Changeset 280
- Timestamp:
- Mar 7, 2010, 8:42:16 AM (15 years ago)
- Location:
- trunk/system/generators
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/system/generators/firewall_mangle.php
r272 r280 81 81 // Hosts 82 82 $ParentSubnetId = GetSubgroupByRange($Node['Address']->AddressToString().'/'.$Node['Address']->Prefix); 83 $Address = $Item['Address']->AddressToString(); 84 if($Item['Address']->Prefix != 32) $Address .= '/'.$Item['Address']->Prefix; 85 83 86 $PacketMark = GetMarkByComment($Item['Name'].'-out'); 84 $ItemsFirewall[] = array('chain' => 'inet-'.$ParentSubnetId.'-out', 'src-address' => $ Item['Address']->AddressToString().'/'.$Item['Address']->Prefix, 'out-interface' => $InetInterface, 'action' => 'mark-packet', 'new-packet-mark' => $PacketMark, 'passthrough' => 'no', 'comment' => $Item['Name'].'-out');87 $ItemsFirewall[] = array('chain' => 'inet-'.$ParentSubnetId.'-out', 'src-address' => $Address, 'out-interface' => $InetInterface, 'action' => 'mark-packet', 'new-packet-mark' => $PacketMark, 'passthrough' => 'no', 'comment' => $Item['Name'].'-out'); 85 88 $PacketMark = GetMarkByComment($Item['Name'].'-in'); 86 $ItemsFirewall[] = array('chain' => 'inet-'.$ParentSubnetId.'-in', 'dst-address' => $ Item['Address']->AddressToString().'/'.$Item['Address']->Prefix, 'in-interface' => $InetInterface, 'action' => 'mark-packet', 'new-packet-mark' => $PacketMark, 'passthrough' => 'no', 'comment' => $Item['Name'].'-in');89 $ItemsFirewall[] = array('chain' => 'inet-'.$ParentSubnetId.'-in', 'dst-address' => $Address, 'in-interface' => $InetInterface, 'action' => 'mark-packet', 'new-packet-mark' => $PacketMark, 'passthrough' => 'no', 'comment' => $Item['Name'].'-in'); 87 90 } else 88 91 { … … 92 95 $PacketMark = GetMarkByComment($Item['Name'].'-out'); 93 96 94 $ItemsFirewall[] = array('chain' => 'inet-'.$ParentSubnetId.'-out', 'src-address' => $Item['Address']->AddressToString().'/'.$Item['Address']->Prefix, 'out-interface' => $InetInterface, 'action' => 'jump', 'jump-target' => 'inet-'.$SubnetId.'-out', 'comment' => $Item['Name'].'-out'); 95 $ItemsFirewall[] = array('chain' => 'inet-'.$ParentSubnetId.'-in', 'dst-address' => $Item['Address']->AddressToString().'/'.$Item['Address']->Prefix, 'in-interface' => $InetInterface, 'action' => 'jump', 'jump-target' => 'inet-'.$SubnetId.'-in', 'comment' => $Item['Name'].'-in'); 97 $Address = $Item['Address']->AddressToString(); 98 if($Item['Address']->Prefix != 32) $Address .= '/'.$Item['Address']->Prefix; 99 100 $ItemsFirewall[] = array('chain' => 'inet-'.$ParentSubnetId.'-out', 'src-address' => $Address, 'out-interface' => $InetInterface, 'action' => 'jump', 'jump-target' => 'inet-'.$SubnetId.'-out', 'comment' => $Item['Name'].'-out'); 101 $ItemsFirewall[] = array('chain' => 'inet-'.$ParentSubnetId.'-in', 'dst-address' => $Address, 'in-interface' => $InetInterface, 'action' => 'jump', 'jump-target' => 'inet-'.$SubnetId.'-in', 'comment' => $Item['Name'].'-in'); 96 102 97 103 ProcessNode($Item); … … 104 110 105 111 // Root of tree and main limit 106 $ItemsFirewall[] = array('chain' => 'forward', 'out-interface' => $InetInterface, ' action' => 'jump', 'jump-target' => 'inet-1-out', 'comment' => 'main-out');107 $ItemsFirewall[] = array('chain' => 'forward', 'in-interface' => $InetInterface, ' action' => 'jump', 'jump-target' => 'inet-1-in', 'comment' => 'main-in');112 $ItemsFirewall[] = array('chain' => 'forward', 'out-interface' => $InetInterface, 'dst-address' => '!77.92.221.0/24', 'action' => 'jump', 'jump-target' => 'inet-1-out', 'comment' => 'main-out'); 113 $ItemsFirewall[] = array('chain' => 'forward', 'in-interface' => $InetInterface, 'src-address' => '!77.92.221.0/24', 'action' => 'jump', 'jump-target' => 'inet-1-in', 'comment' => 'main-in'); 108 114 109 115 ProcessNode($AddressTree); … … 116 122 117 123 118 print_r($ItemsFirewall);124 //print_r($ItemsFirewall); 119 125 $Routerboard->ListUpdate($PathFirewall, array('chain', 'dst-address', 'in-interface', 'action', 'new-packet-mark', 'passthrough', 'comment', 'out-interface', 'src-address', 'jump-target'), $ItemsFirewall, array(), true); 120 126 -
trunk/system/generators/firewall_nat.php
r278 r280 50 50 $Range = $NewAddress->GetRange(); 51 51 if($Subnet['ExtMask'] != 32) $Range = $Range['From']->AddressToString().'-'.$Range['To']->AddressToString(); 52 else $Rang 52 else $Range = $Range['From']->AddressToString(); 53 53 if($Subnet['Mask'] == 32) $Src = $Subnet['AddressRange']; 54 54 else $Src = $Subnet['AddressRange'].'/'.$Subnet['Mask']; … … 69 69 70 70 // Masquerade hosts without public ip 71 $Items[] = array('chain' => 'inet-out', 'action' => ' masquerade', 'comment' => 'Default_NAT');71 $Items[] = array('chain' => 'inet-out', 'action' => 'src-nat', 'to-addresses' => '77.92.221.106', 'comment' => 'Default_NAT'); 72 72 // Redirect DNS port 73 73 //$Items[] = array('chain' => 'dstnat', 'dst-address' => '212.111.4.174', 'protocol' => 'tcp', 'dst-port' => 53, 'in-interface' => $InetInterface, 'action' => 'dst-nat', 'to-addresses' => '10.145.64.8', 'to-ports' => 53, 'comment' => 'DNS_redirection_UDP');
Note:
See TracChangeset
for help on using the changeset viewer.