Changeset 291 for trunk/system


Ignore:
Timestamp:
Oct 2, 2010, 4:24:15 PM (14 years ago)
Author:
george
Message:
  • Přidáno: Podpora pro blokování přístupu k internetu. Při blokovaném přístup se přesměrují HTTP požadavky na informační stránku.
File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/system/generators/firewall_nat.php

    r288 r291  
    1313
    1414$InetInterface = $Config['MainRouter']['InetInterface'];
     15$IPCentrala = '10.145.64.8';
    1516
    1617$Items = array();
     18
     19/*
    1720// NTP redirect
    1821$Items[] = array('chain' => 'srcnat', 'src-address' => '10.145.66.1', 'protocol' => 'udp', 'src-port' => 123, 'action' => 'src-nat', 'to-addresses' => '10.145.64.1', 'comment' => 'NTP_redirect_4');
     
    2225$Items[] = array('chain' => 'srcnat', 'src-address' => '10.145.66.250', 'protocol' => 'udp', 'src-port' => 123, 'action' => 'src-nat', 'to-addresses' => '10.145.64.1', 'comment' => 'NTP_redirect_3');
    2326$Items[] = array('chain' => 'srcnat', 'src-address' => '10.145.66.253', 'protocol' => 'udp', 'src-port' => 123, 'action' => 'src-nat', 'to-addresses' => '10.145.64.1', 'comment' => 'NTP_redirect_6');
     27*/
    2428
    2529// Chain for inet interface
     
    4347    $Name = RouterOSIdent($Name);
    4448    echo($Name.'('.$Interface['LocalIP'].'), ');
    45     $Items[] = array('chain' => 'inet-out', 'src-address' => $Interface['LocalIP'], 'action' => 'src-nat',  'to-addresses' => $Interface['ExternalIP'], 'comment' => $Name.'-out');
    46     $Items[] = array('chain' => 'inet-in', 'dst-address' => $Interface['ExternalIP'], 'action' => 'dst-nat', 'to-addresses' => $Interface['LocalIP'], 'comment' => $Name.'-in');
     49    if($Member['Blocked'] == 0)
     50    {
     51      $Items[] = array('chain' => 'inet-out', 'src-address' => $Interface['LocalIP'], 'action' => 'src-nat',  'to-addresses' => $Interface['ExternalIP'], 'comment' => $Name.'-out');
     52      $Items[] = array('chain' => 'inet-in', 'dst-address' => $Interface['ExternalIP'], 'action' => 'dst-nat', 'to-addresses' => $Interface['LocalIP'], 'comment' => $Name.'-in');
     53    } else
     54    {
     55      $Items[] = array('chain' => 'dstnat', 'src-address' => $Interface['LocalIP'], 'dst-port' => 80, 'action' => 'dst-nat',  'to-addresses' => $IPCentrala, 'to-ports' => 81, 'comment' => $Name.'-out');
     56    }
    4757  }
    4858
     
    5363    $Subnet['Name'] = RouterOSIdent('subnet-'.$Subnet['Name']);
    5464    echo($Subnet['Name'].'('.$Subnet['AddressRange'].'/'.$Subnet['Mask'].'), ');
    55     $NewAddress = new NetworkAddressIPv4();
    56     $NewAddress->AddressFromString($Subnet['ExtAddressRange']);
    57     $NewAddress->Prefix = $Subnet['ExtMask'];
    58     $Range = $NewAddress->GetRange();
    59     if($Subnet['ExtMask'] != 32) $Range = $Range['From']->AddressToString().'-'.$Range['To']->AddressToString();
    60       else $Range = $Range['From']->AddressToString();
    61     if($Subnet['Mask'] == 32) $Src = $Subnet['AddressRange'];
    62       else $Src = $Subnet['AddressRange'].'/'.$Subnet['Mask'];
    63     $Items[] = array('chain' => 'inet-out', 'src-address' => $Src, 'action' => 'src-nat', 'to-addresses' => $Range, 'comment' => $Subnet['Name'].'-out');
     65    if($Member['Blocked'] == 0)
     66    {
     67      $NewAddress = new NetworkAddressIPv4();
     68      $NewAddress->AddressFromString($Subnet['ExtAddressRange']);
     69      $NewAddress->Prefix = $Subnet['ExtMask'];
     70      $Range = $NewAddress->GetRange();
     71      if($Subnet['ExtMask'] != 32) $Range = $Range['From']->AddressToString().'-'.$Range['To']->AddressToString();
     72        else $Range = $Range['From']->AddressToString();
     73      if($Subnet['Mask'] == 32) $Src = $Subnet['AddressRange'];
     74        else $Src = $Subnet['AddressRange'].'/'.$Subnet['Mask'];
     75      $Items[] = array('chain' => 'inet-out', 'src-address' => $Src, 'action' => 'src-nat', 'to-addresses' => $Range, 'comment' => $Subnet['Name'].'-out');
    6476   
    65     $NewAddress = new NetworkAddressIPv4();
    66     $NewAddress->AddressFromString($Subnet['AddressRange']);
    67     $NewAddress->Prefix = $Subnet['Mask'];
    68     $Range = $NewAddress->GetRange();
    69     if($Subnet['Mask'] != 32) $Range = $Range['From']->AddressToString().'-'.$Range['To']->AddressToString();
    70       else $Range = $Range['From']->AddressToString();
    71     if($Subnet['ExtMask'] == 32) $Dest = $Subnet['ExtAddressRange'];
    72       else $Dest = $Subnet['ExtAddressRange'].'/'.$Subnet['ExtMask'];
    73     $Items[] = array('chain' => 'inet-in', 'dst-address' => $Dest, 'action' => 'dst-nat', 'to-addresses' => $Range, 'comment' => $Subnet['Name'].'-in');
     77      $NewAddress = new NetworkAddressIPv4();
     78      $NewAddress->AddressFromString($Subnet['AddressRange']);
     79      $NewAddress->Prefix = $Subnet['Mask'];
     80      $Range = $NewAddress->GetRange();
     81      if($Subnet['Mask'] != 32) $Range = $Range['From']->AddressToString().'-'.$Range['To']->AddressToString();
     82        else $Range = $Range['From']->AddressToString();
     83      if($Subnet['ExtMask'] == 32) $Dest = $Subnet['ExtAddressRange'];
     84        else $Dest = $Subnet['ExtAddressRange'].'/'.$Subnet['ExtMask'];
     85      $Items[] = array('chain' => 'inet-in', 'dst-address' => $Dest, 'action' => 'dst-nat', 'to-addresses' => $Range, 'comment' => $Subnet['Name'].'-in');
     86    } else
     87    {
     88      if($Subnet['Mask'] == 32) $Src = $Subnet['AddressRange'];
     89        else $Src = $Subnet['AddressRange'].'/'.$Subnet['Mask'];
     90      $Items[] = array('chain' => 'dstnat', 'src-address' => $Src, 'dst-port' => 80, 'action' => 'dst-nat',  'to-addresses' => $IPCentrala, 'to-ports' => 81, 'comment' => $Subnet['Name'].'-out');
     91    }
    7492  }
    7593  echo("\n");
Note: See TracChangeset for help on using the changeset viewer.