Changeset 334 for trunk/system/generators/firewall_mangle.php
- Timestamp:
- Dec 29, 2011, 10:07:45 PM (13 years ago)
- File:
-
- 1 edited
-
trunk/system/generators/firewall_mangle.php (modified) (3 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/system/generators/firewall_mangle.php
r317 r334 20 20 21 21 // Generate address tree 22 $AddressTree = array('Address' => new NetworkAddressIPv4(), 'Name' => 'main', 'Items' => array() );22 $AddressTree = array('Address' => new NetworkAddressIPv4(), 'Name' => 'main', 'Items' => array(), 'ForceMark' => false); 23 23 24 24 // Divide rules by subnet number … … 80 80 foreach($Node['Items'] as $Index => $Item) 81 81 { 82 if( (count($Item['Items']) == 0) or ($Item['ForceMark'] == true))82 if(count($Item['Items']) == 0) 83 83 { 84 84 // Hosts … … 107 107 } 108 108 } 109 if($Node['ForceMark'] == true) 110 { 111 // Mark member subnets 112 $ParentSubnetId = GetSubgroupByRange($Node['Address']->AddressToString().'/'.$Node['Address']->Prefix); 113 114 $PacketMark = GetMarkByComment($Node['Name'].'-out'); 115 $ItemsFirewall[] = array('chain' => 'inet-'.$ParentSubnetId.'-out', 'src-address' => $Address, 'out-interface' => $InetInterface, 'action' => 'mark-packet', 'new-packet-mark' => $PacketMark, 'passthrough' => 'no', 'comment' => $Node['Name'].'-all-out'); 116 $PacketMark = GetMarkByComment($Node['Name'].'-in'); 117 $ItemsFirewall[] = array('chain' => 'inet-'.$ParentSubnetId.'-in', 'dst-address' => $Address, 'in-interface' => $InetInterface, 'action' => 'mark-packet', 'new-packet-mark' => $PacketMark, 'passthrough' => 'no', 'comment' => $Node['Name'].'-all-in'); 118 } 109 119 } 110 120
Note:
See TracChangeset
for help on using the changeset viewer.
