Changeset 315 for trunk/system/generators/firewall_nat.php

Timestamp:

Jun 1, 2011, 9:39:26 PM (13 years ago)

Author:

george

Message:

• Upraveno: Příchozí pravidla pro NAT generovat jen pro vybrané místní adresy.

File:

• trunk/system/generators/firewall_nat.php (modified) (2 diffs)

trunk/system/generators/firewall_nat.php

@@ -41 +41 @@
   echo($Member['Name'].': ');
   // Hosts
-  $DbResult2 = $Database->query('SELECT NetworkInterface.*, NetworkDevice.Name AS DeviceName FROM NetworkInterface LEFT JOIN NetworkDevice ON NetworkDevice.Id = NetworkInterface.Device WHERE (NetworkInterface.ExternalIP <> "") AND (NetworkDevice.Member = '.$Member['Id'].') AND (NetworkInterface.LocalIP != NetworkInterface.ExternalIP) ORDER BY id DESC');
+  $DbResult2 = $Database->query('SELECT NetworkInterface.*, NetworkDevice.Name AS DeviceName, NetworkDevice.InboundNATPriority FROM NetworkInterface LEFT JOIN NetworkDevice ON NetworkDevice.Id = NetworkInterface.Device WHERE (NetworkInterface.ExternalIP <> "") AND (NetworkDevice.Member = '.$Member['Id'].') AND (NetworkInterface.LocalIP != NetworkInterface.ExternalIP) ORDER BY id DESC');
   while($Interface = $DbResult2->fetch_assoc())
   {
@@ -51 +51 @@
     {
       $Items[] = array('chain' => 'inet-out', 'src-address' => $Interface['LocalIP'], 'action' => 'src-nat',  'to-addresses' => $Interface['ExternalIP'], 'comment' => $Name.'-out');
-      $Items[] = array('chain' => 'inet-in', 'dst-address' => $Interface['ExternalIP'], 'action' => 'dst-nat', 'to-addresses' => $Interface['LocalIP'], 'comment' => $Name.'-in');
+      if($Interface['InboundNATPriority'] > 0) 
+        $Items[] = array('chain' => 'inet-in', 'dst-address' => $Interface['ExternalIP'], 'action' => 'dst-nat', 'to-addresses' => $Interface['LocalIP'], 'comment' => $Name.'-in');
     } else 
     {