jablonka.czprosek.czf

hotsanic

Subversion Repositories:
[/] [branches/] [HotSaNIC-0.5.0-jablonecka/] [modules/] [networks/] [init] - Blame information for rev 27

 

Line No. Rev Author Line
11simandl#!/usr/bin/env perl
2use warnings;
3use diagnostics;
4 
5use lib "../../lib";
6use HotSaNICparser;
7 
8# read global settings
9#
10$MODNAME=HotSaNICparser::get_module_name();
11 
12# read module-specific settings
13#
14 
15foreach (HotSaNICparser::read_settings(".")) {
16 ($var,$value)=HotSaNICparser::parse_line($_);
17 if ($var eq "INTIF") { $INTIF=$value; }
18 if ($var eq "IPTABLES") { $IPTABLES=$value; }
19 if ($var eq "EXTIF") { $EXTIF=$value; }
20 if ($var eq "DEVEXT") {
21 ($dev,$maxin,$maxout,$descr)=split(/,/,$value);
22 push @WORLDDEST,$dev;
23 }
24 if ($var eq "DEVINT") {
25 ($dev,$maxin,$maxout,$descr)=split(/,/,$value);
26 push @LOCALDEST,$dev;
27 }
28 }
29 
30if ( ! defined $IPTABLES) { die time," ",$MODNAME,": IPTABLES not configured in module settings...\n"; }
31 
32print "clearing old accounting chains\n";
33foreach $dev (split(/,/,$EXTIF)) {
34 if ($IPTABLES =~ /ipchains/) {
35 system("$IPTABLES -D input -i $dev -j acct_ext > /dev/null");
36 system("$IPTABLES -D output -i $dev -j acct_ext > /dev/null");
37 }
38 else {
39 system("$IPTABLES -D INPUT -i $dev -j acct_ext > /dev/null");
40 system("$IPTABLES -D OUTPUT -o $dev -j acct_ext > /dev/null");
41 system("$IPTABLES -D FORWARD -i $dev -j acct_ext > /dev/null");
42 system("$IPTABLES -D FORWARD -o $dev -j acct_ext > /dev/null");
43 }
44 }
45system("$IPTABLES -F acct_ext > /dev/null");
46system("$IPTABLES -X acct_ext > /dev/null");
47 
48foreach $dev (split(/,/,$INTIF)) {
49 if ($IPTABLES =~ /ipchains/) {
50 system("$IPTABLES -D input -i $dev -j acct_int > /dev/null");
51 system("$IPTABLES -D output -i $dev -j acct_int > /dev/null");
52 }
53 else {
54 system("$IPTABLES -D INPUT -i $dev -j acct_int > /dev/null");
55 system("$IPTABLES -D OUTPUT -o $dev -j acct_int > /dev/null");
56 system("$IPTABLES -D FORWARD -i $dev -j acct_int > /dev/null");
57 system("$IPTABLES -D FORWARD -o $dev -j acct_int > /dev/null");
58 }
59 }
60system("$IPTABLES -F acct_int > /dev/null ");
61system("$IPTABLES -X acct_int > /dev/null");
62 
63print "\nsetting up accounting chains\n";
64system("$IPTABLES -N acct_ext > /dev/null");
65system("$IPTABLES -N acct_int > /dev/null");
66 
67#
68# set up Accounting for unique IPs in subnet...
69#
70 
71print "\naccounting for local targets\n";
72 
73foreach $host (@LOCALDEST) {
74 print " ",$host,"\n";
75 foreach $prt ("tcp","udp","icmp","all") {
76 system("$IPTABLES -A acct_int -s $host -p $prt");
77 system("$IPTABLES -A acct_int -d $host -p $prt");
78 }
79 }
80 
81#
82# set up accounting for dedicated networks to loacl subnet
83#
84 
85print "\naccounting for externel targets\n";
86 
87foreach $host (@WORLDDEST) {
88 print " ",$host,"\n";
89 foreach $prt ("tcp","udp","icmp","all") {
90 system("$IPTABLES -A acct_ext -s $host -p $prt");
91 system("$IPTABLES -A acct_ext -d $host -p $prt");
92 }
93 }
94 
95print "\nlinking accounting chains to INPUT/OUTPUT chain\n";
96foreach $dev (split(/,/,$EXTIF)) {
97 if ($IPTABLES =~ /ipchains/) {
98 system("$IPTABLES -I input -i $dev -j acct_ext > /dev/null");
99 system("$IPTABLES -I output -i $dev -j acct_ext > /dev/null");
100 }
101 else {
102 system("$IPTABLES -I INPUT -i $dev -j acct_ext > /dev/null");
103 system("$IPTABLES -I OUTPUT -o $dev -j acct_ext > /dev/null");
104 system("$IPTABLES -I FORWARD -i $dev -j acct_ext > /dev/null");
105 system("$IPTABLES -I FORWARD -o $dev -j acct_ext > /dev/null");
106 }
107 }
108foreach $dev (split(/,/,$INTIF)) {
109 if ($IPTABLES =~ /ipchains/) {
110 system("$IPTABLES -I input -i $dev -j acct_int > /dev/null");
111 system("$IPTABLES -I output -i $dev -j acct_int > /dev/null");
112 }
113 else {
114 system("$IPTABLES -I INPUT -i $dev -j acct_int > /dev/null");
115 system("$IPTABLES -I OUTPUT -o $dev -j acct_int > /dev/null");
116 system("$IPTABLES -I FORWARD -i $dev -j acct_int > /dev/null");
117 system("$IPTABLES -I FORWARD -o $dev -j acct_int > /dev/null");
118 }
119 }
120print "\n\nAll done! - accounting should be running now!\n";
121 

Powered by WebSVN 2.2.1