Changeset 299 for trunk/system
- Timestamp:
- Oct 3, 2010, 1:51:44 PM (14 years ago)
- Location:
- trunk/system/generators
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/system/generators/firewall_filter.php
r298 r299 13 13 14 14 $InetInterface = $Config['MainRouter']['InetInterface']; 15 $LocalInterface = $Config['MainRouter'][' InetInterface'];15 $LocalInterface = $Config['MainRouter']['LocalInterface']; 16 16 17 17 $Items = array(); … … 22 22 $Items[] = array('chain' => 'forward', 'in-interface' => $InetInterface, 'action' => 'passthrough', 'comment' => 'total-in'); 23 23 24 // Inet traffic groups 25 //$Items[] = array('chain' => 'forward', 'out-interface' => $InetInterface, 'action' => 'jump', 'jump-target' => 'inet-out', 'comment' => 'inet-out'); 26 //$Items[] = array('chain' => 'forward', 'in-interface' => $InetInterface, 'action' => 'jump', 'jump-target' => 'inet-in', 'comment' => 'inet-in'); 27 24 28 // Input to router 25 $Items[] = array('chain' => 'input', ' protocol' => 'icmp', 'action' => 'accept', 'comment' => 'local-ping');26 $Items[] = array('chain' => 'input', ' src-address' => '216.66.80.30', 'action' => 'accept', 'comment' => 'ipv6-tunnel');27 $Items[] = array('chain' => 'input', ' action' => 'drop', 'comment' => 'drop-rest-input');29 $Items[] = array('chain' => 'input', 'in-interface' => $InetInterface, 'protocol' => 'icmp', 'action' => 'accept', 'comment' => 'local-ping'); 30 $Items[] = array('chain' => 'input', 'in-interface' => $InetInterface, 'src-address' => '216.66.80.30', 'action' => 'accept', 'comment' => 'ipv6-tunnel'); 31 $Items[] = array('chain' => 'input', 'in-interface' => $InetInterface, 'action' => 'drop', 'comment' => 'drop-rest-input'); 28 32 29 33 // Allowed SMTP servers 30 $Items[] = array('chain' => 'forward', ' protocol' => 'tcp', 'dst-port' => 25, 'src-address' => '10.145.64.8', 'action' => 'accept', 'comment' => 'smtp.zdechov.net');31 $Items[] = array('chain' => 'forward', ' protocol' => 'tcp', 'dst-port' => 25, 'dst-address' => '212.111.0.12', 'action' => 'accept', 'comment' => 'smtp.inext.cz');32 $Items[] = array('chain' => 'forward', ' protocol' => 'tcp', 'dst-port' => 25, 'dst-address' => '93.89.98.3', 'action' => 'accept', 'comment' => 'smtp.sychrovnet.cz');33 $Items[] = array('chain' => 'forward', ' protocol' => 'tcp', 'dst-port' => 25, 'dst-address' => '77.75.72.43', 'action' => 'accept', 'comment' => 'smtp.seznam.cz');34 $Items[] = array('chain' => 'forward', ' protocol' => 'tcp', 'dst-port' => 25, 'dst-address' => '82.119.226.113', 'action' => 'accept', 'comment' => 'smtp.svarko.cz');35 $Items[] = array('chain' => 'forward', ' protocol' => 'tcp', 'dst-port' => 25, 'action' => 'drop', 'comment' => 'drop-rest-smtp');34 $Items[] = array('chain' => 'forward', 'out-interface' => $InetInterface, 'protocol' => 'tcp', 'dst-port' => 25, 'src-address' => '10.145.64.8', 'action' => 'accept', 'comment' => 'smtp.zdechov.net'); 35 $Items[] = array('chain' => 'forward', 'out-interface' => $InetInterface, 'protocol' => 'tcp', 'dst-port' => 25, 'dst-address' => '212.111.0.12', 'action' => 'accept', 'comment' => 'smtp.inext.cz'); 36 $Items[] = array('chain' => 'forward', 'out-interface' => $InetInterface, 'protocol' => 'tcp', 'dst-port' => 25, 'dst-address' => '93.89.98.3', 'action' => 'accept', 'comment' => 'smtp.sychrovnet.cz'); 37 $Items[] = array('chain' => 'forward', 'out-interface' => $InetInterface, 'protocol' => 'tcp', 'dst-port' => 25, 'dst-address' => '77.75.72.43', 'action' => 'accept', 'comment' => 'smtp.seznam.cz'); 38 $Items[] = array('chain' => 'forward', 'out-interface' => $InetInterface, 'protocol' => 'tcp', 'dst-port' => 25, 'dst-address' => '82.119.226.113', 'action' => 'accept', 'comment' => 'smtp.svarko.cz'); 39 $Items[] = array('chain' => 'forward', 'out-interface' => $InetInterface, 'protocol' => 'tcp', 'dst-port' => 25, 'action' => 'drop', 'comment' => 'drop-rest-smtp'); 36 40 37 41 38 42 39 // Inet traffic groups40 $Items[] = array('chain' => 'forward', 'interface' => $InetInterface, 'action' => 'jump', 'jump-target' => 'inet-out', 'comment' => 'inet-out');41 $Items[] = array('chain' => 'forward', 'interface' => $InetInterface, 'action' => 'jump', 'jump-target' => 'inet-in', 'comment' => 'inet-out');42 43 43 44 // Insert blocked addresses … … 54 55 $Name = RouterOSIdent($Name); 55 56 echo($Name.'('.$Interface['LocalIP'].'), '); 56 $Items[] = array('chain' => ' inet-out', 'src-address' => $Interface['LocalIP'], 'action' => 'drop', 'comment' => $Name.'-out-drop');57 $Items[] = array('chain' => ' inet-in', 'dst-address' => $Interface['LocalIP'], 'action' => 'drop', 'comment' => $Name.'-in-drop');57 $Items[] = array('chain' => 'forward', 'out-interface' => $InetInterface, 'src-address' => $Interface['LocalIP'], 'action' => 'drop', 'comment' => $Name.'-out-drop'); 58 $Items[] = array('chain' => 'forward', 'in-interface' => $InetInterface, 'dst-address' => $Interface['LocalIP'], 'action' => 'drop', 'comment' => $Name.'-in-drop'); 58 59 } 59 60 … … 72 73 if($Subnet['Mask'] == 32) $Src = $Subnet['AddressRange']; 73 74 else $Src = $Subnet['AddressRange'].'/'.$Subnet['Mask']; 74 $Items[] = array('chain' => ' inet-out', 'src-address' => $Src, 'action' => 'drop','comment' => $Subnet['Name'].'-out-drop');75 $Items[] = array('chain' => 'forward', 'out-interface' => $InetInterface, 'src-address' => $Src, 'action' => 'drop','comment' => $Subnet['Name'].'-out-drop'); 75 76 76 77 $NewAddress = new NetworkAddressIPv4(); … … 82 83 if($Subnet['ExtMask'] == 32) $Dest = $Subnet['ExtAddressRange']; 83 84 else $Dest = $Subnet['ExtAddressRange'].'/'.$Subnet['ExtMask']; 84 $Items[] = array('chain' => ' inet-in', 'dst-address' => $Dest, 'action' => 'drop', 'comment' => $Subnet['Name'].'-in-drop');85 $Items[] = array('chain' => 'forward', 'in-interface' => $InetInterface, 'dst-address' => $Dest, 'action' => 'drop', 'comment' => $Subnet['Name'].'-in-drop'); 85 86 } 86 87 echo("\n"); … … 88 89 89 90 //print_r($Items); 90 $Routerboard->ListUpdate($Path, array('chain', 'dst-address', 'in-interface', 'src-address', 'out-interface', ' to-ports', 'dst-port', 'protocol', 'action', 'to-addresses', 'comment', 'jump-target', 'src-port'), $Items);91 $Routerboard->ListUpdate($Path, array('chain', 'dst-address', 'in-interface', 'src-address', 'out-interface', 'dst-port', 'protocol', 'action', 'comment', 'jump-target', 'src-port'), $Items); 91 92 92 93 ?> -
trunk/system/generators/firewall_nat.php
r298 r299 13 13 14 14 $InetInterface = $Config['MainRouter']['InetInterface']; 15 $LocalInterface = $Config['MainRouter'][' InetInterface'];15 $LocalInterface = $Config['MainRouter']['LocalInterface']; 16 16 $IPCentrala = '10.145.64.8'; 17 17 … … 54 54 } else 55 55 { 56 $Items[] = array('chain' => 'dstnat', 'src-address' => $Interface['LocalIP'], ' dst-port' => 80, 'action' => 'dst-nat', 'to-addresses' => $IPCentrala, 'to-ports' => 81, 'comment' => $Name.'-out');56 $Items[] = array('chain' => 'dstnat', 'src-address' => $Interface['LocalIP'], 'protocol' => 'tcp', 'dst-port' => 80, 'action' => 'dst-nat', 'to-addresses' => $IPCentrala, 'to-ports' => 81, 'comment' => $Name.'-out'); 57 57 } 58 58 } … … 89 89 if($Subnet['Mask'] == 32) $Src = $Subnet['AddressRange']; 90 90 else $Src = $Subnet['AddressRange'].'/'.$Subnet['Mask']; 91 $Items[] = array('chain' => 'dstnat', 'src-address' => $Src, ' dst-port' => 80, 'action' => 'dst-nat', 'to-addresses' => $IPCentrala, 'to-ports' => 81, 'comment' => $Subnet['Name'].'-out');91 $Items[] = array('chain' => 'dstnat', 'src-address' => $Src, 'protocol' => 'tcp', 'dst-port' => 80, 'action' => 'dst-nat', 'to-addresses' => $IPCentrala, 'to-ports' => 81, 'comment' => $Subnet['Name'].'-out'); 92 92 } 93 93 }
Note:
See TracChangeset
for help on using the changeset viewer.