diff options
author | Phil Davis <phil.davis@inf.org> | 2017-02-23 10:41:50 +0545 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-02-23 10:41:50 +0545 |
commit | da57defa02e49ae76a7d397a772467680d5068b2 (patch) | |
tree | b6d7c99306172fbde5aa693d6ea96aed5f8457b2 /src | |
parent | 27d15a216fcc86cbeef4db4ced518438fc07378d (diff) | |
download | pfsense-da57defa02e49ae76a7d397a772467680d5068b2.zip pfsense-da57defa02e49ae76a7d397a772467680d5068b2.tar.gz |
Fix #7299 and other stuff
As far as I can see, filter_generate_user_rule() is always supposed to be called with 'ipprotocol' set to 'inet' or 'inet6'. The cases of rules for both ('inet46') are handled by calling filter_generate_user_rule() twice, passing 'inet' then 'inet6'.
So at this point, if 'ipprotocol' is blank, then it is from an old rule, and it [can|should|must] default to 'inet'.
This would provide a generic fix for old rules that do not have 'ipprotocol' specified.
The other thing that could be done is make some upgrade code that fills in 'ipprotocol' on old rules at upgrade.
Diffstat (limited to 'src')
-rw-r--r-- | src/etc/inc/filter.inc | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/etc/inc/filter.inc b/src/etc/inc/filter.inc index 6890c98..e10bcac 100644 --- a/src/etc/inc/filter.inc +++ b/src/etc/inc/filter.inc @@ -2678,7 +2678,7 @@ function filter_generate_user_rule($rule) { $aline['ipprotocol'] = "inet6"; break; default: - $aline['ipprotocol'] = ""; + $aline['ipprotocol'] = "inet"; break; } |