Changeset 280


Ignore:
Timestamp:
Mar 7, 2010, 8:42:16 AM (15 years ago)
Author:
george
Message:
  • Opraveno: Načítání pravidel do routeru.
Location:
trunk/system/generators
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/system/generators/firewall_mangle.php

    r272 r280  
    8181      // Hosts
    8282      $ParentSubnetId = GetSubgroupByRange($Node['Address']->AddressToString().'/'.$Node['Address']->Prefix);
     83      $Address = $Item['Address']->AddressToString();
     84      if($Item['Address']->Prefix != 32) $Address .= '/'.$Item['Address']->Prefix;
     85     
    8386      $PacketMark = GetMarkByComment($Item['Name'].'-out');
    84       $ItemsFirewall[] = array('chain' => 'inet-'.$ParentSubnetId.'-out', 'src-address' => $Item['Address']->AddressToString().'/'.$Item['Address']->Prefix, 'out-interface' =>  $InetInterface, 'action' => 'mark-packet', 'new-packet-mark' => $PacketMark, 'passthrough' => 'no', 'comment' => $Item['Name'].'-out');
     87      $ItemsFirewall[] = array('chain' => 'inet-'.$ParentSubnetId.'-out', 'src-address' => $Address, 'out-interface' =>  $InetInterface, 'action' => 'mark-packet', 'new-packet-mark' => $PacketMark, 'passthrough' => 'no', 'comment' => $Item['Name'].'-out');
    8588      $PacketMark = GetMarkByComment($Item['Name'].'-in');
    86       $ItemsFirewall[] = array('chain' => 'inet-'.$ParentSubnetId.'-in', 'dst-address' => $Item['Address']->AddressToString().'/'.$Item['Address']->Prefix, 'in-interface' => $InetInterface, 'action' => 'mark-packet', 'new-packet-mark' => $PacketMark, 'passthrough' => 'no', 'comment' => $Item['Name'].'-in');
     89      $ItemsFirewall[] = array('chain' => 'inet-'.$ParentSubnetId.'-in', 'dst-address' => $Address, 'in-interface' => $InetInterface, 'action' => 'mark-packet', 'new-packet-mark' => $PacketMark, 'passthrough' => 'no', 'comment' => $Item['Name'].'-in');
    8790    } else
    8891    {
     
    9295      $PacketMark = GetMarkByComment($Item['Name'].'-out');
    9396     
    94       $ItemsFirewall[] = array('chain' => 'inet-'.$ParentSubnetId.'-out', 'src-address' => $Item['Address']->AddressToString().'/'.$Item['Address']->Prefix, 'out-interface' => $InetInterface, 'action' => 'jump', 'jump-target' => 'inet-'.$SubnetId.'-out', 'comment' => $Item['Name'].'-out');   
    95       $ItemsFirewall[] = array('chain' => 'inet-'.$ParentSubnetId.'-in', 'dst-address' => $Item['Address']->AddressToString().'/'.$Item['Address']->Prefix, 'in-interface' => $InetInterface, 'action' => 'jump', 'jump-target' => 'inet-'.$SubnetId.'-in', 'comment' => $Item['Name'].'-in');   
     97      $Address = $Item['Address']->AddressToString();
     98      if($Item['Address']->Prefix != 32) $Address .= '/'.$Item['Address']->Prefix;
     99     
     100      $ItemsFirewall[] = array('chain' => 'inet-'.$ParentSubnetId.'-out', 'src-address' => $Address, 'out-interface' => $InetInterface, 'action' => 'jump', 'jump-target' => 'inet-'.$SubnetId.'-out', 'comment' => $Item['Name'].'-out');   
     101      $ItemsFirewall[] = array('chain' => 'inet-'.$ParentSubnetId.'-in', 'dst-address' => $Address, 'in-interface' => $InetInterface, 'action' => 'jump', 'jump-target' => 'inet-'.$SubnetId.'-in', 'comment' => $Item['Name'].'-in');   
    96102     
    97103      ProcessNode($Item);     
     
    104110
    105111// Root of tree and main limit
    106 $ItemsFirewall[] = array('chain' => 'forward', 'out-interface' => $InetInterface, 'action' => 'jump', 'jump-target' => 'inet-1-out', 'comment' => 'main-out');
    107 $ItemsFirewall[] = array('chain' => 'forward', 'in-interface' => $InetInterface, 'action' => 'jump', 'jump-target' => 'inet-1-in', 'comment' => 'main-in');
     112$ItemsFirewall[] = array('chain' => 'forward', 'out-interface' => $InetInterface, 'dst-address' => '!77.92.221.0/24', 'action' => 'jump', 'jump-target' => 'inet-1-out', 'comment' => 'main-out');
     113$ItemsFirewall[] = array('chain' => 'forward', 'in-interface' => $InetInterface, 'src-address' => '!77.92.221.0/24', 'action' => 'jump', 'jump-target' => 'inet-1-in', 'comment' => 'main-in');
    108114
    109115ProcessNode($AddressTree);
     
    116122
    117123
    118 print_r($ItemsFirewall);
     124//print_r($ItemsFirewall);
    119125$Routerboard->ListUpdate($PathFirewall, array('chain', 'dst-address', 'in-interface', 'action', 'new-packet-mark', 'passthrough', 'comment', 'out-interface', 'src-address', 'jump-target'), $ItemsFirewall, array(), true);
    120126
  • trunk/system/generators/firewall_nat.php

    r278 r280  
    5050    $Range = $NewAddress->GetRange();
    5151    if($Subnet['ExtMask'] != 32) $Range = $Range['From']->AddressToString().'-'.$Range['To']->AddressToString();
    52       else $Rang  e = $Range['From']->AddressToString();
     52      else $Range = $Range['From']->AddressToString();
    5353    if($Subnet['Mask'] == 32) $Src = $Subnet['AddressRange'];
    5454      else $Src = $Subnet['AddressRange'].'/'.$Subnet['Mask'];
     
    6969
    7070// Masquerade hosts without public ip
    71 $Items[] = array('chain' => 'inet-out', 'action' => 'masquerade', 'comment' => 'Default_NAT');     
     71$Items[] = array('chain' => 'inet-out', 'action' => 'src-nat', 'to-addresses' => '77.92.221.106', 'comment' => 'Default_NAT');
    7272// Redirect DNS port
    7373//$Items[] = array('chain' => 'dstnat', 'dst-address' => '212.111.4.174', 'protocol' => 'tcp', 'dst-port' => 53, 'in-interface' => $InetInterface, 'action' => 'dst-nat', 'to-addresses' => '10.145.64.8', 'to-ports' => 53, 'comment' => 'DNS_redirection_UDP');
Note: See TracChangeset for help on using the changeset viewer.