Skip to content

Commit b987638

Browse files
MonviechMonviech
committed
Firewall: Rules [new]: Fix handling of interfacenot, evaluate as floating rules in correct prio_group
1 parent 7fe42e7 commit b987638

File tree

2 files changed

+15
-3
lines changed

2 files changed

+15
-3
lines changed

src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api/FilterController.php

Lines changed: 10 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -178,6 +178,11 @@ public function searchRuleAction()
178178
$is_cat = empty($categories) || array_intersect(explode(',', $record->categories), $categories);
179179
$rule_interfaces = array_filter(explode(',', (string)$record->interface));
180180

181+
/* inverted interface acts as floating rule */
182+
if ((string)$record->interfacenot === "1") {
183+
$rule_interfaces = [];
184+
}
185+
181186
if (empty($interfaces)) {
182187
$is_if = count($rule_interfaces) != 1;
183188
} elseif ($show_all) {
@@ -221,6 +226,9 @@ public function searchRuleAction()
221226

222227
if (empty($interfaces)) {
223228
$is_if = empty($record['interface']) || count(explode(',', $record['interface'])) > 1;
229+
} elseif ((string)$record['interfacenot'] === "1") {
230+
/* inverted interface acts as floating rule */
231+
$is_if = true;
224232
} else {
225233
$is_if = array_intersect(explode(',', $record['interface'] ?? ''), $interfaces);
226234
$is_if = $is_if || empty($record['interface']);
@@ -481,8 +489,8 @@ public function getInterfaceListAction()
481489
foreach ((new \OPNsense\Firewall\Filter())->rules->rule->iterateItems() as $rule) {
482490
$interfaces = array_filter(explode(',', (string)$rule->interface));
483491

484-
if (count($interfaces) !== 1) {
485-
// floating: empty or multiple interfaces
492+
if ((string)$rule->interfacenot === "1" || count($interfaces) !== 1) {
493+
// floating: empty, multiple, or inverted interface
486494
$ruleCounts['floating'] = ($ruleCounts['floating'] ?? 0) + 1;
487495
} else {
488496
// single interface

src/opnsense/mvc/app/models/OPNsense/Firewall/FieldTypes/FilterRuleField.php

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -108,7 +108,11 @@ public function getPriority()
108108
{
109109
$configObj = Config::getInstance()->object();
110110
$interface = (string)$this->interface;
111-
if (strpos($interface, ",") !== false || empty($interface)) {
111+
112+
if ((string)$this->interfacenot === "1" && !empty($interface)) {
113+
// floating (inverted interface)
114+
return 200000;
115+
} elseif (strpos($interface, ",") !== false || empty($interface)) {
112116
// floating (multiple interfaces involved)
113117
return 200000;
114118
} elseif (

0 commit comments

Comments
 (0)