- Timestamp:
- Apr 14, 2015, 10:20:16 PM (9 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Modules/NetworkConfigRouterOS/Generators/FirewallMangle.php
r735 r738 30 30 $NewAddress->AddressFromString($Subnet['AddressRange']); 31 31 $NewAddress->Prefix = $Subnet['Mask']; 32 InsertToAddressTree($AddressTree, $NewAddress, 'subnet-'.RouterOSIdent($Subnet['Name'])); 32 InsertToAddressTree($AddressTree, $NewAddress, 'subnet-'.RouterOSIdent($Subnet['Name'])); 33 33 } 34 34 … … 58 58 } 59 59 } 60 60 61 61 $DbResult2 = $System->Database->select('NetworkSubnet', '*', '`Member`='.$Member['Id']); 62 62 while($Subnet = $DbResult2->fetch_assoc()) … … 80 80 { 81 81 global $InetInterface, $ItemsFirewall; 82 82 83 83 foreach($Node['Items'] as $Index => $Item) 84 84 { … … 89 89 $Address = $Item['Address']->AddressToString(); 90 90 if($Item['Address']->Prefix != 32) $Address .= '/'.$Item['Address']->Prefix; 91 91 92 92 $PacketMark = GetMarkByComment($Item['Name'].'-out'); 93 93 $ItemsFirewall[] = array('chain' => 'inet-'.$ParentSubnetId.'-out', 'src-address' => $Address, 'out-interface' => $InetInterface, 'action' => 'mark-packet', 'new-packet-mark' => $PacketMark, 'passthrough' => 'no', 'comment' => $Item['Name'].'-out'); … … 100 100 $SubnetId = GetSubgroupByRange($Item['Address']->AddressToString().'/'.$Item['Address']->Prefix); 101 101 $PacketMark = GetMarkByComment($Item['Name'].'-out'); 102 102 103 103 $Address = $Item['Address']->AddressToString(); 104 104 if($Item['Address']->Prefix != 32) $Address .= '/'.$Item['Address']->Prefix; 105 106 $ItemsFirewall[] = array('chain' => 'inet-'.$ParentSubnetId.'-out', 'src-address' => $Address, 'out-interface' => $InetInterface, 'action' => 'jump', 'jump-target' => 'inet-'.$SubnetId.'-out', 'comment' => $Item['Name'].'-out'); 107 $ItemsFirewall[] = array('chain' => 'inet-'.$ParentSubnetId.'-in', 'dst-address' => $Address, 'in-interface' => $InetInterface, 'action' => 'jump', 'jump-target' => 'inet-'.$SubnetId.'-in', 'comment' => $Item['Name'].'-in'); 108 109 ProcessNode($Item); 110 } 105 106 $ItemsFirewall[] = array('chain' => 'inet-'.$ParentSubnetId.'-out', 'src-address' => $Address, 'out-interface' => $InetInterface, 'action' => 'jump', 'jump-target' => 'inet-'.$SubnetId.'-out', 'comment' => $Item['Name'].'-out'); 107 $ItemsFirewall[] = array('chain' => 'inet-'.$ParentSubnetId.'-in', 'dst-address' => $Address, 'in-interface' => $InetInterface, 'action' => 'jump', 'jump-target' => 'inet-'.$SubnetId.'-in', 'comment' => $Item['Name'].'-in'); 108 109 ProcessNode($Item); 110 } 111 111 } 112 112 if($Node['ForceMark'] == true) … … 133 133 // Slow free internet 134 134 $PacketMark = GetMarkByComment('free-out'); 135 $ItemsFirewall[] = array('chain' => 'inet-1-out', 'out-interface' => $InetInterface, 135 $ItemsFirewall[] = array('chain' => 'inet-1-out', 'out-interface' => $InetInterface, 136 136 'action' => 'mark-packet', 'new-packet-mark' => $PacketMark, 'comment' => 'free-out', 'passthrough' => 'yes'); 137 137 $PacketMark = GetMarkByComment('free-in'); 138 $ItemsFirewall[] = array('chain' => 'inet-1-in', 'in-interface' => $InetInterface, 139 138 $ItemsFirewall[] = array('chain' => 'inet-1-in', 'in-interface' => $InetInterface, 139 'action' => 'mark-packet', 'new-packet-mark' => $PacketMark, 'comment' => 'free-in', 'passthrough' => 'no'); 140 140 // Unregistred clients add to address list 141 $ItemsFirewall[] = array('chain' => 'inet-1-out', 'out-interface' => $InetInterface, 'src-address' => '10.145.0.0/16', 142 'action' => 'add-src-to-address-list', 'address-list' => 'unregistred', 'timeout' => '1d', 143 141 $ItemsFirewall[] = array('chain' => 'inet-1-out', 'out-interface' => $InetInterface, 'src-address' => '10.145.0.0/16', 142 'action' => 'add-src-to-address-list', 'address-list' => 'unregistred', 'timeout' => '1d', 143 'comment' => 'unregistred-clients'); 144 144 145 145 //print_r($ItemsFirewall);
Note:
See TracChangeset
for help on using the changeset viewer.
