Changeset 892 for trunk/Modules/NetworkConfigRouterOS/Generators/FirewallMangle.php

Timestamp:

Dec 31, 2020, 11:47:45 AM (3 years ago)

Author:

chronos

Message:

• Added: Limit direct input/output internet traffic to gateway to cover also VPN connections traffic.

File:

• trunk/Modules/NetworkConfigRouterOS/Generators/FirewallMangle.php (modified) (2 diffs)

trunk/Modules/NetworkConfigRouterOS/Generators/FirewallMangle.php

@@ -82 +82 @@
     // Process users
     $DbResult = $this->System->Database->query('SELECT `Member`.*, `Subject`.`Name` FROM `Member` '.
-        'LEFT JOIN `Subject` ON `Subject`.`Id` = `Member`.`Subject` '.
-        'WHERE `Member`.`Blocked` = 0');
+      'LEFT JOIN `Subject` ON `Subject`.`Id` = `Member`.`Subject` '.
+      'WHERE `Member`.`Blocked` = 0');
     while ($Member = $DbResult->fetch_assoc())
     {
@@ -133 +133 @@
     $this->ProcessNode($AddressTree);
 
+    // Limit direct input/output traffic to gateway
+    $PacketMark = GetMarkByComment('rt-gateway-3-out');
+    $ItemsFirewall[] = array('chain' => 'output', 'out-interface' => $InetInterface, 'action' => 'mark-packet', 'new-packet-mark' => $PacketMark, 'comment' => 'local-out',);
+    $PacketMark = GetMarkByComment('rt-gateway-3-in');
+    $ItemsFirewall[] = array('chain' => 'input', 'in-interface' => $InetInterface, 'action' => 'mark-packet', 'new-packet-mark' => $PacketMark, 'comment' => 'local-in',);
+
     // Limited free internet
     $PacketMark = GetMarkByComment('free-out');