mirror of
https://github.com/lucaspalomodevelop/core.git
synced 2026-03-17 10:04:41 +00:00
firewall, work in progress, refactor gateway logic, only extends new plugin -> filterrule classes, doesn't change the internals yet.
This commit is contained in:
Ad Schellevis
parent
442fc75bc6
commit
aad0dbb8eb
@ -37,6 +37,7 @@ class FilterRule
|
||||
{
|
||||
private $rule = array();
|
||||
private $interfaceMapping = array();
|
||||
private $gatewayMapping = array();
|
||||
|
||||
private $procorder = array(
|
||||
'disabled' => 'parseIsComment',
|
||||
@ -325,11 +326,13 @@ class FilterRule
|
||||
/**
|
||||
* init FilterRule
|
||||
* @param array $interfaceMapping internal interface mapping
|
||||
* @param array $gatewayMapping internal gateway mapping
|
||||
* @param array $conf rule configuration
|
||||
*/
|
||||
public function __construct(&$interfaceMapping, $conf)
|
||||
public function __construct(&$interfaceMapping, &$gatewayMapping, $conf)
|
||||
{
|
||||
$this->interfaceMapping = $interfaceMapping;
|
||||
$this->gatewayMapping = $gatewayMapping;
|
||||
$this->rule = $conf;
|
||||
}
|
||||
|
||||
|
||||
@ -29,6 +29,8 @@
|
||||
*/
|
||||
namespace OPNsense\Firewall;
|
||||
|
||||
use \OPNsense\Core\Config;
|
||||
|
||||
/**
|
||||
* Class Plugin
|
||||
* @package OPNsense\Firewall
|
||||
@ -38,7 +40,7 @@ class Plugin
|
||||
private $anchors = array();
|
||||
private $filterRules = array();
|
||||
private $interfaceMapping = array();
|
||||
private $interfaceStaticMapping;
|
||||
private $gatewayMapping = array();
|
||||
|
||||
/**
|
||||
* init firewall plugin component
|
||||
@ -48,7 +50,7 @@ class Plugin
|
||||
}
|
||||
|
||||
/**
|
||||
* set interface mapping to USE
|
||||
* set interface mapping to use
|
||||
* @param array $mapping named array
|
||||
*/
|
||||
public function setInterfaceMapping(&$mapping)
|
||||
@ -58,6 +60,49 @@ class Plugin
|
||||
$this->interfaceMapping = array_merge($this->interfaceMapping, $mapping);
|
||||
}
|
||||
|
||||
/**
|
||||
* set defined gateways (route-to)
|
||||
* @param array $gateways named array
|
||||
*/
|
||||
public function setGateways($gateways)
|
||||
{
|
||||
if (is_array($gateways)) {
|
||||
foreach ($gateways as $key => $gw) {
|
||||
if (Util::isIpAddress($gw['gateway']) && !empty($gw['interface'])) {
|
||||
$this->gatewayMapping[$key] = array("logic" => "route-to ( {$gw['interface']} {$gw['gateway']} )");
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* set defined gateway groups (route-to)
|
||||
* @param array $groups named array
|
||||
*/
|
||||
public function setGatewayGroups($groups)
|
||||
{
|
||||
if (is_array($groups)) {
|
||||
foreach ($groups as $key => $gwgr) {
|
||||
$routeto = array();
|
||||
foreach ($gwgr as $gw) {
|
||||
if (Util::isIpAddress($gw['gwip']) && !empty($gw['int'])) {
|
||||
$routeto[] = str_repeat("( {$gw['int']} {$gw['gwip']} )", $gw['weight']);
|
||||
}
|
||||
}
|
||||
if (count($routeto) > 0) {
|
||||
$routetologic = "route-to {".implode(' ', $routeto)."}";
|
||||
if (count($routeto) > 1) {
|
||||
$routetologic .= " round-robin ";
|
||||
}
|
||||
if (!empty(Config::getInstance()->object()->system->lb_use_sticky)) {
|
||||
$routetologic .= " sticky-address ";
|
||||
}
|
||||
$this->gatewayMapping[$key] = array("logic" => $routetologic);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array
|
||||
*/
|
||||
@ -112,7 +157,7 @@ class Plugin
|
||||
if ($defaults != null) {
|
||||
$conf = array_merge($defaults, $conf);
|
||||
}
|
||||
$rule = new FilterRule($this->interfaceMapping, $conf);
|
||||
$rule = new FilterRule($this->interfaceMapping, $this->gatewayMapping, $conf);
|
||||
if (empty($this->filterRules[$prio])) {
|
||||
$this->filterRules[$prio] = array();
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user