From: Jo-Philipp Wich <jo@mein.io>
Date: Thu, 3 Feb 2022 22:10:13 +0000 (+0100)
Subject: fw4: fix enabling NAT reflection rules for DNATs without explicit family
X-Git-Url: http://git.openwrt.org/project/luci.git;master?a=commitdiff_plain;h=b2241a1a70f8c367604ad25dea5b615fd1c8a5a1;p=project%2Ffirewall4.git

fw4: fix enabling NAT reflection rules for DNATs without explicit family

Ref: https://forum.openwrt.org/t/x/119218
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
---

diff --git a/root/usr/share/ucode/fw4.uc b/root/usr/share/ucode/fw4.uc
index 842dde2..175883f 100644
--- a/root/usr/share/ucode/fw4.uc
+++ b/root/usr/share/ucode/fw4.uc
@@ -2572,10 +2572,7 @@ return {
 				}
 
 				/* build reflection rules */
-				if (redir.reflection && (length(rip[0]) || length(rip[1])) &&
-				    redir.src && redir.src.zone && redir.src.zone[family == 4 ? "masq" : "masq6"] &&
-				    redir.dest && redir.dest.zone) {
-
+				if (redir.reflection && (length(rip[0]) || length(rip[1])) && redir.src?.zone && redir.dest?.zone) {
 					let refredir = {
 						name: redir.name + " (reflection)",
 
@@ -2611,7 +2608,7 @@ return {
 						let refaddrs = (redir.reflection_src == "internal") ? iaddrs : eaddrs;
 
 						for (let i = 0; i <= 1; i++) {
-							if (length(rip[i])) {
+							if (redir.src.zone[i ? "masq6" : "masq"] && length(rip[i])) {
 								let snat_addr = refaddrs[i]?.[0];
 
 								/* For internal reflection sources try to find a suitable candiate IP