fw4: fix enabling NAT reflection rules for DNATs without explicit family

Ref: https://forum.openwrt.org/t/x/119218 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
author: Jo-Philipp Wich 2022-02-03 22:10:13 +0000
committer: Jo-Philipp Wich 2022-02-03 22:10:13 +0000
commit: b2241a1a70f8c367604ad25dea5b615fd1c8a5a1 (patch)
tree: af215e61bc006ec697c8f7610e70dcbbca4dbd9f
parent: 3ee6a5c54d5c32a635870fae402420d8c653476c (diff)
download: firewall4-b2241a1a70f8c367604ad25dea5b615fd1c8a5a1.tar.gz
1 files changed, 2 insertions, 5 deletions
diff --git a/root/usr/share/ucode/fw4.uc b/root/usr/share/ucode/fw4.uc
index 842dde2..175883f 100644
--- a/root/usr/share/ucode/fw4.uc
+++ b/root/usr/share/ucode/fw4.uc
@@ -2572,10 +2572,7 @@ return {
 				}
 
 				/* build reflection rules */
-				if (redir.reflection && (length(rip[0]) || length(rip[1])) &&
-				    redir.src && redir.src.zone && redir.src.zone[family == 4 ? "masq" : "masq6"] &&
-				    redir.dest && redir.dest.zone) {
-
+				if (redir.reflection && (length(rip[0]) || length(rip[1])) && redir.src?.zone && redir.dest?.zone) {
 					let refredir = {
 						name: redir.name + " (reflection)",
 
@@ -2611,7 +2608,7 @@ return {
 						let refaddrs = (redir.reflection_src == "internal") ? iaddrs : eaddrs;
 
 						for (let i = 0; i <= 1; i++) {
-							if (length(rip[i])) {
+							if (redir.src.zone[i ? "masq6" : "masq"] && length(rip[i])) {
 								let snat_addr = refaddrs[i]?.[0];
 
 								/* For internal reflection sources try to find a suitable candiate IP
author	Jo-Philipp Wich	2022-02-03 22:10:13 +0000
committer	Jo-Philipp Wich	2022-02-03 22:10:13 +0000
commit	b2241a1a70f8c367604ad25dea5b615fd1c8a5a1 (patch)
tree	af215e61bc006ec697c8f7610e70dcbbca4dbd9f
parent	3ee6a5c54d5c32a635870fae402420d8c653476c (diff)
download	firewall4-b2241a1a70f8c367604ad25dea5b615fd1c8a5a1.tar.gz