filter: properly add nat reflection helper for IPv6; closes #1232

661445dd · Franco Fichtner · 9385d1fb · 661445dd · 661445dd
Commit 661445dd authored Oct 23, 2016 by Franco Fichtner
Hide whitespace changes
Inline Side-by-side

Showing with 22 additions and 5 deletions

filter.inc src/etc/inc/filter.inc +11 -5

interfaces.inc src/etc/inc/interfaces.inc +11 -0

No files found.
--- a/src/etc/inc/filter.inc
+++ b/src/etc/inc/filter.inc
@@ -1857,13 +1857,19 @@ function filter_nat_rules_generate(&$FilterIflist)
                $natrules .= "{$nordr}rdr {$rdrpass}on {$natif} {$address_family} {$protocol_keyword} {$protocol} from {$srcaddr} to {$dstaddr}" . ($nordr == "" ? " -> {$target}{$localport}" : "");
                /* Does this rule redirect back to a internal host? */
                if (isset($rule['destination']['any']) && !isset($rule['nordr']) && !isset($config['system']['enablenatreflectionhelper']) && !interface_has_gateway($rule['interface'])) {
-                    $rule_interface_ip = find_interface_ip($natif);
-                    $rule_interface_subnet = find_interface_subnet($natif);
-                    if (!empty($rule_interface_ip) && !empty($rule_interface_subnet)) {
+                    if ($address_family == 'inet6') {
+                        $rule_interface_subnet = find_interface_subnet6($natif);
+                        $rule_interface_ip = find_interface_ipv6($natif);
+                        $rule_subnet = gen_subnetv6($rule_interface_ip, $rule_interface_subnet);
+                    } else {
+                        $rule_interface_subnet = find_interface_subnet($natif);
+                        $rule_interface_ip = find_interface_ip($natif);
                        $rule_subnet = gen_subnet($rule_interface_ip, $rule_interface_subnet);
+                    }
+                    if (!empty($rule_interface_ip) && !empty($rule_interface_subnet)) {
                        $natrules .= "\n";
-                        $natrules .= "no nat on {$natif} proto tcp from ({$natif}) to {$rule_subnet}/{$rule_interface_subnet}\n";
-                        $natrules .= "nat on {$natif} proto tcp from {$rule_subnet}/{$rule_interface_subnet} to {$target} port {$dstport[0]} -> ({$natif})\n";
+                        $natrules .= "no nat on {$natif} {$address_family} proto tcp from ({$natif}) to {$rule_subnet}/{$rule_interface_subnet}\n";
+                        $natrules .= "nat on {$natif} {$address_family} proto tcp from {$rule_subnet}/{$rule_interface_subnet} to {$target} port {$dstport[0]} -> ({$natif})\n";
                    }
                }


--- a/src/etc/inc/interfaces.inc
+++ b/src/etc/inc/interfaces.inc
@@ -4380,6 +4380,17 @@ function find_interface_subnet($interface)
    return null;
 }

+function find_interface_subnet6($interface)
+{
+    $interface = trim($interface);
+    if (does_interface_exist($interface)) {
+        $ifinfo = legacy_get_interface_addresses($interface);
+        if (isset($ifinfo['subnetbits6'])) {
+            return $ifinfo['subnetbits6'];
+        }
+    }
+    return null;
+}

 function ip_in_interface_alias_subnet($interface, $ipalias)
 {