From 7133ab35b97ba2600d7ad1125bb15c3b6d51eb52 Mon Sep 17 00:00:00 2001
From: Erik Fonnesbeck <efonnes@gmail.com>
Date: Sun, 2 May 2010 14:23:42 -0600
Subject: Various fixes for handling of ports in port forwards.

- Removed unused $srcport variable.
- Moved setting the $protocol variable to after setting the ports, so it can
  clear the ports variables when using non-tcp/udp protocols.
- Handle a couple extra possible cases for local port.
---
 etc/inc/filter.inc | 29 +++++++++++++++++------------
 1 file changed, 17 insertions(+), 12 deletions(-)

(limited to 'etc')

diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index 54ffbbd..ed16434 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -1190,17 +1190,6 @@ function filter_nat_rules_generate() {
 			if(isset($rule['disabled']))
 				continue;
 
-			if (strtolower($rule['protocol']) == "tcp/udp")
-				$protocol = "{ tcp udp }";
-			else
-				$protocol = strtolower($rule['protocol']);
-
-			/* if item is an alias, expand */
-			$srcport = "";
-			$srcport[0] = alias_expand($rule['source']['port']);
-			if(!$srcport[0])
-				$srcport = explode("-", $rule['source']['port']);
-
 			/* if item is an alias, expand */
 			$dstport = "";
 			$dstport[0] = alias_expand($rule['destination']['port']);
@@ -1209,8 +1198,10 @@ function filter_nat_rules_generate() {
 
 			/* if item is an alias, expand */
 			$localport = alias_expand($rule['local-port']);
-			if(!$localport || $rule['destination']['port'] == $rule['local-port']) {
+			if(!$localport || $dstport[0] == $localport) {
 				$localport = "";
+			} else if(is_alias($rule['destination']['port']) || is_alias($rule['local-port'])) {
+				$localport = " port {$localport}";
 			} else {
 				if(($dstport[1]) && ($dstport[0] != $dstport[1])) {
 					$localendport = $localport + ($dstport[1] - $dstport[0]);
@@ -1221,6 +1212,20 @@ function filter_nat_rules_generate() {
 				$localport = " port {$localport}";
 			}
 
+			switch(strtolower($rule['protocol'])) {
+			case "tcp/udp":
+				$protocol = "{ tcp udp }";
+				break;
+			case "tcp":
+			case "udp":
+				$protocol = strtolower($rule['protocol']);
+				break;
+			default:
+				$protocol = strtolower($rule['protocol']);
+				$localport = "";
+				break;
+			}
+
 			$target = alias_expand($rule['target']);
 			if(!$target) {
 				$natrules .= "# Unresolvable alias {$rule['target']}\n";
-- 
cgit v1.1