diff options
author | Stephen Beaver <sbeaver@netgate.com> | 2016-01-13 12:53:17 -0500 |
---|---|---|
committer | Stephen Beaver <sbeaver@netgate.com> | 2016-01-13 12:53:45 -0500 |
commit | 1716852ac3f818dc9fb22f3e4f7eb4301296a3c0 (patch) | |
tree | 86c5ee0c7f847fb8cf80198dd6cce17641257052 /src/etc | |
parent | 471e7c3ac7276568c0fea726d699fb63dd87d3eb (diff) | |
download | pfsense-1716852ac3f818dc9fb22f3e4f7eb4301296a3c0.zip pfsense-1716852ac3f818dc9fb22f3e4f7eb4301296a3c0.tar.gz |
Fixed #3887
Diffstat (limited to 'src/etc')
-rw-r--r-- | src/etc/inc/filter.inc | 33 |
1 files changed, 19 insertions, 14 deletions
diff --git a/src/etc/inc/filter.inc b/src/etc/inc/filter.inc index 5e0e057..7ab1ef7 100644 --- a/src/etc/inc/filter.inc +++ b/src/etc/inc/filter.inc @@ -1863,22 +1863,27 @@ function filter_nat_rules_generate() { $natif = $FilterIflist[$natif]['if']; - /* - * If reflection is enabled, turn on extra redirections - * for this rule by adding other interfaces to an rdr rule. - */ - if ((isset($config['system']['enablebinatreflection']) || $rule['natreflection'] == "enable") && - ($rule['natreflection'] != "disable")) { - $nat_if_list = filter_get_reflection_interfaces($natif); + if (isset($rule['nobinat'])) { + $natrules .= "nobinat on {$natif} from {$srcaddr} to {$dstaddr} -> {$target}{$sn1}\n"; } else { - $nat_if_list = array(); - } + /* + * If reflection is enabled, turn on extra redirections + * for this rule by adding other interfaces to an rdr rule. + */ + if ((isset($config['system']['enablebinatreflection']) || $rule['natreflection'] == "enable") && + ($rule['natreflection'] != "disable")) { + $nat_if_list = filter_get_reflection_interfaces($natif); + } else { + $nat_if_list = array(); + } + + $natrules .= "binat on {$natif} from {$srcaddr} to {$dstaddr} -> {$target}{$sn1}\n"; - $natrules .= "binat on {$natif} from {$srcaddr} to {$dstaddr} -> {$target}{$sn1}\n"; - if (!empty($nat_if_list)) { - $binat_if_list = implode(" ", $nat_if_list); - $binat_if_list = "{ {$binat_if_list} }"; - $reflection_txt .= "rdr on {$binat_if_list} from {$dstaddr} to {$target}{$sn1} -> {$srcaddr} bitmask\n"; + if (!empty($nat_if_list)) { + $binat_if_list = implode(" ", $nat_if_list); + $binat_if_list = "{ {$binat_if_list} }"; + $reflection_txt .= "rdr on {$binat_if_list} from {$dstaddr} to {$target}{$sn1} -> {$srcaddr} bitmask\n"; + } } $nat_if_list = array_merge(array($natif), $nat_if_list); |