Project

General

Profile

211.diff

Viktor Gurov, 04/23/2021 12:12 AM

View differences:

src/etc/inc/filter.inc
3381 3381
function filter_rules_generate() {
3382 3382
	global $config, $g, $FilterIflist, $time_based_rules, $GatewaysList,
3383 3383
	       $tracker, $vlanprio_values, $antilockout_tracker,
3384
	       $bogons_tracker, $rfc1918_tracker;
3384
	       $bogons_tracker, $rfc1918_tracker, $vpn_and_ppp_ifs;
3385 3385

  
3386 3386
	$fix_rule_label = 'fix_rule_label';
3387 3387
	$increment_tracker = 'filter_rule_tracker';
......
3955 3955
		$rule_arr1 = array();
3956 3956
		$rule_arr2 = array();
3957 3957
		$rule_arr3 = array();
3958
		$vpn_and_ppp_ifs = array("l2tp", "pptp", "pppoe", "enc0", "openvpn");
3959 3958
		/*
3960 3959
		 * NB: The order must be: Floating rules, then interface group and then regular ones.
3961 3960
		 */
src/etc/inc/globals.inc
344 344
	),
345 345
);
346 346

  
347
global $vpn_and_ppp_ifs;
348
$vpn_and_ppp_ifs = array("l2tp", "pppoe", "enc0", "openvpn");
347 349
?>
src/etc/inc/util.inc
3744 3744
		return false;
3745 3745
	}
3746 3746
}
3747

  
3748
function is_interface_ipaddr($interface) {
3749
	global $config;
3750

  
3751
	if (is_array($config['interfaces'][$interface]) &&
3752
	    isset($config['interfaces'][$interface]['ipaddr']) &&
3753
	    !empty($config['interfaces'][$interface]['ipaddr'])) {
3754
		return true;
3755
	}
3756
	return false;
3757
}
3758

  
3759
function is_interface_ipaddrv6($interface) {
3760
	global $config;
3761

  
3762
	if (is_array($config['interfaces'][$interface]) &&
3763
	    isset($config['interfaces'][$interface]['ipaddrv6']) &&
3764
	    !empty($config['interfaces'][$interface]['ipaddrv6'])) {
3765
		return true;
3766
	}
3767
	return false;
3768
}
3769

  
3747 3770
?>
src/usr/local/www/firewall_nat_1to1_edit.php
175 175
	$srcipaddrtype = false;
176 176
	$dstipaddrtype = false;
177 177

  
178
	if ((($_POST['ipprotocol'] == 'inet') && !get_interface_ip($_POST['interface'])) ||
179
	    (($_POST['ipprotocol'] == 'inet6') && !get_interface_ipv6($_POST['interface']))) {
180
		$input_errors[] = gettext("The interface do not have address from the specified address family.");
178
	if (((($_POST['ipprotocol'] == 'inet') && !is_interface_ipaddr($_POST['interface'])) ||
179
	    (($_POST['ipprotocol'] == 'inet6') && !is_interface_ipaddrv6($_POST['interface']))) &&
180
       	    !is_interface_group($_POST['interface']) && !in_array($_POST['interface'], $vpn_and_ppp_ifs)) {
181
		$input_errors[] = gettext("The interface does not have an address from the specified address family.");
181 182
	}
182 183

  
183 184
	if ($_POST['external'] && !is_specialnet($_POST['exttype']) &&