diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2006-03-18 19:29:05 +0000 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2006-03-18 19:29:05 +0000 |
commit | 2ea778c2ba3b2aed739006fb99d555870d20ea53 (patch) | |
tree | 70eb6222bcffe32525c7df049a4b0723f6e78e0f /etc | |
parent | e1777f87f6d4ecb7e09f641035d89bc9d3533419 (diff) | |
download | pfsense-2ea778c2ba3b2aed739006fb99d555870d20ea53.zip pfsense-2ea778c2ba3b2aed739006fb99d555870d20ea53.tar.gz |
MFC 10682
expand aliases in filter rules to include " ! " on each entry. This achives the desired effect of negating an entire alias.
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/filter.inc | 34 |
1 files changed, 29 insertions, 5 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index dc41ba0..2167589 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1214,8 +1214,20 @@ function generate_user_filter_rule($rule, $ngcounter) { else $not = ""; - if (stristr($expsrc, "$")) - $src = "{ {$not} " . alias_expand_value($rule['source']['address']) . " } "; + if (stristr($expsrc, "$")) { + if($not) { + $src = "{"; + foreach(preg_split("/[\s]+/", alias_expand_value($rule['source']['address'])) as $item) { + if($item != "") { + $src .= " {$not}{$item}"; + } + } + $src .= " }"; + } + else { + $src = "{ {$not} " . alias_expand_value($rule['source']['address']) . " } "; + } + } else $src = "{ {$not} {$expsrc} }"; } @@ -1287,12 +1299,24 @@ function generate_user_filter_rule($rule, $ngcounter) { $expdst = alias_expand($rule['destination']['address']); if (isset($rule['destination']['not'])) - $not = "! "; + $not = "!"; else $not = ""; - if (stristr($expdst, "$")) - $dst = "{ {$not} " . alias_expand_value($rule['destination']['address']) . " } "; + if (stristr($expdst, "$")) { + if($not) { + $dst = "{"; + foreach(preg_split("/[\s]+/", alias_expand_value($rule['destination']['address'])) as $item) { + if($item != "") { + $dst .= " {$not}{$item}"; + } + } + $dst .= " }"; + } + else { + $dst = "{ {$not} " . alias_expand_value($rule['destination']['address']) . " } "; + } + } else $dst = "{ {$not} {$expdst} }"; } |