webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-28 11:43:25 +02:00
Code Issues Packages Projects Releases Wiki Activity

firewall: rules.pl: Add support for auto selection of NAT addresses.

Browse Source
This commit is contained in:
Michael Tremer
2014-03-18 23:49:23 +01:00
parent cc77ac2364
commit b0d9fad3f9
1 changed files with 40 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
config/firewall/rules.pl
View File

@@ -400,13 +400,14 @@ sub get_nat_address {
my $source = shift;
# Any static address of any zone.
if ($zone eq "RED" || $zone eq "GREEN" || $zone eq "ORANGE" || $zone eq "BLUE") {
return $defaultNetworks{$zone . "_ADDRESS"};
} elsif ($zone eq "Default IP") {
if ($zone eq "AUTO") {
if ($source) {
my $firewall_ip = &get_internal_firewall_ip_address($source, 1);
if ($firewall_ip) {
return $firewall_ip;
}
$firewall_ip = &get_matching_firewall_address($source, 1);
if ($firewall_ip) {
return $firewall_ip;
}
@@ -414,6 +415,12 @@ sub get_nat_address {
return &get_external_address();
} elsif ($zone eq "RED" || $zone eq "GREEN" || $zone eq "ORANGE" || $zone eq "BLUE") {
return $defaultNetworks{$zone . "_ADDRESS"};
} elsif ($zone eq "Default IP") {
return &get_external_address();
} else {
return &get_alias($zone);
}
@@ -845,8 +852,8 @@ sub get_internal_firewall_ip_address {
my $use_orange = shift;
my ($net_address, $net_mask) = split("/", $subnet);
if (!$net_mask) {
return;
if ((!$net_mask) || ($net_mask ~~ ["32", "255.255.255.255"])) {
return 0;
}
my @addresses = &get_internal_firewall_ip_addresses($use_orange);
@@ -855,6 +862,8 @@ sub get_internal_firewall_ip_address {
return $zone_address;
}
}
return 0;
}
sub firewall_is_in_subnet {
@@ -870,3 +879,28 @@ sub firewall_is_in_subnet {
return 0;
}
sub get_matching_firewall_address {
my $addr = shift;
my $use_orange = shift;
my ($address, $netmask) = split("/", $addr);
my @zones = ("GREEN", "BLUE");
if ($use_orange) {
push(@zones, "ORANGE");
}
foreach my $zone (@zones) {
next unless (exists $defaultNetworks{$zone . "_ADDRESS"});
my $zone_subnet = $defaultNetworks{$zone . "_NETADDRESS"};
my $zone_mask = $defaultNetworks{$zone . "_NETMASK"};
if (&General::IpInSubnet($address, $zone_subnet, $zone_mask)) {
return $defaultNetworks{$zone . "_ADDRESS"};
}
}
return 0;
}