На каждом тарифном плане своё правило фаервола и свой ИП.
При включении интернета такая картина:
rfw.log:
?Debug : Aug 13 05:07:05 RFW URFA[plugin]: Got 'exec' command...
?Debug : Aug 13 05:07:05 FWCntl: Waiting second child process ... second child pid <8254>
?Debug : Aug 13 05:07:05 FWCntl: Executing command </bin/sh>
?Debug : Aug 13 05:07:05 FWCntl: Second child process <8254> exited with status <-1>
?Debug : Aug 13 05:07:05 FWCntl: Executing FW rule: /netup/utm/enable.sh 172.16.0.206/32 5001 512 pipe is done.
?Debug : Aug 13 05:07:05 RFW URFA[plugin]: Got 'exec' command...
?Debug : Aug 13 05:07:05 FWCntl: Waiting second child process ... second child pid <8260>
?Debug : Aug 13 05:07:05 FWCntl: Executing command </bin/sh>
?Debug : Aug 13 05:07:05 FWCntl: Second child process <8260> exited with status <-1>
?Debug : Aug 13 05:07:05 FWCntl: Executing FW rule: /netup/utm/enable.sh 172.16.0.204/32 5001 512 pipe is done.
?Debug : Aug 13 05:07:05 RFW URFA[plugin]: Got 'exec' command...
?Debug : Aug 13 05:07:05 FWCntl: Waiting second child process ... second child pid <8266>
?Debug : Aug 13 05:07:05 FWCntl: Executing command </bin/sh>
?Debug : Aug 13 05:07:05 FWCntl: Second child process <8266> exited with status <-1>
?Debug : Aug 13 05:07:05 FWCntl: Executing FW rule: /netup/utm/enable.sh 172.16.0.206/32 5001 64 queue is done.
?Debug : Aug 13 05:07:05 RFW URFA[plugin]: Got 'exec' command...
?Debug : Aug 13 05:07:05 FWCntl: Waiting second child process ... second child pid <8272>
?Debug : Aug 13 05:07:05 FWCntl: Executing command </bin/sh>
?Debug : Aug 13 05:07:05 FWCntl: Second child process <8272> exited with status <-1>
?Debug : Aug 13 05:07:05 FWCntl: Executing FW rule: /netup/utm/enable.sh 172.16.0.204/32 5001 64 queue is done.
То есть вместо 2-х команд получаем четыре: 2 команды с правилом первого тарифа для каждого IP, и 2 команды с правилом для второго тарифа с каждым IP.
Соответственно инет включается для обеих тарифов по правилу первого тарифа.
Смотрим debug.log:
?Debug : Aug 13 05:17:51 BusLogic: try to execute 39
?Debug : Aug 13 05:17:51 BusLogic: hw_block_handler with code 39
?Debug : Aug 13 05:17:51 BusLogic: hw_block_handler start bla_user_hw_unblock|bla_user_hw_block
?Debug : Aug 13 05:17:51 DBCtx: SQL SELECT query: SELECT rule_on,rule_off,router_id FROM firewall_rules WHERE is_deleted='0' AND ((uid='1' AND uid!='0') OR is_for_all='1' OR (( group_id='301' OR group_id='1304' OR group_id='10000' OR group_id='1300' OR group_id='102') AND group_id!='0') OR ((tariff_id='419' OR tariff_id='399') AND tariff_id!='0'))
?Debug : Aug 13 05:17:51 ModFWMan: Ready to execute 2 FW rules for UID 1. State:1
?Debug : Aug 13 05:17:51 DBCtx: SQL SELECT query: SELECT id,router_type,router_ip,login,password,router_comments FROM routers_info WHERE is_deleted='0'
?Debug : Aug 13 05:17:51 ModFWMan: FW rule parse. Setting RULE_ID to <5001> uid <1>
?Debug : Aug 13 05:17:51 ModFWMan: FW rule parse. Substituting ACCOUNT_ID with value <1> original value <0>
?Debug : Aug 13 05:17:51 ModFWMan: FW rule parse. Substituting UBITS with value <32> original value <-1>
?Debug : Aug 13 05:17:51 ModFWMan: FW rule parse. Substituting EMAIL with value <eee@eee.com> (obtained from user data)
?Debug : Aug 13 05:17:51 ModFWMan: Exec [/netup/utm/enable.sh 172.16.0.206/32 5001 512 pipe] on 1
?Debug : Aug 13 05:17:51 FW@172.16.254.254: Sending [/netup/utm/enable.sh 172.16.0.206/32 5001 512 pipe]
?Debug : Aug 13 05:17:51 ModFWMan: FW rule parse. Setting RULE_ID to <5001> uid <1>
?Debug : Aug 13 05:17:51 ModFWMan: FW rule parse. Substituting ACCOUNT_ID with value <1> original value <0>
?Debug : Aug 13 05:17:51 ModFWMan: FW rule parse. Substituting UBITS with value <32> original value <-1>
?Debug : Aug 13 05:17:51 ModFWMan: FW rule parse. Substituting EMAIL with value <eee@eee.com> (obtained from user data)
?Debug : Aug 13 05:17:51 ModFWMan: Exec [/netup/utm/enable.sh 172.16.0.204/32 5001 512 pipe] on 1
?Debug : Aug 13 05:17:51 FW@172.16.254.254: Sending [/netup/utm/enable.sh 172.16.0.204/32 5001 512 pipe]
?Debug : Aug 13 05:17:51 ModFWMan: FW rule parse. Setting RULE_ID to <5001> uid <1>
?Debug : Aug 13 05:17:51 ModFWMan: FW rule parse. Substituting ACCOUNT_ID with value <1> original value <0>
?Debug : Aug 13 05:17:51 ModFWMan: FW rule parse. Substituting UBITS with value <32> original value <-1>
?Debug : Aug 13 05:17:51 ModFWMan: FW rule parse. Substituting EMAIL with value <eee@eee.com> (obtained from user data)
?Debug : Aug 13 05:17:51 ModFWMan: Exec [/netup/utm/enable.sh 172.16.0.206/32 5001 64 queue] on 1
?Debug : Aug 13 05:17:51 FW@172.16.254.254: Sending [/netup/utm/enable.sh 172.16.0.206/32 5001 64 queue]
?Debug : Aug 13 05:17:51 ModFWMan: FW rule parse. Setting RULE_ID to <5001> uid <1>
?Debug : Aug 13 05:17:51 ModFWMan: FW rule parse. Substituting ACCOUNT_ID with value <1> original value <0>
?Debug : Aug 13 05:17:51 ModFWMan: FW rule parse. Substituting UBITS with value <32> original value <-1>
?Debug : Aug 13 05:17:51 ModFWMan: FW rule parse. Substituting EMAIL with value <eee@eee.com> (obtained from user data)
?Debug : Aug 13 05:17:51 ModFWMan: Exec [/netup/utm/enable.sh 172.16.0.204/32 5001 64 queue] on 1
?Debug : Aug 13 05:17:51 FW@172.16.254.254: Sending [/netup/utm/enable.sh 172.16.0.204/32 5001 64 queue]
?Debug : Aug 13 05:17:51 BusLogic: hw_block_handler end bla_user_hw_unblock|bla_user_hw_block
?Debug : Aug 13 05:17:51 BusLogic: finished unknown
То есть правила выполняются четыре раза.
Делаем запрос:
Код: Выделить всё
mysql> SELECT * FROM firewall_rules WHERE is_deleted='0' AND ((uid='1' AND uid!='0') OR is_for_all='1' OR (( group_id='301' OR group_id='1304' OR group_id='10000' OR group_id='1300') AND group_id!='0') OR ((tariff_id='419' OR tariff_id='399') AND tariff_id!='0'));
+----+------------+------+----------+-----------+-------------------------------------------------+----------------------------------------+-----------+------------+
| id | is_for_all | uid | group_id | tariff_id | rule_on | rule_off | router_id | is_deleted |
+----+------------+------+----------+-----------+-------------------------------------------------+----------------------------------------+-----------+------------+
| 45 | 0 | 0 | 0 | 399 | /netup/utm/enable.sh UIP/UBITS RULE_ID 512 pipe | /netup/utm/disable_inet.sh UIP RULE_ID | 1 | 0 |
| 63 | 0 | 0 | 0 | 419 | /netup/utm/enable.sh UIP/UBITS RULE_ID 64 queue | /netup/utm/disable_inet.sh UIP RULE_ID | 1 | 0 |
+----+------------+------+----------+-----------+-------------------------------------------------+----------------------------------------+-----------+------------+
Причём раньше такого не было. Где копать?
Версия 5.1.10-017
Заранее благодарен.