Commit e850f56c authored by Ad Schellevis's avatar Ad Schellevis

filter.inc, fix filter_address_add_vips_subnets

parent 0eef8441
...@@ -1732,39 +1732,32 @@ function filter_address_add_vips_subnets(&$FilterIflist, &$subnets, $if, $not) ...@@ -1732,39 +1732,32 @@ function filter_address_add_vips_subnets(&$FilterIflist, &$subnets, $if, $not)
$subnets = "!{$subnets}"; $subnets = "!{$subnets}";
} }
if (!isset($FilterIflist[$if]['vips']) || !is_array($FilterIflist[$if]['vips'])) { if (!empty($FilterIflist[$if]['vips']) || !empty($FilterIflist[$if]['vips6'])) {
return; $all_vips = array();
} $all_vips = array_merge($all_vips, !empty($FilterIflist[$if]['vips']) ? $FilterIflist[$if]['vips'] : array());
$all_vips = array_merge($all_vips, !empty($FilterIflist[$if]['vips6']) ? $FilterIflist[$if]['vips6'] : array());
foreach ($FilterIflist[$if]['vips'] as $vip) { foreach ($all_vips as $vip) {
foreach ($if_subnets as $subnet) { foreach ($if_subnets as $subnet) {
if (ip_in_subnet($vip['ip'], $subnet)) { if (ip_in_subnet($vip['ip'], $subnet)) {
continue 2; continue 2;
} }
} }
$network = null;
if (is_ipaddrv4($vip['ip'])) { if (is_ipaddrv4($vip['ip']) && is_subnetv4($if_subnets[0])) {
if (!is_subnetv4($if_subnets[0])) {
continue;
}
$network = gen_subnet($vip['ip'], $vip['sn']); $network = gen_subnet($vip['ip'], $vip['sn']);
} else if (is_ipaddrv6($vip['ip'])) { } elseif (is_ipaddrv6($vip['ip']) && is_subnetv6($if_subnets[0])) {
if (!is_subnetv6($if_subnets[0])) {
continue;
}
$network = gen_subnetv6($vip['ip'], $vip['sn']); $network = gen_subnetv6($vip['ip'], $vip['sn']);
} else {
continue;
} }
if (!empty($network)) {
$subnets .= ' ' . ($not == true ? '!' : '') . $network . '/' . $vip['sn']; $subnets .= ' ' . ($not == true ? '!' : '') . $network . '/' . $vip['sn'];
$if_subnets[] = $network . '/' . $vip['sn']; $if_subnets[] = $network . '/' . $vip['sn'];
} }
unset($if_subnets); }
if (strpos($subnets, ' ') !== false) { if (strpos($subnets, ' ') !== false) {
$subnets = "{ {$subnets} }"; $subnets = "{ {$subnets} }";
} }
}
} }
function filter_generate_address(&$FilterIflist, &$rule, $target = 'source', $isnat = false) function filter_generate_address(&$FilterIflist, &$rule, $target = 'source', $isnat = false)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment