summaryrefslogtreecommitdiffstats
path: root/etc
diff options
context:
space:
mode:
authorErik Fonnesbeck <efonnes@gmail.com>2010-05-02 14:23:42 -0600
committerErik Fonnesbeck <efonnes@gmail.com>2010-05-02 14:23:42 -0600
commit7133ab35b97ba2600d7ad1125bb15c3b6d51eb52 (patch)
tree33a11a48752b7aac24edb433100c37feb9a25424 /etc
parent4818f161e4f6b1cde33dfa2aaa6350b571de697a (diff)
downloadpfsense-7133ab35b97ba2600d7ad1125bb15c3b6d51eb52.zip
pfsense-7133ab35b97ba2600d7ad1125bb15c3b6d51eb52.tar.gz
Various fixes for handling of ports in port forwards.
- Removed unused $srcport variable. - Moved setting the $protocol variable to after setting the ports, so it can clear the ports variables when using non-tcp/udp protocols. - Handle a couple extra possible cases for local port.
Diffstat (limited to 'etc')
-rw-r--r--etc/inc/filter.inc29
1 files changed, 17 insertions, 12 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index 54ffbbd..ed16434 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -1190,17 +1190,6 @@ function filter_nat_rules_generate() {
if(isset($rule['disabled']))
continue;
- if (strtolower($rule['protocol']) == "tcp/udp")
- $protocol = "{ tcp udp }";
- else
- $protocol = strtolower($rule['protocol']);
-
- /* if item is an alias, expand */
- $srcport = "";
- $srcport[0] = alias_expand($rule['source']['port']);
- if(!$srcport[0])
- $srcport = explode("-", $rule['source']['port']);
-
/* if item is an alias, expand */
$dstport = "";
$dstport[0] = alias_expand($rule['destination']['port']);
@@ -1209,8 +1198,10 @@ function filter_nat_rules_generate() {
/* if item is an alias, expand */
$localport = alias_expand($rule['local-port']);
- if(!$localport || $rule['destination']['port'] == $rule['local-port']) {
+ if(!$localport || $dstport[0] == $localport) {
$localport = "";
+ } else if(is_alias($rule['destination']['port']) || is_alias($rule['local-port'])) {
+ $localport = " port {$localport}";
} else {
if(($dstport[1]) && ($dstport[0] != $dstport[1])) {
$localendport = $localport + ($dstport[1] - $dstport[0]);
@@ -1221,6 +1212,20 @@ function filter_nat_rules_generate() {
$localport = " port {$localport}";
}
+ switch(strtolower($rule['protocol'])) {
+ case "tcp/udp":
+ $protocol = "{ tcp udp }";
+ break;
+ case "tcp":
+ case "udp":
+ $protocol = strtolower($rule['protocol']);
+ break;
+ default:
+ $protocol = strtolower($rule['protocol']);
+ $localport = "";
+ break;
+ }
+
$target = alias_expand($rule['target']);
if(!$target) {
$natrules .= "# Unresolvable alias {$rule['target']}\n";
OpenPOWER on IntegriCloud