diff --git a/src/opnsense/mvc/app/library/OPNsense/Firewall/FilterRule.php b/src/opnsense/mvc/app/library/OPNsense/Firewall/FilterRule.php index 2bfbfebab..2487d3d2f 100644 --- a/src/opnsense/mvc/app/library/OPNsense/Firewall/FilterRule.php +++ b/src/opnsense/mvc/app/library/OPNsense/Firewall/FilterRule.php @@ -37,6 +37,7 @@ class FilterRule { private $rule = array(); private $interfaceMapping = array(); + private $gatewayMapping = array(); private $procorder = array( 'disabled' => 'parseIsComment', @@ -325,11 +326,13 @@ class FilterRule /** * init FilterRule * @param array $interfaceMapping internal interface mapping + * @param array $gatewayMapping internal gateway mapping * @param array $conf rule configuration */ - public function __construct(&$interfaceMapping, $conf) + public function __construct(&$interfaceMapping, &$gatewayMapping, $conf) { $this->interfaceMapping = $interfaceMapping; + $this->gatewayMapping = $gatewayMapping; $this->rule = $conf; } diff --git a/src/opnsense/mvc/app/library/OPNsense/Firewall/Plugin.php b/src/opnsense/mvc/app/library/OPNsense/Firewall/Plugin.php index a6ad1a0be..418cad1be 100644 --- a/src/opnsense/mvc/app/library/OPNsense/Firewall/Plugin.php +++ b/src/opnsense/mvc/app/library/OPNsense/Firewall/Plugin.php @@ -29,6 +29,8 @@ */ namespace OPNsense\Firewall; +use \OPNsense\Core\Config; + /** * Class Plugin * @package OPNsense\Firewall @@ -38,7 +40,7 @@ class Plugin private $anchors = array(); private $filterRules = array(); private $interfaceMapping = array(); - private $interfaceStaticMapping; + private $gatewayMapping = array(); /** * init firewall plugin component @@ -48,7 +50,7 @@ class Plugin } /** - * set interface mapping to USE + * set interface mapping to use * @param array $mapping named array */ public function setInterfaceMapping(&$mapping) @@ -58,6 +60,49 @@ class Plugin $this->interfaceMapping = array_merge($this->interfaceMapping, $mapping); } + /** + * set defined gateways (route-to) + * @param array $gateways named array + */ + public function setGateways($gateways) + { + if (is_array($gateways)) { + foreach ($gateways as $key => $gw) { + if (Util::isIpAddress($gw['gateway']) && !empty($gw['interface'])) { + $this->gatewayMapping[$key] = array("logic" => "route-to ( {$gw['interface']} {$gw['gateway']} )"); + } + } + } + } + + /** + * set defined gateway groups (route-to) + * @param array $groups named array + */ + public function setGatewayGroups($groups) + { + if (is_array($groups)) { + foreach ($groups as $key => $gwgr) { + $routeto = array(); + foreach ($gwgr as $gw) { + if (Util::isIpAddress($gw['gwip']) && !empty($gw['int'])) { + $routeto[] = str_repeat("( {$gw['int']} {$gw['gwip']} )", $gw['weight']); + } + } + if (count($routeto) > 0) { + $routetologic = "route-to {".implode(' ', $routeto)."}"; + if (count($routeto) > 1) { + $routetologic .= " round-robin "; + } + if (!empty(Config::getInstance()->object()->system->lb_use_sticky)) { + $routetologic .= " sticky-address "; + } + $this->gatewayMapping[$key] = array("logic" => $routetologic); + } + } + } + } + /** * @return array */ @@ -112,7 +157,7 @@ class Plugin if ($defaults != null) { $conf = array_merge($defaults, $conf); } - $rule = new FilterRule($this->interfaceMapping, $conf); + $rule = new FilterRule($this->interfaceMapping, $this->gatewayMapping, $conf); if (empty($this->filterRules[$prio])) { $this->filterRules[$prio] = array(); }