Commit 6e0b70a8 authored by Franco Fichtner's avatar Franco Fichtner

filter: bottom part of nat outbound logging; closes #916

parent 71f7d3c2
......@@ -1316,7 +1316,7 @@ function filter_nat_rules_outbound_automatic(&$FilterIflist, $src)
}
/* Generate a 'nat on' or 'no nat on' rule for given interface */
function filter_nat_rules_generate_if(&$FilterIflist, $if, $src = "any", $srcport = "", $dst = "any", $dstport = "", $natip = "", $natport = "", $nonat = false, $staticnatport = false, $proto = "", $poolopts = "")
function filter_nat_rules_generate_if(&$FilterIflist, $if, $src = "any", $srcport = "", $dst = "any", $dstport = "", $natip = "", $natport = "", $nonat = false, $staticnatport = false, $proto = "", $poolopts = "", $log = false)
{
global $config;
......@@ -1338,6 +1338,10 @@ function filter_nat_rules_generate_if(&$FilterIflist, $if, $src = "any", $srcpor
$tgt = "(" . $FilterIflist[$if]['if'] . ")";
}
}
$logtag = '';
if ($log) {
$logtag = 'log';
}
/* Add the protocol, if defined */
if (!empty($proto) && $proto != "any") {
if ($proto == "tcp/udp") {
......@@ -1396,7 +1400,7 @@ function filter_nat_rules_generate_if(&$FilterIflist, $if, $src = "any", $srcpor
$if_friendly = $FilterIflist[$if]['descr'];
/* Put all the pieces together */
if ($if_friendly) {
$natrule = "{$nat} on \${$if_friendly} {$protocol} from {$src} to {$dst} {$target} {$poolopts} {$staticnatport_txt}\n";
$natrule = "{$nat} {$logtag} on \${$if_friendly} {$protocol} from {$src} to {$dst} {$target} {$poolopts} {$staticnatport_txt}\n";
} else {
$natrule .= "# Could not convert {$if} to friendly name(alias)\n";
}
......@@ -1611,7 +1615,8 @@ function filter_nat_rules_generate(&$FilterIflist)
isset($obent['nonat']),
isset($obent['staticnatport']),
$obent['protocol'],
$poolopts
$poolopts,
isset($obent['log'])
);
}
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment