884a896b578814866fbb0b09 (diff)
download: pfsense-6e97e102b0a2cdb946f495dcb40adbd04d0614b4.zip
pfsense-6e97e102b0a2cdb946f495dcb40adbd04d0614b4.tar.gz
1 files changed, 5 insertions, 1 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index ca3702c..b25d10b 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -1446,11 +1446,15 @@ function filter_nat_rules_generate() {
 					else
 						$nataction = "binat";
 					$local_subnet = ipsec_idinfo_to_cidr($ph2ent['localid']);
-					if (empty($local_subnet) || !is_subnet($local_subnet) || $local_subnet == "0.0.0.0/0")
+					if (empty($local_subnet) || $local_subnet == "0.0.0.0/0")
+						continue;
+					if (!is_subnet($local_subnet) && !is_ipaddr($local_subnet))
 						continue;
 					$natlocal_subnet = ipsec_idinfo_to_cidr($ph2ent['natlocalid']);
 					if (empty($natlocal_subnet) || !is_subnet($natlocal_subnet) || $natlocal_subnet == "0.0.0.0/0")
 						continue;
+					if (!is_subnet($natlocal_subnet) && !is_ipaddr($natlocal_subnet))
+						continue;
 					$natrules .= "{$nataction} on enc0 from {$local_subnet} to any -> {$natlocal_subnet}\n";
 				}
 			}
author	Ermal <eri@pfsense.org>	2012-10-05 18:15:47 +0000
committer	Ermal <eri@pfsense.org>	2012-10-05 18:15:47 +0000
commit	6e97e102b0a2cdb946f495dcb40adbd04d0614b4 (patch)
tree	abfceebb6d4e87fa8dd2158e16100eed22b5eec7 /etc
parent	db535a1c39140b8c884a896b578814866fbb0b09 (diff)
download	pfsense-6e97e102b0a2cdb946f495dcb40adbd04d0614b4.zip pfsense-6e97e102b0a2cdb946f495dcb40adbd04d0614b4.tar.gz