onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-24 04:07:55 +01:00
Code Issues Releases Wiki Activity

* NATCompiler_pf.cpp (ReplaceFirewallObjectsODst::processNext):

Browse Source 
fixes #1397   PF compiler fix: destination nat rule with fw object
in ODst should skip "on intf"
This commit is contained in:
Vadim Kurland 2010-04-09 20:11:16 +00:00
parent 4f8eeb9b1f
commit 33a1980b4d
3 changed files with 24 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
build_num
View File

@ -1 +1 @@
#define BUILD_NUM 2805
#define BUILD_NUM 2807

4
doc/ChangeLog
View File

@ -1,5 +1,9 @@
2010-04-09 vadim <vadim@vk.crocodile.org>
* NATCompiler_pf.cpp (ReplaceFirewallObjectsODst::processNext):
fixes #1397 PF compiler fix: destination nat rule with fw object
in ODst should skip "on intf"
* NATCompiler_ipt.cpp (AssignInterface::processNext): fixes #1403
refs #1150 "Using ip address of wrong interface" is broken in v4.0.
This effectively rolls back change r2437. With no "Interface" column

27
src/pflib/NATCompiler_pf.cpp
View File

@ -695,6 +695,12 @@ bool NATCompiler_pf::AssignInterface::processNext()
NATCompiler_pf *pf_comp=dynamic_cast<NATCompiler_pf*>(compiler);
NATRule *rule=getNext(); if (rule==NULL) return false;
if (rule->getInterfaceStr() != "")
{
tmp_queue.push_back(rule);
return true;
}
switch ( rule->getRuleType() )
{
case NATRule::SNAT:
@ -747,13 +753,13 @@ bool NATCompiler_pf::ReplaceFirewallObjectsODst::processNext()
list<FWObject*> cl;
RuleElementODst *rel;
Address *obj=NULL;
rel=rule->getODst(); assert(rel);
obj=compiler->getFirstODst(rule); assert(obj);
if (obj->getId()==compiler->getFwId() ) {
Address *obj=NULL;
rel = rule->getODst(); assert(rel);
obj =compiler->getFirstODst(rule); assert(obj);
if (obj->getId()==compiler->getFwId() )
{
list<FWObject*> l2=compiler->fw->getByType(Interface::TYPENAME);
for (list<FWObject*>::iterator i=l2.begin(); i!=l2.end(); ++i) {
Interface *interface_=Interface::cast(*i);
@ -768,14 +774,19 @@ bool NATCompiler_pf::ReplaceFirewallObjectsODst::processNext()
if (! interface_->isLoopback() ) cl.push_back(interface_);
}
if ( ! cl.empty() ) {
if ( ! cl.empty() )
{
rel->clearChildren();
for (FWObject::iterator i1=cl.begin(); i1!=cl.end(); ++i1)
{
rel->addRef( *i1 );
}
}
/*
* update for ticket 1397
* If firewall object is in ODst, do not assign the rule to any interface
*/
rule->setInterfaceStr("nil");
}
return true;