| 2835 |
2835 |
global $config, $vpns_list;
|
| 2836 |
2836 |
update_filter_reload_status(sprintf(gettext("Creating filter rule %s ..."), $rule['descr']));
|
| 2837 |
2837 |
$ret = array();
|
| 2838 |
|
$line = filter_generate_user_rule($rule);
|
|
2838 |
$extralabels = "";
|
|
2839 |
$line = filter_generate_user_rule($rule, $extralabels);
|
| 2839 |
2840 |
$ret['rule'] = $line;
|
| 2840 |
2841 |
$ret['interface'] = $rule['interface'];
|
| 2841 |
2842 |
if ($rule['descr'] != "" and $line != "") {
|
| ... | ... | |
| 2843 |
2844 |
} else {
|
| 2844 |
2845 |
$ret['descr'] = "label \"USER_RULE\"";
|
| 2845 |
2846 |
}
|
|
2847 |
$ret['extralabels'] = $extralabels;
|
| 2846 |
2848 |
|
| 2847 |
2849 |
return $ret;
|
| 2848 |
2850 |
}
|
| ... | ... | |
| 3105 |
3107 |
return $src;
|
| 3106 |
3108 |
}
|
| 3107 |
3109 |
|
| 3108 |
|
function filter_generate_user_rule($rule) {
|
|
3110 |
function filter_generate_user_rule($rule, & $extralabels = null) {
|
| 3109 |
3111 |
global $config, $g, $FilterIflist, $GatewaysList, $vpns_list;
|
| 3110 |
3112 |
global $dummynet_name_list, $vlanprio_values, $time_based_rules;
|
| 3111 |
3113 |
|
| ... | ... | |
| 3271 |
3273 |
if (isset($GatewaysList[$rule['gateway']])) {
|
| 3272 |
3274 |
/* Add the load balanced gateways */
|
| 3273 |
3275 |
$aline['route'] = " \$GW{$rule['gateway']} ";
|
| 3274 |
|
$aline['gwlabel'] = " label \"gw:{$rule['gateway']}\" ";
|
|
3276 |
$aline['gwlabel'] = "label \"gw:{$rule['gateway']}\"";
|
| 3275 |
3277 |
} else if (isset($config['system']['skip_rules_gw_down'])) {
|
| 3276 |
3278 |
return "# rule " . $rule['descr'] . " disabled because gateway " . $rule['gateway'] . " is down ";
|
| 3277 |
3279 |
} else {
|
| ... | ... | |
| 3566 |
3568 |
log_error(sprintf(gettext("[TDR DEBUG] status true -- rule type '%s'"), $type));
|
| 3567 |
3569 |
}
|
| 3568 |
3570 |
|
| 3569 |
|
$aline['schedlabel'] = " label \"s:{$sched['schedlabel']}\" ";
|
|
3571 |
$aline['schedlabel'] = "label \"s:{$sched['schedlabel']}\"";
|
| 3570 |
3572 |
break;
|
| 3571 |
3573 |
}
|
| 3572 |
3574 |
}
|
| ... | ... | |
| 3575 |
3577 |
$aline['trackerlabel'] = "";
|
| 3576 |
3578 |
if (!empty($rule['tracker'])) {
|
| 3577 |
3579 |
$aline['tracker'] = "ridentifier {$rule['tracker']} ";
|
| 3578 |
|
$aline['trackerlabel'] = " label \"id:{$rule['tracker']}\" ";
|
|
3580 |
$aline['trackerlabel'] = "label \"id:{$rule['tracker']}\"";
|
| 3579 |
3581 |
}
|
| 3580 |
3582 |
|
| 3581 |
3583 |
$line = "";
|
|
3584 |
$extralabels = implode(' ', array_filter(array($aline['trackerlabel'], $aline['schedlabel'], $aline['gwlabel'])));
|
|
3585 |
|
| 3582 |
3586 |
/* exception(s) to a user rules can go here. */
|
| 3583 |
3587 |
/* rules with a gateway or pool should create another rule for routing to vpns */
|
| 3584 |
3588 |
if (!empty($aline['route']) && (trim($aline['type']) == "pass") && strstr($dst, "any") &&
|
| ... | ... | |
| 3589 |
3593 |
$aline['interface'] . $aline['ipprotocol'] . $aline['prot'] . $aline['src'] . $aline['os'] .
|
| 3590 |
3594 |
$negate_networks . $aline['icmp-type'] . $aline['icmp6-type'] . $aline['tag'] . $aline['nottagged'] . $aline['tagged'] .
|
| 3591 |
3595 |
$aline['vlanprio'] . $aline['vlanprioset'] . $aline['dscp'] . filter_negaterule_tracker() . $aline['allowopts'] . $aline['flags'] .
|
| 3592 |
|
$aline['queue'] . $aline['dnpipe'] . $aline['schedlabel'] . $aline['trackerlabel'] . $aline['gwlabel'] .
|
| 3593 |
|
" label \"NEGATE_ROUTE: Negate policy routing for destination\"\n";
|
|
3596 |
$aline['queue'] . $aline['dnpipe'] .
|
|
3597 |
" label \"NEGATE_ROUTE: Negate policy routing for destination\" " . $extralabels . "\n";
|
| 3594 |
3598 |
|
| 3595 |
3599 |
}
|
| 3596 |
3600 |
/* piece together the actual user rule */
|
| 3597 |
3601 |
$line .= $aline['type'] . $aline['direction'] . $aline['log'] . $aline['quick'] . $aline['interface'] .
|
| 3598 |
3602 |
$aline['reply'] . $aline['route'] . $aline['ipprotocol'] . $aline['prot'] . $aline['src'] . $aline['os'] . $aline['dst'] .
|
| 3599 |
3603 |
$aline['icmp-type'] . $aline['icmp6-type'] . $aline['tag'] . $aline['nottagged'] . $aline['tagged'] . $aline['dscp'] . $aline['tracker'] .
|
| 3600 |
|
$aline['vlanprio'] . $aline['vlanprioset'] . $aline['allowopts'] . $aline['flags'] . $aline['queue'] . $aline['dnpipe'] . $aline['schedlabel'] . $aline['trackerlabel'] . $aline['gwlabel'];
|
|
3604 |
$aline['vlanprio'] . $aline['vlanprioset'] . $aline['allowopts'] . $aline['flags'] . $aline['queue'] . $aline['dnpipe'];
|
| 3601 |
3605 |
|
| 3602 |
3606 |
unset($aline);
|
| 3603 |
3607 |
|
| ... | ... | |
| 4188 |
4192 |
$ipfrules .= "\n# User-defined rules follow\n";
|
| 4189 |
4193 |
$ipfrules .= "\nanchor \"userrules/*\"\n";
|
| 4190 |
4194 |
/* Generate user rule lines */
|
| 4191 |
|
foreach ($rule_arr1 as $rule) {
|
| 4192 |
|
if (isset($rule['disabled'])) {
|
| 4193 |
|
continue;
|
| 4194 |
|
}
|
| 4195 |
|
if (!$rule['rule']) {
|
| 4196 |
|
continue;
|
| 4197 |
|
}
|
| 4198 |
|
$ipfrules .= "{$rule['rule']} {$rule['descr']}\n";
|
| 4199 |
|
}
|
| 4200 |
|
foreach ($rule_arr2 as $rule) {
|
| 4201 |
|
if (isset($rule['disabled'])) {
|
| 4202 |
|
continue;
|
| 4203 |
|
}
|
| 4204 |
|
if (!$rule['rule']) {
|
| 4205 |
|
continue;
|
| 4206 |
|
}
|
| 4207 |
|
$ipfrules .= "{$rule['rule']} {$rule['descr']}\n";
|
| 4208 |
|
}
|
| 4209 |
|
foreach ($rule_arr3 as $rule) {
|
|
4195 |
foreach (array_merge($rule_arr1, $rule_arr2, $rule_arr3) as $rule) {
|
| 4210 |
4196 |
if (isset($rule['disabled'])) {
|
| 4211 |
4197 |
continue;
|
| 4212 |
4198 |
}
|
| 4213 |
4199 |
if (!$rule['rule']) {
|
| 4214 |
4200 |
continue;
|
| 4215 |
4201 |
}
|
| 4216 |
|
$ipfrules .= "{$rule['rule']} {$rule['descr']}\n";
|
|
4202 |
$ipfrules .= implode(' ', array_filter(array(trim($rule['rule']), trim($rule['descr']), trim($rule['extralabels']))));
|
|
4203 |
$ipfrules .= "\n";
|
| 4217 |
4204 |
}
|
| 4218 |
4205 |
unset($rule_arr1, $rule_arr2, $rule_arr3);
|
| 4219 |
4206 |
}
|