webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-27 03:07:43 +02:00
Code Issues Packages Projects Releases Wiki Activity

BUG11184: Error if DNAT address ends with 0 or 255 now disabled

Browse Source 
When using dnat addresses, it is possible to use big subnets and host addresses like 172.16.0.0/12.
These addresses where rejected because it was recognised as network address.
The check is now removed.

Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This commit is contained in:
Alexander Marx
2016-09-15 15:31:48 +02:00
committed by Michael Tremer
parent f5ab60e9aa
commit bbe8e009b8
1 changed files with 0 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
html/cgi-bin/firewall.cgi
View File

@@ -539,16 +539,6 @@ sub checktarget
#check DNAT settings (has to be single Host and single Port or portrange)
if ($fwdfwsettings{'USE_NAT'} eq 'ON' && $fwdfwsettings{'nat'} eq 'dnat'){
if($fwdfwsettings{'grp2'} eq 'tgt_addr' || $fwdfwsettings{'grp2'} eq 'cust_host_tgt' || $fwdfwsettings{'grp2'} eq 'ovpn_host_tgt'){
#check if manual ip is a single Host (if set)
if ($fwdfwsettings{'grp2'} eq 'tgt_addr'){
my @tmp= split (/\./,$fwdfwsettings{$fwdfwsettings{'grp2'}});
my @tmp1= split ("/",$tmp[3]);
if (($tmp1[0] eq "0") || ($tmp1[0] eq "255"))
{
$errormessage=$Lang::tr{'fwdfw dnat error'}."<br>";
return $errormessage;
}
}
#check if Port is a single Port or portrange
if ($fwdfwsettings{'nat'} eq 'dnat' && $fwdfwsettings{'grp3'} eq 'TGT_PORT'){
if(($fwdfwsettings{'PROT'} ne 'TCP'|| $fwdfwsettings{'PROT'} ne 'UDP') && $fwdfwsettings{'TGT_PORT'} eq ''){