<?php
if (isset($_SERVER['REMOTE_ADDR'])) die();
include_once('../../../Common/Global.php');

// Generate firewall rules
exec('/sbin/iptables -t nat -F Block');
exec('/sbin/iptables -t nat -F POSTROUTING');
exec('/sbin/iptables -t nat -F PreroutingDNAT');
//    exec('/sbin/iptables -t nat -A Block -p tcp --destination-port 80 -j REDIRECT --to-ports 3128');


/*
// Blocking according IP address
$DbResult = $Database->select('users', '*', 'inet = 0');
while ($User = $DbResult->fetch_array())
{
  $DbResult2 = $Database->select('hosts', '*', "block<2 AND MAC!='' AND user=".$User['id']);
  while ($Row = $DbResult2->fetch_array())
  {
    exec('/sbin/iptables -t nat -A Block -s '.$Row['IP'].' -j Local');
  }
}
$DbResult = $Database->select('users', '*', 'inet = 1');
while ($User = $DbResult->fetch_array())
{
  $DbResult2 = $Database->select('hosts','*',"block<2 AND MAC!='' AND vpn=1 AND user=".$User['id']);
  while ($Row = $DbResult2->fetch_array())
  {
    exec('/sbin/iptables -t nat -A Block -s '.$Row['IP'].' -j Local');
  }
}

*/

// Blocking according MAC address
$DbResult = $Database->select('users', '*');
while ($User = $DbResult->fetch_array())
{
  //echo($User['fullname']."\n");
  $DbResult2 = $Database->select('hosts', '*', '(block < 2) AND (MAC != "") AND (user='.$User['id'].') AND (IP != external_ip) ORDER BY id DESC');
  while ($Row = $DbResult2->fetch_array())
  {
    //echo(' '.$Row['name']." ".$Row['MAC']." ");
    if ($User['inet'] == 0)
    {
      //if (($Row['block'] == 0) and ($Row['type'] == 1)) exec('/sbin/iptables -t nat -A Block -m mac --mac-source '.$Row['MAC']." -j Proxy");
      //    else exec('/sbin/iptables -t nat -A Block -m mac --mac-source '.$Row['MAC']." -j Local");
    } else {
      if ($Row['vpn'] == 0)
      {
  $CZFreeLocalIP = $Row['IP'];
        //echo($Row['external_ip']."\n");
  //if ($Row['name'] == 'TBC')
  //{
        //  exec('/sbin/iptables -t nat -A PreroutingDNAT -m tcp -p tcp --dport 3724 -d '.$Row['external_ip'].' -j DNAT --to-destination '.$Row['IP'].':3725');
        //  exec('/sbin/iptables -t nat -A POSTROUTING -m tcp -p tcp -s '.$Row['IP'].' --sport 3725 -o '.$InetInterface.' -j SNAT --to-source '.$Row['external_ip'].':3724');
  //}
        if (strtolower($Row['name']) != 'gate')
  {
      if ($Row['external_ip'] != '')
          {
            echo($Row['name'].'='.$Row['external_ip']."\n");

            exec('/sbin/iptables -t nat -A PreroutingDNAT -i '.$InetInterface.' -d '.$Row['external_ip'].' -j DNAT --to-destination '.$Row['IP']);
            exec('/sbin/iptables -t nat -A PreroutingDNAT -i '.$InetInterface.' -d '.$Row['external_ip'].' -j ACCEPT');
            exec('/sbin/iptables -t nat -A POSTROUTING -s '.$Row['IP'].' -o '.$InetInterface.' -j SNAT --to-source '.$Row['external_ip']);
      }
          //exec('/sbin/iptables -t nat -A Block -m mac --mac-source '.$Row['MAC']." -j Proxy");
  }
      }
      else
      {
  $CZFreeLocalIP = $Row['external_ip'];
 //echo('vpn');
        //exec('/sbin/iptables -t nat -A PreroutingDNAT -s '.$Row['IP'].' -p udp -m udp --dport 55556 -j DROP');
        if ($Row['external_ip'] != '') exec('/sbin/iptables -t nat -A PreroutingDNAT -d '.$Row['external_ip'].' -j ACCEPT');
        exec('/sbin/iptables -t nat -A Block -s '.ToVpnIp($Row)." -j Proxy");

        //if ($Row['vpn'] == 1)
  //{
    //exec('/sbin/iptables -t nat -A Block -m mac --mac-source '.$Row['MAC']." -j Local");
        //} else if ($Row['vpn'] == 2) exec('/sbin/iptables -t nat -A Block -m mac --mac-source '.$Row['MAC']." -j Proxy");
      }
      if ($Row['czfree_ip'] != '')
      {
        // CZFree
        exec('/sbin/iptables -t nat -A PreroutingDNAT -i tun0 -d '.$Row['czfree_ip'].' -j DNAT --to-destination '.$CZFreeLocalIP);
        exec('/sbin/iptables -t nat -A PreroutingDNAT -i tun0 -d '.$Row['czfree_ip'].' -j ACCEPT');
        exec('/sbin/iptables -t nat -A POSTROUTING -s '.$CZFreeLocalIP.' -o tun0 -j SNAT --to-source '.$Row['czfree_ip']);
      }
    }
    //echo("\n");
  }
}


// SMTP NAT port 25
//$DbResult = $Database->select('hosts', '*', 'name="mail"');
//$Row = $DbResult->fetch_array();
//exec('/sbin/iptables -t nat -A PreroutingDNAT -p tcp -m tcp --dport 25 -d 212.111.4.174 -j DROP');
//exec('/sbin/iptables -t nat -A PreroutingDNAT -p tcp -m tcp --dport 25 -d '.$Row['external_ip'].' -j DNAT --to-destination '.$Row['IP']);
//exec('/sbin/iptables -t nat -A PreroutingDNAT -p tcp -m tcp --dport 25 -d '.$Row['external_ip'].' -j ACCEPT');
//exec('/sbin/iptables -t nat -A POSTROUTING -p tcp -m tcp --dport 25 -s 212.111.4.174 -o '.$InetInterface.' -j SNAT --to-source '.$Row['external_ip']);

// Local network NAT
$DbResult = $Database->select('hosts', '*', 'name="gate"');
$Row = $DbResult->fetch_array();
exec('/sbin/iptables -t nat -A POSTROUTING -s 192.168.0.0/255.255.0.0 -o  '.$InetInterface.' -j SNAT --to-source '.$Row['external_ip']);
//exec('/sbin/iptables -t nat -A POSTROUTING -s 10.0.0.0/255.0.0.0 -o '.$InetInterface.' -j SNAT --to-source '.$Row['external_ip']);
//exec('/sbin/iptables -t nat -A POSTROUTING -s 212.111.16.94 -o '.$InetInterface.' -j MASQUERADE');

exec('/sbin/iptables-save>/etc/sysconfig/iptables');