[ previous ] [ next ] [ threads ]
 
 From:  Kris Maglione <bsdaemon at comcast dot net>
 To:  m0n0wall dash dev at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall-dev] Reject with 'tcp/udp'
 Date:  Sun, 11 Sep 2005 15:56:12 -0400 
Sorry, reposted with mutt... for some reason, thunderbird replaced tabs with 4
spaces.

$rulelist = $config['filter']['rule'];
foreach ($rulelist as $rule) {
    if (isset($rule['disabled'])) {
	splice($rulelist,key($rulelist),1);
	prev($rulelist);
	continue;
    }

    if ($rule['type']     == 'reject' &&
	$rule['protocol'] == 'tcp/udp') {

	$ruleTCP = $rule;
	$ruleTCP['protocol'] = 'tcp';
	$ruleUDP = $rule;
	$ruleTCP['protocol'] = 'udp';

	splice($rulelist,key($rulelist),1,array($ruleTCP,$ruleUDP));
	prev($rulelist);
	continue;
    }

    if (isset($rule['natmap'])) {
	$natmap = $rule['natmap'];
	$natmaprule = 0; // Not sure about scoping in PHP...
	foreach ($config['nat']['rule'] as $natrule) {
	    if ($natrule['ruleid'] == $natmap) {
		$natmaprule = $natrule;
		break;
	    }
	}
	unset($rule['natmap']);
	$rule['interface']   = $natmaprule['interface'];
	$rule['protocol']    = $natmaprule['protocol'];
	$rule['destination'] = array('address' => $natmaprule['target'],
				     'port'    => $natmaprule['local-port']);
	$rulelist[key($rulelist)] = $rule;
	prev($rulelist);
	continue;
    }
}
foreach ($rulelist as $rule) {
    // spit out ipf ruleset
    ...
}