Skip to content

Commit

Permalink
Do not generate duplicate NAT Reflection rules. Fixes #13012
Browse files Browse the repository at this point in the history
  • Loading branch information
@vktg
vktg committed Apr 4, 2022
1 parent bfa801a commit a876c33
Showing 1 changed file with 5 additions and 1 deletion.
6 changes: 5 additions & 1 deletion src/etc/inc/filter.inc
View file
Expand Up @@ -1520,6 +1520,7 @@ function filter_generate_reflection_nat($rule, &$route_table, $nat_ifs, $protoco
}

/* Search for matching subnets in the routing table */
$natsubnets = array();
foreach ($route_table as $route) {
$subnet = $route['subnet'];
$subnet_split = explode("/", $subnet);
Expand Down Expand Up @@ -1556,7 +1557,10 @@ function filter_generate_reflection_nat($rule, &$route_table, $nat_ifs, $protoco
(!empty(get_interface_ipv6($subnet_if)) && is_ipaddrv6($target))) {
$natrules .= "no nat on {$subnet_if}{$protocol_text} from ({$subnet_if}) to {$target}\n";
}
$natrules .= "nat on {$subnet_if}{$protocol_text} from {$subnet} to {$target} -> {$ifsubnet_ip}{$static_port}\n";
if (!$natsubnets[$subnet]) {
$natrules .= "nat on {$subnet_if}{$protocol_text} from {$subnet} to {$target} -> {$ifsubnet_ip}{$static_port}\n";
$natsubnets[$subnet] = true;
}
}
}
}
Expand Down

0 comments on commit a876c33

Please sign in to comment.