Commit 5d286431 authored by Ad Schellevis's avatar Ad Schellevis

(filter.inc) restructure filter advanced options

parent d32f08b8
...@@ -2204,50 +2204,34 @@ function filter_generate_user_rule(&$FilterIflist, $rule) ...@@ -2204,50 +2204,34 @@ function filter_generate_user_rule(&$FilterIflist, $rule)
} }
if ($noadvoptions == false) { if ($noadvoptions == false) {
if ((isset($rule['max']) && $rule['max'] <> "") || $advanced_options = array();
(isset($rule['max-src-nodes']) && $rule['max-src-nodes'] <> "") || if (isset($rule['sloppy'])) {
(isset($rule['max-src-states']) && $rule['max-src-states'] <> "") || $advanced_options[] = "sloppy ";
((isset($rule['protocol']) && in_array($rule['protocol'], array("tcp","tcp/udp"))) && }
((isset($rule['statetimeout']) && $rule['statetimeout'] <> "") || if (isset($rule['nopfsync'])) {
(isset($rule['max-src-conn']) && $rule['max-src-conn'] <> "") || $advanced_options[] = "no-sync ";
(isset($rule['max-src-conn-rate']) && $rule['max-src-conn-rate'] <> "") || }
(isset($rule['max-src-conn-rates']) && $rule['max-src-conn-rates'] <> ""))) || if (isset($rule['max']) && $rule['max'] <> "") {
isset($rule['sloppy']) || isset($rule['nopfsync'])) { $advanced_options[] = "max " . $rule['max'] . " ";
$aline['flags'] .= "( "; }
if (isset($rule['sloppy'])) { if (isset($rule['max-src-nodes']) && $rule['max-src-nodes'] <> "") {
$aline['flags'] .= "sloppy "; $advanced_options[] = "max-src-nodes " . $rule['max-src-nodes'] . " ";
} }
if (isset($rule['nopfsync'])) { if ((in_array($rule['protocol'], array("tcp","tcp/udp"))) && !empty($rule['max-src-conn'])) {
$aline['flags'] .= "no-sync "; $advanced_options[] = "max-src-conn " . $rule['max-src-conn'] . " ";
} }
if (isset($rule['max']) && $rule['max'] <> "") { if (isset($rule['max-src-states']) && $rule['max-src-states'] <> "") {
$aline['flags'] .= "max " . $rule['max'] . " "; $advanced_options[] = "max-src-states " . $rule['max-src-states'] . " ";
} }
if (isset($rule['max-src-nodes']) && $rule['max-src-nodes'] <> "") { if ((in_array($rule['protocol'], array("tcp","tcp/udp"))) && !empty($rule['statetimeout'])) {
$aline['flags'] .= "max-src-nodes " . $rule['max-src-nodes'] . " "; $advanced_options[] = "tcp.established " . $rule['statetimeout'] . " ";
} }
if ((in_array($rule['protocol'], array("tcp","tcp/udp"))) if ((in_array($rule['protocol'], array("tcp","tcp/udp"))) && !empty($rule['max-src-conn-rate']) && !empty($rule['max-src-conn-rates'])) {
&& isset($rule['max-src-conn']) $advanced_options[] = "max-src-conn-rate " . $rule['max-src-conn-rate'] . " " .
&& $rule['max-src-conn'] <> "") { "/" . $rule['max-src-conn-rates'] . ", overload <virusprot> flush global ";
$aline['flags'] .= "max-src-conn " . $rule['max-src-conn'] . " "; }
} if (count($advanced_options) > 0) {
if (isset($rule['max-src-states']) && $rule['max-src-states'] <> "") { $aline['flags'] .= "( " . implode(" ", $advanced_options) . " ) ";
$aline['flags'] .= "max-src-states " . $rule['max-src-states'] . " ";
}
if ((in_array($rule['protocol'], array("tcp","tcp/udp")))
&& isset($rule['statetimeout'])
&& $rule['statetimeout'] <> "") {
$aline['flags'] .= "tcp.established " . $rule['statetimeout'] . " ";
}
if ((in_array($rule['protocol'], array("tcp","tcp/udp")))
&& isset($rule['max-src-conn-rate'])
&& $rule['max-src-conn-rate'] <> ""
&& isset($rule['max-src-conn-rates'])
&& $rule['max-src-conn-rates'] <> "") {
$aline['flags'] .= "max-src-conn-rate " . $rule['max-src-conn-rate'] . " ";
$aline['flags'] .= "/" . $rule['max-src-conn-rates'] . ", overload <virusprot> flush global ";
}
$aline['flags'] .= " ) ";
} }
} }
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment