diff options
author | Chris Buechler <cmb@pfsense.org> | 2015-10-20 12:59:45 -0500 |
---|---|---|
committer | Chris Buechler <cmb@pfsense.org> | 2015-10-20 12:59:45 -0500 |
commit | 0b84a5a64203e94ab988c0abac245f0d562c0ac0 (patch) | |
tree | b243b607f4383e497636c9e0a51df46cb9971987 /src | |
parent | bf69f2f84efa01ba86ea9ff01d1b0e245212bae3 (diff) | |
download | pfsense-0b84a5a64203e94ab988c0abac245f0d562c0ac0.zip pfsense-0b84a5a64203e94ab988c0abac245f0d562c0ac0.tar.gz |
Check whether the P2 or its associated P1 are disabled before adding NAT
rules. Ticket #5320
Diffstat (limited to 'src')
-rw-r--r-- | src/etc/inc/filter.inc | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/src/etc/inc/filter.inc b/src/etc/inc/filter.inc index ff634c4..71471c1 100644 --- a/src/etc/inc/filter.inc +++ b/src/etc/inc/filter.inc @@ -1899,10 +1899,17 @@ function filter_nat_rules_generate() { if (is_array($config['ipsec']) && isset($config['ipsec']['enable'])) { if (is_array($config['ipsec']['phase2'])) { foreach ($config['ipsec']['phase2'] as $ph2ent) { - if ($ph2ent['mode'] != 'transport' && !empty($ph2ent['natlocalid'])) { + if ($ph2ent['mode'] != 'transport' && !empty($ph2ent['natlocalid']) && !isset($ph2ent['disabled'])) { if (!function_exists('ipsec_idinfo_to_cidr')) { require_once("ipsec.inc"); } + ipsec_lookup_phase1($ph2ent, $ph1ent); + if (!is_array($ph1ent)) { + continue; + } + if (isset($ph1ent['disabled'])) { + continue; + } if (!is_array($ph2ent['localid'])) { $ph2ent['localid'] = array(); } |