diff options
author | Erik Fonnesbeck <efonnes@gmail.com> | 2010-05-02 14:23:42 -0600 |
---|---|---|
committer | Erik Fonnesbeck <efonnes@gmail.com> | 2010-05-02 14:23:42 -0600 |
commit | 7133ab35b97ba2600d7ad1125bb15c3b6d51eb52 (patch) | |
tree | 33a11a48752b7aac24edb433100c37feb9a25424 /etc | |
parent | 4818f161e4f6b1cde33dfa2aaa6350b571de697a (diff) | |
download | pfsense-7133ab35b97ba2600d7ad1125bb15c3b6d51eb52.zip pfsense-7133ab35b97ba2600d7ad1125bb15c3b6d51eb52.tar.gz |
Various fixes for handling of ports in port forwards.
- Removed unused $srcport variable.
- Moved setting the $protocol variable to after setting the ports, so it can
clear the ports variables when using non-tcp/udp protocols.
- Handle a couple extra possible cases for local port.
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/filter.inc | 29 |
1 files changed, 17 insertions, 12 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 54ffbbd..ed16434 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1190,17 +1190,6 @@ function filter_nat_rules_generate() { if(isset($rule['disabled'])) continue; - if (strtolower($rule['protocol']) == "tcp/udp") - $protocol = "{ tcp udp }"; - else - $protocol = strtolower($rule['protocol']); - - /* if item is an alias, expand */ - $srcport = ""; - $srcport[0] = alias_expand($rule['source']['port']); - if(!$srcport[0]) - $srcport = explode("-", $rule['source']['port']); - /* if item is an alias, expand */ $dstport = ""; $dstport[0] = alias_expand($rule['destination']['port']); @@ -1209,8 +1198,10 @@ function filter_nat_rules_generate() { /* if item is an alias, expand */ $localport = alias_expand($rule['local-port']); - if(!$localport || $rule['destination']['port'] == $rule['local-port']) { + if(!$localport || $dstport[0] == $localport) { $localport = ""; + } else if(is_alias($rule['destination']['port']) || is_alias($rule['local-port'])) { + $localport = " port {$localport}"; } else { if(($dstport[1]) && ($dstport[0] != $dstport[1])) { $localendport = $localport + ($dstport[1] - $dstport[0]); @@ -1221,6 +1212,20 @@ function filter_nat_rules_generate() { $localport = " port {$localport}"; } + switch(strtolower($rule['protocol'])) { + case "tcp/udp": + $protocol = "{ tcp udp }"; + break; + case "tcp": + case "udp": + $protocol = strtolower($rule['protocol']); + break; + default: + $protocol = strtolower($rule['protocol']); + $localport = ""; + break; + } + $target = alias_expand($rule['target']); if(!$target) { $natrules .= "# Unresolvable alias {$rule['target']}\n"; |