diff options
Diffstat (limited to 'etc/inc')
-rw-r--r-- | etc/inc/filter.inc | 13 |
1 files changed, 5 insertions, 8 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 261ea58..23a9ccf 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -697,6 +697,8 @@ function filter_nat_rules_generate() { for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) $iflist['opt' . $i] = "opt{$i}"; $interface_counter = 0; + $vpns_list = get_vpns_list(); + $natrules .= "table <vpns> { $vpns_list }\n"; /* loop through all interfaces and handle pftpx redirections */ foreach ($iflist as $ifent => $ifname) { $ifname_lower = convert_friendly_interface_to_friendly_descr(strtolower($ifname)); @@ -710,18 +712,13 @@ function filter_nat_rules_generate() { $vpns = get_vpns_list(); /* if the user has defined, include the alias so that we do not redirect ftp connections across the tunnels to pftpx */ - $vpns_list = get_vpns_list(); - if($vpns_list) - $vpns = "{ $vpns_list }"; - else - $vpns = "any"; $int_ip = find_interface_ip($tmp_interface); /* if interface lacks an ip, dont setup a rdr for ftp. they are most likely on a bridged interface */ if($int_ip) if($ifname_lower) { - $natrules .= "no rdr on \${$ifname_lower} proto tcp from any to <$vpns> port 21 -> 127.0.0.1 port {$tmp_port}\n"; - $natrules .= "no rdr on \${$ifname_lower} proto tcp from <vpns> to any port 21 -> 127.0.0.1 port {$tmp_port}\n"; - $natrules .= "no rdr on \${$ifname_lower} proto tcp from any to any port 21 -> 127.0.0.1 port {$tmp_port}\n"; + $natrules .= "no rdr on \${$ifname_lower} proto tcp from any to <vpns> port 21\n"; + $natrules .= "no rdr on \${$ifname_lower} proto tcp from <vpns> to any port 21\n"; + $natrules .= "rdr on \${$ifname_lower} proto tcp from any to any port 21 -> 127.0.0.1 port {$tmp_port}\n"; } $interface_counter++; } |