Skip to content

O
OpnSense
Commit 5d286431 authored by Ad Schellevis's avatar Ad Schellevis
Browse files
Options

(filter.inc) restructure filter advanced options

parent d32f08b8
Show whitespace changes
Inline Side-by-side
Showing with 28 additions and 44 deletions
src/etc/inc/filter.inc
View file @ 5d286431
...@@ -2204,50 +2204,34 @@ function filter_generate_user_rule(&$FilterIflist, $rule) ...@@ -2204,50 +2204,34 @@ function filter_generate_user_rule(&$FilterIflist, $rule)
} }
if ($noadvoptions == false) { if ($noadvoptions == false) {
if ((isset($rule['max']) && $rule['max'] <> "") || $advanced_options = array();
(isset($rule['max-src-nodes']) && $rule['max-src-nodes'] <> "") ||
(isset($rule['max-src-states']) && $rule['max-src-states'] <> "") ||
((isset($rule['protocol']) && in_array($rule['protocol'], array("tcp","tcp/udp"))) &&
((isset($rule['statetimeout']) && $rule['statetimeout'] <> "") ||
(isset($rule['max-src-conn']) && $rule['max-src-conn'] <> "") ||
(isset($rule['max-src-conn-rate']) && $rule['max-src-conn-rate'] <> "") ||
(isset($rule['max-src-conn-rates']) && $rule['max-src-conn-rates'] <> ""))) ||
isset($rule['sloppy']) || isset($rule['nopfsync'])) {
$aline['flags'] .= "( ";
if (isset($rule['sloppy'])) { if (isset($rule['sloppy'])) {
$aline['flags'] .= "sloppy "; $advanced_options[] = "sloppy ";
} }
if (isset($rule['nopfsync'])) { if (isset($rule['nopfsync'])) {
$aline['flags'] .= "no-sync "; $advanced_options[] = "no-sync ";
} }
if (isset($rule['max']) && $rule['max'] <> "") { if (isset($rule['max']) && $rule['max'] <> "") {
$aline['flags'] .= "max " . $rule['max'] . " "; $advanced_options[] = "max " . $rule['max'] . " ";
} }
if (isset($rule['max-src-nodes']) && $rule['max-src-nodes'] <> "") { if (isset($rule['max-src-nodes']) && $rule['max-src-nodes'] <> "") {
$aline['flags'] .= "max-src-nodes " . $rule['max-src-nodes'] . " "; $advanced_options[] = "max-src-nodes " . $rule['max-src-nodes'] . " ";
} }
if ((in_array($rule['protocol'], array("tcp","tcp/udp"))) if ((in_array($rule['protocol'], array("tcp","tcp/udp"))) && !empty($rule['max-src-conn'])) {
&& isset($rule['max-src-conn']) $advanced_options[] = "max-src-conn " . $rule['max-src-conn'] . " ";
&& $rule['max-src-conn'] <> "") {
$aline['flags'] .= "max-src-conn " . $rule['max-src-conn'] . " ";
} }
if (isset($rule['max-src-states']) && $rule['max-src-states'] <> "") { if (isset($rule['max-src-states']) && $rule['max-src-states'] <> "") {
$aline['flags'] .= "max-src-states " . $rule['max-src-states'] . " "; $advanced_options[] = "max-src-states " . $rule['max-src-states'] . " ";
} }
if ((in_array($rule['protocol'], array("tcp","tcp/udp"))) if ((in_array($rule['protocol'], array("tcp","tcp/udp"))) && !empty($rule['statetimeout'])) {
&& isset($rule['statetimeout']) $advanced_options[] = "tcp.established " . $rule['statetimeout'] . " ";
&& $rule['statetimeout'] <> "") { }
$aline['flags'] .= "tcp.established " . $rule['statetimeout'] . " "; if ((in_array($rule['protocol'], array("tcp","tcp/udp"))) && !empty($rule['max-src-conn-rate']) && !empty($rule['max-src-conn-rates'])) {
} $advanced_options[] = "max-src-conn-rate " . $rule['max-src-conn-rate'] . " " .
if ((in_array($rule['protocol'], array("tcp","tcp/udp"))) "/" . $rule['max-src-conn-rates'] . ", overload <virusprot> flush global ";
&& isset($rule['max-src-conn-rate']) }
&& $rule['max-src-conn-rate'] <> "" if (count($advanced_options) > 0) {
&& isset($rule['max-src-conn-rates']) $aline['flags'] .= "( " . implode(" ", $advanced_options) . " ) ";
&& $rule['max-src-conn-rates'] <> "") {
$aline['flags'] .= "max-src-conn-rate " . $rule['max-src-conn-rate'] . " ";
$aline['flags'] .= "/" . $rule['max-src-conn-rates'] . ", overload <virusprot> flush global ";
}
$aline['flags'] .= " ) ";
} }
} }
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Technounit-GROUP 2023