Changeset 892

Timestamp:

Dec 31, 2020, 11:47:45 AM (3 years ago)

Author:

chronos

Message:

• Added: Limit direct input/output internet traffic to gateway to cover also VPN connections traffic.

Location:

trunk/Modules/NetworkConfigRouterOS/Generators

Files:

• Common.php (modified) (5 diffs)
• FirewallMangle.php (modified) (2 diffs)

trunk/Modules/NetworkConfigRouterOS/Generators/Common.php

@@ -1 +1 @@
 <?php
 
-function GetMarkByComment($Comment)
+function GetMarkByComment(string $Comment): int
 {
   global $Database;
@@ -17 +17 @@
 }
 
-function GetSubgroupByRange($AddressRange)
+function GetSubgroupByRange(string $AddressRange): int
 {
   global $Database;
@@ -33 +33 @@
 }
 
-function InsertToAddressTreeIPv4(&$Tree, $Address, $Name, $InterSubnets = false, $ForceMark = false)
+function InsertToAddressTreeIPv4(array &$Tree, NetworkAddressIPv4 $Address, string $Name, bool $InterSubnets = false, bool $ForceMark = false)
 {
   global $Config;
@@ -78 +78 @@
 }
 
-function InsertToAddressTreeIPv6(&$Tree, $Address, $Name, $InterSubnets = false, $ForceMark = false)
+function InsertToAddressTreeIPv6(array &$Tree, NetworkAddressIPv6 $Address, string $Name, bool $InterSubnets = false, bool $ForceMark = false)
 {
   global $Config;
@@ -123 +123 @@
 }
 
-function ShowSubnetNode($Node, $Indent = 0)
+function ShowSubnetNode(array $Node, int $Indent = 0): void
 {
   echo(str_repeat('  ', $Indent).$Node['Address']->AddressToString().'/'.$Node['Address']->Prefix.' '.$Node['Name']."\n");

trunk/Modules/NetworkConfigRouterOS/Generators/FirewallMangle.php

@@ -82 +82 @@
     // Process users
     $DbResult = $this->System->Database->query('SELECT `Member`.*, `Subject`.`Name` FROM `Member` '.
-        'LEFT JOIN `Subject` ON `Subject`.`Id` = `Member`.`Subject` '.
-        'WHERE `Member`.`Blocked` = 0');
+      'LEFT JOIN `Subject` ON `Subject`.`Id` = `Member`.`Subject` '.
+      'WHERE `Member`.`Blocked` = 0');
     while ($Member = $DbResult->fetch_assoc())
     {
@@ -133 +133 @@
     $this->ProcessNode($AddressTree);
 
+    // Limit direct input/output traffic to gateway
+    $PacketMark = GetMarkByComment('rt-gateway-3-out');
+    $ItemsFirewall[] = array('chain' => 'output', 'out-interface' => $InetInterface, 'action' => 'mark-packet', 'new-packet-mark' => $PacketMark, 'comment' => 'local-out',);
+    $PacketMark = GetMarkByComment('rt-gateway-3-in');
+    $ItemsFirewall[] = array('chain' => 'input', 'in-interface' => $InetInterface, 'action' => 'mark-packet', 'new-packet-mark' => $PacketMark, 'comment' => 'local-in',);
+
     // Limited free internet
     $PacketMark = GetMarkByComment('free-out');