diff options
| author | Ermal Luçi <eri@pfsense.org> | 2010-03-09 19:43:40 +0000 |
|---|---|---|
| committer | Ermal Luçi <eri@pfsense.org> | 2010-03-09 19:45:13 +0000 |
| commit | 68ff67b360068bf308eb0305aeb1fa841f85bc01 (patch) | |
| tree | 90859f18cd2eaff33edad581abb2bab3b4efcb78 /etc | |
| parent | 800ae4122c0efd20a6db87bac8d463a7fe145db8 (diff) | |
| download | pfsense-68ff67b360068bf308eb0305aeb1fa841f85bc01.zip pfsense-68ff67b360068bf308eb0305aeb1fa841f85bc01.tar.gz | |
Implement the protocol functionality on nat rules. This i based on a port that provides this functionality but with a lot more reduced patchset.
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/inc/filter.inc | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index f06d6ec..ac22ba6 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -828,7 +828,7 @@ function filter_generate_reflection($rule, $extport, &$starting_localhost_port, } /* Generate a 'nat on' or 'no nat on' rule for given interface */ -function filter_nat_rules_generate_if($if, $src = "any", $srcport = "", $dst = "any", $dstport = "", $natip = "", $natport = "", $nonat = false, $staticnatport = false) { +function filter_nat_rules_generate_if($if, $src = "any", $srcport = "", $dst = "any", $dstport = "", $natip = "", $natport = "", $nonat = false, $staticnatport = false, $proto = "") { global $config; /* XXX: billm - any idea if this code is needed? */ if($src == "/32" || $src{0} == "/") @@ -842,6 +842,11 @@ function filter_nat_rules_generate_if($if, $src = "any", $srcport = "", $dst = " else $tgt = "($if)"; } + /* Add the protocol, if defined */ + if (!empty($proto) && $proto != "any") + $protocol = " proto {$proto}"; + else + $protocol = ""; /* Add the hard set source port (useful for ISAKMP) */ if($natport != "") $tgt .= " port {$natport}"; @@ -877,7 +882,7 @@ function filter_nat_rules_generate_if($if, $src = "any", $srcport = "", $dst = " $if_friendly = convert_friendly_interface_to_friendly_descr($if); /* Put all the pieces together */ if($if_friendly) - $natrule = "{$nat} on \${$if_friendly} from {$src} to {$dst} {$target}{$staticnatport_txt}\n"; + $natrule = "{$nat} on \${$if_friendly} {$protocol} from {$src} to {$dst} {$target}{$staticnatport_txt}\n"; else $natrule .= "# Could not convert {$if} to friendly name(alias)\n"; return $natrule; @@ -937,7 +942,8 @@ function filter_nat_rules_generate() { $obent['target'], $obent['natport'], isset($obent['nonat']), - isset($obent['staticnatport']) + isset($obent['staticnatport']), + $obent['protocol'] ); } } |
