@@ -345,7 +345,8 @@ function get_pfsense_if_id($interface) {
345345 }
346346}
347347
348- // Check if input is valid for rule source and destination
348+ # Check if input is valid for rule source and destination
349+ # TODO: this function is messy, clean it up
349350function is_valid_rule_addr ($ addr$ direction
350351 // Variables
351352 $ addr_typesarray ("any " , "pppoe " , "l2tp " , "(self) " ); // Array of special src/dst types
@@ -357,24 +358,34 @@ function is_valid_rule_addr($addr, $direction) {
357358 $ addr_nottrue ;
358359 $ addrstr_replace ("! " , "" , $ addr
359360 }
360- // Check if our source data is valid
361- $ addr_ifstr_replace ("ip " , "" , $ addr// Save seperate variable to check for interface sourcees
361+
362+ // Check if our data is valid
363+ $ addr_ifstr_replace ("ip " , "" , $ addr
364+
362365 if (is_ipaddr ($ addror is_subnet ($ addr
363366 $ ret_val"data " ] = array ($ directionarray ("address " => $ addr
364367 } elseif (is_alias ($ addr
365368 $ ret_val"data " ] = array ($ directionarray ("address " => $ addr
366369 } elseif (get_pfsense_if_id ($ addr_if
367370 $ addr_pfifget_pfsense_if_id ($ addr_if// Save our interface pfid
371+
368372 // If source was interface address (ending in ip), otherwise assume entire subnet
369373 if (str_replace ($ addr_if"" , $ addr"ip " ) {
370374 $ ret_val"data " ] = array ($ directionarray ("network " => $ addr_pfif"ip " ));
371375 } else {
372376 $ ret_val"data " ] = array ($ directionarray ("network " => $ addr_pfif
373377 }
374378 } elseif (in_array ($ addr$ addr_types
379+ # Format config for any address
375380 if ($ addr"any " ) {
376381 $ ret_val"data " ] = array ($ directionarray ("any " => "" ));
377- } else {
382+ }
383+ # Do not allow (self) address if direction is source
384+ elseif ($ addr"(self) " and $ direction"source " ) {
385+ $ ret_val"valid " ] = false ;
386+ }
387+ # Otherwise, Format config as network
388+ else {
378389 $ ret_val"data " ] = array ($ directionarray ("network " => $ addr
379390 }
380391 } else {
0 commit comments