webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-28 11:43:25 +02:00
Code Issues Packages Projects Releases Wiki Activity

firewall: Fix accessing port forwardings from internal networks.

Browse Source 
When a different "external port" was used, false rules have
been created in the mangle table.
This commit is contained in:
Michael Tremer
2014-04-20 18:13:35 +02:00
parent c3a86f4d20
commit ff7cb6d60f
1 changed files with 8 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
config/firewall/rules.pl
View File

@@ -354,20 +354,21 @@ sub buildrules {
# Destination NAT # Destination NAT
if ($NAT_MODE eq "DNAT") { if ($NAT_MODE eq "DNAT") {
# Make port-forwardings useable from the internal networks.
my @internal_addresses = &fwlib::get_internal_firewall_ip_addresses(1);
unless ($nat_address ~~ @internal_addresses) {
&add_dnat_mangle_rules($nat_address, @options);
}
my @nat_options = (); my @nat_options = ();
if ($protocol ne "all") { if ($protocol ne "all") {
my @nat_protocol_options = &get_protocol_options($hash, $key, $protocol, 1); my @nat_protocol_options = &get_protocol_options($hash, $key, $protocol, 1);
push(@nat_options, @nat_protocol_options); push(@nat_options, @nat_protocol_options);
} }
push(@nat_options, @time_options);
# Make port-forwardings useable from the internal networks.
my @internal_addresses = &fwlib::get_internal_firewall_ip_addresses(1);
unless ($nat_address ~~ @internal_addresses) {
&add_dnat_mangle_rules($nat_address, @nat_options);
}
push(@nat_options, @source_options); push(@nat_options, @source_options);
push(@nat_options, ("-d", $nat_address)); push(@nat_options, ("-d", $nat_address));
push(@nat_options, @time_options);
my $dnat_port; my $dnat_port;
if ($protocol_has_ports) { if ($protocol_has_ports) {