Changeset 870 for trunk/Modules/NetworkConfigRouterOS
- Timestamp:
- Apr 3, 2020, 12:30:49 AM (5 years ago)
- Location:
- trunk/Modules/NetworkConfigRouterOS/Generators
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Modules/NetworkConfigRouterOS/Generators/Common.php
r790 r870 33 33 } 34 34 35 function InsertToAddressTree (&$Tree, $Address, $Name, $InterSubnets = false, $ForceMark = false)35 function InsertToAddressTreeIPv4(&$Tree, $Address, $Name, $InterSubnets = false, $ForceMark = false) 36 36 { 37 37 global $Config; … … 42 42 if($Node['Address']->Contain($Address)) 43 43 { 44 InsertToAddressTree ($Tree['Items'][$Index], $Address, $Name, true);44 InsertToAddressTreeIPv4($Tree['Items'][$Index], $Address, $Name, true); 45 45 $Found = true; 46 46 } … … 54 54 $NewAddress->Address = $Address->Address; 55 55 $NewAddress->ChangePrefix($Tree['Address']->Prefix + 1); 56 //echo('InsertToTree('.$NewAddress->AddressToString().'/'.$NewAddress->Prefix.')'."\n");57 56 $Tree['Items'][] = array('Address' => $NewAddress, 'Name' => $Name, 'Items' => array(), 'ForceMark' => false); 58 InsertToAddressTree ($Tree['Items'][count($Tree['Items']) - 1], $Address, $Name, true);57 InsertToAddressTreeIPv4($Tree['Items'][count($Tree['Items']) - 1], $Address, $Name, true); 59 58 } else 60 59 { 61 62 60 $NewNode = array('Address' => $Address, 'Name' => $Name, 'Items' => array(), 'ForceMark' => $ForceMark); 63 61 … … 69 67 ($Node['Address']->Prefix == $NewNode['Address']->Prefix)) $Found = true; 70 68 71 //echo($Index.','); 69 if($Address->Contain($Node['Address'])) 70 { 71 $NewNode['Items'][] = $Node; 72 unset($Tree['Items'][$Index]); 73 } 74 } 75 if($Found == false) $Tree['Items'][] = $NewNode; 76 } 77 } 78 } 79 80 function InsertToAddressTreeIPv6(&$Tree, $Address, $Name, $InterSubnets = false, $ForceMark = false) 81 { 82 global $Config; 83 84 $Found = false; 85 foreach($Tree['Items'] as $Index => $Node) 86 { 87 if($Node['Address']->Contain($Address)) 88 { 89 InsertToAddressTreeIPv6($Tree['Items'][$Index], $Address, $Name, true); 90 $Found = true; 91 } 92 } 93 if($Found == false) 94 { 95 if($InterSubnets and ($Tree['Address']->Prefix < $Config['MainRouter']['MangleRuleSubgroupMinPrefix']) and 96 ($Address->Prefix > ($Tree['Address']->Prefix + 1))) 97 { 98 $NewAddress = new NetworkAddressIPv6(); 99 $NewAddress->Address = $Address->Address; 100 $NewAddress->ChangePrefix($Tree['Address']->Prefix + 1); 101 $Tree['Items'][] = array('Address' => $NewAddress, 'Name' => $Name, 'Items' => array(), 'ForceMark' => false); 102 InsertToAddressTreeIPv6($Tree['Items'][count($Tree['Items']) - 1], $Address, $Name, true); 103 } else 104 { 105 $NewNode = array('Address' => $Address, 'Name' => $Name, 'Items' => array(), 'ForceMark' => $ForceMark); 106 107 // Should be existed items placed under new node? 108 $Found = false; 109 foreach($Tree['Items'] as $Index => $Node) 110 { 111 if(($Node['Address']->Address == $NewNode['Address']->Address) and 112 ($Node['Address']->Prefix == $NewNode['Address']->Prefix)) $Found = true; 113 72 114 if($Address->Contain($Node['Address'])) 73 115 { … … 89 131 } 90 132 } 91 92 /*93 function Test()94 {95 $SubnetTree = array('Address' => new NetworkAddressIPv4(), 'Items' => array());96 97 $NewAddress = new NetworkAddressIPv4();98 $NewAddress->AddressFromString('10.145.64.0');99 $NewAddress->Prefix = 24;100 InsertToAddressTree($SubnetTree, $NewAddress);101 $NewAddress = new NetworkAddressIPv4();102 $NewAddress->AddressFromString('10.145.64.0');103 $NewAddress->Prefix = 29;104 InsertToAddressTree($SubnetTree, $NewAddress);105 $NewAddress = new NetworkAddressIPv4();106 $NewAddress->AddressFromString('10.145.65.0');107 $NewAddress->Prefix = 24;108 InsertToAddressTree($SubnetTree, $NewAddress);109 $NewAddress = new NetworkAddressIPv4();110 $NewAddress->AddressFromString('10.145.65.156');111 $NewAddress->Prefix = 32;112 InsertToAddressTree($SubnetTree, $NewAddress);113 $NewAddress = new NetworkAddressIPv4();114 $NewAddress->AddressFromString('10.145.64.0');115 $NewAddress->Prefix = 20;116 InsertToAddressTree($SubnetTree, $NewAddress);117 118 119 ShowSubnetNode($SubnetTree);120 die();121 }122 */ -
trunk/Modules/NetworkConfigRouterOS/Generators/FirewallMangle.php
r811 r870 49 49 function Run() 50 50 { 51 $this->RunIPv4(); 52 $this->RunIPv6(); 53 } 54 55 function RunIPv4() 56 { 51 57 global $ItemsFirewall; 52 58 53 59 $PathFirewall = array('ip', 'firewall', 'mangle'); 54 60 … … 61 67 $InetInterface = $this->System->Config['MainRouter']['InetInterface']; 62 68 63 64 69 // Generate address tree 65 70 $AddressTree = array('Address' => new NetworkAddressIPv4(), 'Name' => 'main', 'Items' => array(), 'ForceMark' => false); … … 72 77 $NewAddress->AddressFromString($Subnet['AddressRange']); 73 78 $NewAddress->Prefix = $Subnet['Mask']; 74 InsertToAddressTree ($AddressTree, $NewAddress, 'subnet-'.RouterOSIdent($Subnet['Name']));79 InsertToAddressTreeIPv4($AddressTree, $NewAddress, 'subnet-'.RouterOSIdent($Subnet['Name'])); 75 80 } 76 81 … … 96 101 $NewAddress = new NetworkAddressIPv4(); 97 102 $NewAddress->AddressFromString($Interface['LocalIP']); 98 $NewAddress->Prefix = 32;99 InsertToAddressTree ($AddressTree, $NewAddress, $Name);103 $NewAddress->Prefix = IPV4_BIT_WIDTH; 104 InsertToAddressTreeIPv4($AddressTree, $NewAddress, $Name); 100 105 } 101 106 } 102 107 103 $DbResult2 = $this->Database->select('NetworkSubnet', '*', ' `Member`='.$Member['Id']);108 $DbResult2 = $this->Database->select('NetworkSubnet', '*', '(`Member`='.$Member['Id'].') AND (AddressRange != "")'); 104 109 while($Subnet = $DbResult2->fetch_assoc()) 105 110 { … … 112 117 else $ForceMark = false; 113 118 echo($ForceMark.', '); 114 InsertToAddressTree ($AddressTree, $NewAddress, $Subnet['Name'], false, $ForceMark);119 InsertToAddressTreeIPv4($AddressTree, $NewAddress, $Subnet['Name'], false, $ForceMark); 115 120 } 116 121 echo("\n"); … … 143 148 $Routerboard->ListUpdate($PathFirewall, array('chain', 'dst-address', 'in-interface', 'action', 'new-packet-mark', 'passthrough', 'comment', 'out-interface', 'src-address', 'jump-target'), $ItemsFirewall, array(), true); 144 149 } 150 151 function RunIPv6() 152 { 153 global $ItemsFirewall; 154 155 $PathFirewall = array('ipv6', 'firewall', 'mangle'); 156 157 $Routerboard = new Routerboard(); 158 $Routerboard->UserName = $this->System->Config['MainRouter']['UserName']; 159 $Routerboard->Timeout = $this->System->Config['MainRouter']['ConnectTimeout']; 160 $Routerboard->HostName = $this->System->Config['MainRouter']['HostName']; 161 $Routerboard->Debug = true; 162 163 $InetInterface = $this->System->Config['MainRouter']['InetInterface']; 164 165 // Generate address tree 166 $AddressTree = array('Address' => new NetworkAddressIPv4(), 'Name' => 'main', 'Items' => array(), 'ForceMark' => false); 167 168 // Divide rules by subnet number 169 $DbResult = $this->System->Database->query('SELECT `Id`, `Name`, `AddressRangeIPv6`, `MaskIPv6` FROM `NetworkSubnet` '. 170 'WHERE (`Member` IS NULL) AND (`AddressRangeIPv6` != "")'); 171 while($Subnet = $DbResult->fetch_assoc()) 172 { 173 $NewAddress = new NetworkAddressIPv6(); 174 $NewAddress->AddressFromString($Subnet['AddressRangeIPv6']); 175 $NewAddress->Prefix = $Subnet['MaskIPv6']; 176 InsertToAddressTreeIPv6($AddressTree, $NewAddress, 'subnet-'.RouterOSIdent($Subnet['Name'])); 177 } 178 179 // Process users 180 $DbResult = $this->System->Database->query('SELECT `Member`.*, `Subject`.`Name` FROM `Member` '. 181 'LEFT JOIN `Subject` ON `Subject`.`Id` = `Member`.`Subject` '. 182 'WHERE `Member`.`Blocked` = 0'); 183 while($Member = $DbResult->fetch_assoc()) 184 { 185 $Member['Name'] = RouterOSIdent($Member['Name'].'-'.$Member['Id'] ); 186 echo('Uživatel '.$Member['Name'].': '); 187 188 $DbResult2 = $this->System->Database->select('NetworkDevice', '*', '`Used` = 1 AND `Member` = '.$Member['Id']); 189 while($Device = $DbResult2->fetch_assoc()) 190 { 191 $DbResult3 = $this->Database->select('NetworkInterface', '*', '`Device` = '.$Device['Id'].' AND `IPv6` != ""'); 192 while($Interface = $DbResult3->fetch_assoc()) 193 { 194 $Name = $Device['Name']; 195 if($Interface['Name'] != '') $Name .= '-'.$Interface['Name']; 196 $Name = RouterOSIdent($Name); 197 echo($Name.', '); 198 $NewAddress = new NetworkAddressIPv6(); 199 $NewAddress->AddressFromString($Interface['IPv6']); 200 $NewAddress->Prefix = IPV6_BIT_WIDTH; 201 InsertToAddressTreeIPv6($AddressTree, $NewAddress, $Name); 202 } 203 } 204 205 $DbResult2 = $this->Database->select('NetworkSubnet', '*', '(`Member`='.$Member['Id'].') AND (AddressRangeIPv6 != "")'); 206 while($Subnet = $DbResult2->fetch_assoc()) 207 { 208 $Subnet['Name'] = RouterOSIdent('subnet-'.$Subnet['Name']); 209 echo($Subnet['Name'].', '); 210 $NewAddress = new NetworkAddressIPv6(); 211 $NewAddress->AddressFromString($Subnet['AddressRangeIPv6']); 212 $NewAddress->Prefix = $Subnet['MaskIPv6']; 213 if($Subnet['Member'] != 0) $ForceMark = true; 214 else $ForceMark = false; 215 echo($ForceMark.', '); 216 InsertToAddressTreeIPv6($AddressTree, $NewAddress, $Subnet['Name'], false, $ForceMark); 217 } 218 echo("\n"); 219 } 220 221 ShowSubnetNode($AddressTree); 222 223 // Generate firewall rules 224 $ItemsFirewall = array(); 225 226 // Root of tree and main limit 227 $ItemsFirewall[] = array('chain' => 'forward', 'out-interface' => $InetInterface, 'dst-address' => '!2a00:e580:244::/48', 228 'action' => 'jump', 'jump-target' => 'inet-1-out', 'comment' => 'main-out'); 229 $ItemsFirewall[] = array('chain' => 'forward', 'in-interface' => $InetInterface, 'src-address' => '!2a00:e580:244::/48', 230 'action' => 'jump', 'jump-target' => 'inet-1-in', 'comment' => 'main-in'); 231 232 $this->ProcessNode($AddressTree); 233 234 // Limited free internet 235 $PacketMark = GetMarkByComment('free-out'); 236 $ItemsFirewall[] = array('chain' => 'inet-1-out', 'out-interface' => $InetInterface, 237 'action' => 'mark-packet', 'new-packet-mark' => $PacketMark, 'comment' => 'free-out', 'passthrough' => 'yes'); 238 $PacketMark = GetMarkByComment('free-in'); 239 $ItemsFirewall[] = array('chain' => 'inet-1-in', 'in-interface' => $InetInterface, 240 'action' => 'mark-packet', 'new-packet-mark' => $PacketMark, 'comment' => 'free-in', 'passthrough' => 'no'); 241 // Unregistred clients add to address list 242 $ItemsFirewall[] = array('chain' => 'inet-1-out', 'out-interface' => $InetInterface, 'src-address' => '2a00:e580:244::/48', 243 'action' => 'add-src-to-address-list', 'address-list' => 'unregistred', 'address-list-timeout' => '1d', 244 'comment' => 'unregistred-clients'); 245 246 //print_r($ItemsFirewall); 247 $Routerboard->ListUpdate($PathFirewall, array('chain', 'dst-address', 'in-interface', 'action', 'new-packet-mark', 248 'passthrough', 'comment', 'out-interface', 'src-address', 'jump-target'), $ItemsFirewall, array(), true); 249 } 145 250 }
Note:
See TracChangeset
for help on using the changeset viewer.