From f28e13de272d247ee0565525ce784dca2ea929a7 Mon Sep 17 00:00:00 2001
From: Erik Fonnesbeck <efonnes@gmail.com>
Date: Tue, 4 May 2010 01:54:29 -0600
Subject: Skip code for generating inetd.conf entries when 'no rdr' is used.

---
 etc/inc/filter.inc | 38 +++++++++++++++++++++-----------------
 1 file changed, 21 insertions(+), 17 deletions(-)

(limited to 'etc/inc/filter.inc')

diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index 1304258..5c202fc 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -841,6 +841,26 @@ function filter_generate_reflection($rule, $nordr, $rdr_ifs, $srcaddr, $dstaddr_
 				$dstaddr = gen_subnet($dstaddr, $FilterIflist[$natif]['sn']) . '/' . $FilterIflist[$natif]['sn'];
 		}
 
+		switch($rule['protocol']) {
+		case "tcp/udp":
+			$protocol = "{ tcp udp }";
+			$reflect_protos = array('tcp', 'udp');
+			break;
+		case "tcp":
+		case "udp":
+			$protocol = $rule['protocol'];
+			$reflect_protos = array($rule['protocol']);
+			break;
+		default:
+			$reflect_protos = array();
+			break;
+		}
+
+		if(!empty($nordr)) {
+			$natrules .= "no rdr on {$rdr_if_list} proto {$protocol} from {$srcaddr} to {$dstaddr} port {$rflctintrange}\n";
+			return $natrules;
+		}
+
 		if (is_alias($rule['target']))
 			$target = filter_expand_alias($rule['target']);
 		else if(is_ipaddr($rule['target']))
@@ -894,21 +914,6 @@ function filter_generate_reflection($rule, $nordr, $rdr_ifs, $srcaddr, $dstaddr_
 				$starting_localhost_port++;
 			}
 
-			switch($rule['protocol']) {
-			case "tcp/udp":
-				$protocol = "{ tcp udp }";
-				$reflect_protos = array('tcp', 'udp');
-				break;
-			case "tcp":
-			case "udp":
-				$protocol = $rule['protocol'];
-				$reflect_protos = array($rule['protocol']);
-				break;
-			default:
-				$reflect_protos = array();
-				break;
-			}
-
 			if(!empty($reflect_protos)) {
 				foreach($toadd_array as $tda){
 					foreach($reflect_protos as $reflect_proto) {
@@ -923,8 +928,7 @@ function filter_generate_reflection($rule, $nordr, $rdr_ifs, $srcaddr, $dstaddr_
 					}
 					$inetdport++;
 				}
-				$natrules .= "{$nordr}rdr on {$rdr_if_list} proto {$protocol} from {$srcaddr} to {$dstaddr} port {$rflctintrange} tag PFREFLECT" .
-								($nordr == "" ? " -> 127.0.0.1 port {$rflctrange}" : "") . "\n";
+				$natrules .= "rdr on {$rdr_if_list} proto {$protocol} from {$srcaddr} to {$dstaddr} port {$rflctintrange} tag PFREFLECT -> 127.0.0.1 port {$rflctrange}\n";
 			}
 		}
 		$reflection_txt = array_unique($reflection_txt);
-- 
cgit v1.1