diff options
author | Chris Buechler <cmb@pfsense.org> | 2015-04-09 00:34:59 -0500 |
---|---|---|
committer | Chris Buechler <cmb@pfsense.org> | 2015-04-09 00:34:59 -0500 |
commit | eae4f953f60904bd73d3f5d614035bd20feb429f (patch) | |
tree | 5db6548e7162b2cf1c2bc09a23a32a60deb65a1e /etc | |
parent | b0c8f6dead29b2467422c81c57dfa24a8e82b94f (diff) | |
download | pfsense-eae4f953f60904bd73d3f5d614035bd20feb429f.zip pfsense-eae4f953f60904bd73d3f5d614035bd20feb429f.tar.gz |
Skip reflection rdrs where the interface doesn't have an IP. Ticket #4564
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/filter.inc | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index fdc7e61..9c64795 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -2032,7 +2032,13 @@ function filter_nat_rules_generate() { if(isset($rule['destination']['any'])) { /* With reflection enabled, destination of 'any' has side effects * that most people would not expect, so change it on reflection rules. */ - $dstaddr_reflect = $FilterIflist[$natif]['ip']; + if (!empty($FilterIflist[$natif]['ip'])) { + $dstaddr_reflect = $FilterIflist[$natif]['ip']; + } else { + // no IP, bail + continue; + } + if(!empty($FilterIflist[$natif]['sn'])) $dstaddr_reflect = gen_subnet($dstaddr_reflect, $FilterIflist[$natif]['sn']) . '/' . $FilterIflist[$natif]['sn']; |