diff options
author | Erik Fonnesbeck <efonnes@gmail.com> | 2010-06-25 10:22:45 -0600 |
---|---|---|
committer | Erik Fonnesbeck <efonnes@gmail.com> | 2010-06-25 10:25:56 -0600 |
commit | dabc76691966f00a20081b7731b2c5816f066536 (patch) | |
tree | 72020387d78a4f48aa503c317d0a086e4af53b8e /etc | |
parent | ff93a5c1460e5c48f10fe92587ff2913eff8450a (diff) | |
download | pfsense-dabc76691966f00a20081b7731b2c5816f066536.zip pfsense-dabc76691966f00a20081b7731b2c5816f066536.tar.gz |
Check for tcp/udp in the protocol specified for outbound NAT rules, since tcp/udp itself is not a valid protocol choice in pf. Fixes #696
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/filter.inc | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index c3a8cd2..0a6f39e 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1011,9 +1011,12 @@ function filter_nat_rules_generate_if($if, $src = "any", $srcport = "", $dst = " $tgt = "($if)"; } /* Add the protocol, if defined */ - if (!empty($proto) && $proto != "any") - $protocol = " proto {$proto}"; - else + if (!empty($proto) && $proto != "any") { + if ($proto == "tcp/udp") + $protocol = " proto { tcp udp }"; + else + $protocol = " proto {$proto}"; + } else $protocol = ""; /* Add the hard set source port (useful for ISAKMP) */ if($natport != "") |