Commit 82c98816 authored by Ad Schellevis's avatar Ad Schellevis

(legacy style code) work on https://github.com/opnsense/core/issues/405 packet...

(legacy style code) work on https://github.com/opnsense/core/issues/405 packet normalisation, needed for further restructure and cleanup of filter code.
parent 0652bd06
......@@ -421,6 +421,51 @@ function filter_generate_scrubing(&$FilterIflist)
}
}
}
if (!empty($config['filter']['scrub']['rule'])) {
foreach ($config['filter']['scrub']['rule'] as $scrub_rule) {
if (!isset($scrub_rule['disabled'])) {
$scrub_rule_out = "scrub on ";
$interfaces = array();
foreach (explode(',', $scrub_rule['interface']) as $interface) {
if (!empty($FilterIflist[$interface]['if'])) {
$interfaces[] = $FilterIflist[$interface]['if'];
}
}
$scrub_rule_out .= count($interfaces) > 1 ? "{ ". implode(' ', $interfaces) . " } " : $interfaces[0];
$scrub_rule_out .= $scrub_rule['proto'] != 'any' ? " proto " . $scrub_rule['proto'] : "";
$scrub_rule_out .= " from ";
if (is_alias($scrub_rule['src'])) {
$scrub_rule_out .= !empty($scrub_rule['srcnot']) ? "!" : "";
$scrub_rule_out .= '$'.$scrub_rule['src'];
} elseif (is_ipaddr($scrub_rule['src'])) {
$scrub_rule_out .= !empty($scrub_rule['srcnot']) ? "!" : "";
$scrub_rule_out .= $scrub_rule['src'] . "/" . $scrub_rule['srcmask'];
} else {
$scrub_rule_out .= "any";
}
$scrub_rule_out .= " to ";
if (is_alias($scrub_rule['dst'])) {
$scrub_rule_out .= !empty($scrub_rule['dstnot']) ? "!" : "";
$scrub_rule_out .= '$'.$scrub_rule['dst'];
} elseif (is_ipaddr($scrub_rule['dst'])) {
$scrub_rule_out .= !empty($scrub_rule['dstnot']) ? "!" : "";
$scrub_rule_out .= $scrub_rule['dst'] . "/" . $scrub_rule['dstmask'];
} else {
$scrub_rule_out .= "any";
}
$scrub_rule_out .= !empty($scrub_rule['dstport']) ? " port " . $scrub_rule['dstport'] : "";
$scrub_rule_out .= !empty($scrub_rule['no-df']) ? " no-df " : "";
$scrub_rule_out .= !empty($scrub_rule['random-id']) ? " random-id " : "";
$scrub_rule_out .= !empty($scrub_rule['max-mss']) ? " max-mss " . $scrub_rule['max-mss'] . " " : "";
$scrub_rule_out .= !empty($scrub_rule['min-ttl']) ? " min-ttl " . $scrub_rule['min-ttl'] . " " : "";
$scrub_rule_out .= !empty($scrub_rule['set-tos']) ? " set-tos " . $scrub_rule['set-tos'] . " " : "";
$scrub_rule_out .= "\n";
$scrubrules .= $scrub_rule_out;
}
}
}
return $scrubrules;
}
......
This diff is collapsed.
This diff is collapsed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment