#!/usr/bin/env perl use warnings; use diagnostics; use lib "../../lib"; use HotSaNICparser; # read global settings # $MODNAME=HotSaNICparser::get_module_name(); # read module-specific settings # foreach (HotSaNICparser::read_settings(".")) { ($var,$value)=HotSaNICparser::parse_line($_); if ($var eq "INTIF") { $INTIF=$value; } if ($var eq "IPTABLES") { $IPTABLES=$value; } if ($var eq "EXTIF") { $EXTIF=$value; } if ($var eq "DEVEXT") { ($dev,$maxin,$maxout,$descr)=split(/,/,$value); push @WORLDDEST,$dev; } if ($var eq "DEVINT") { ($dev,$maxin,$maxout,$descr)=split(/,/,$value); push @LOCALDEST,$dev; } } if ( ! defined $IPTABLES) { die time," ",$MODNAME,": IPTABLES not configured in module settings...\n"; } print "clearing old accounting chains\n"; foreach $dev (split(/,/,$EXTIF)) { if ($IPTABLES =~ /ipchains/) { system("$IPTABLES -D input -i $dev -j acct_ext > /dev/null"); system("$IPTABLES -D output -i $dev -j acct_ext > /dev/null"); } else { system("$IPTABLES -D INPUT -i $dev -j acct_ext > /dev/null"); system("$IPTABLES -D OUTPUT -o $dev -j acct_ext > /dev/null"); system("$IPTABLES -D FORWARD -i $dev -j acct_ext > /dev/null"); system("$IPTABLES -D FORWARD -o $dev -j acct_ext > /dev/null"); } } system("$IPTABLES -F acct_ext > /dev/null"); system("$IPTABLES -X acct_ext > /dev/null"); foreach $dev (split(/,/,$INTIF)) { if ($IPTABLES =~ /ipchains/) { system("$IPTABLES -D input -i $dev -j acct_int > /dev/null"); system("$IPTABLES -D output -i $dev -j acct_int > /dev/null"); } else { system("$IPTABLES -D INPUT -i $dev -j acct_int > /dev/null"); system("$IPTABLES -D OUTPUT -o $dev -j acct_int > /dev/null"); system("$IPTABLES -D FORWARD -i $dev -j acct_int > /dev/null"); system("$IPTABLES -D FORWARD -o $dev -j acct_int > /dev/null"); } } system("$IPTABLES -F acct_int > /dev/null "); system("$IPTABLES -X acct_int > /dev/null"); print "\nsetting up accounting chains\n"; system("$IPTABLES -N acct_ext > /dev/null"); system("$IPTABLES -N acct_int > /dev/null"); # # set up Accounting for unique IPs in subnet... # print "\naccounting for local targets\n"; foreach $host (@LOCALDEST) { print " ",$host,"\n"; foreach $prt ("tcp","udp","icmp","all") { system("$IPTABLES -A acct_int -s $host -p $prt"); system("$IPTABLES -A acct_int -d $host -p $prt"); } } # # set up accounting for dedicated networks to loacl subnet # print "\naccounting for externel targets\n"; foreach $host (@WORLDDEST) { print " ",$host,"\n"; foreach $prt ("tcp","udp","icmp","all") { system("$IPTABLES -A acct_ext -s $host -p $prt"); system("$IPTABLES -A acct_ext -d $host -p $prt"); } } print "\nlinking accounting chains to INPUT/OUTPUT chain\n"; foreach $dev (split(/,/,$EXTIF)) { if ($IPTABLES =~ /ipchains/) { system("$IPTABLES -I input -i $dev -j acct_ext > /dev/null"); system("$IPTABLES -I output -i $dev -j acct_ext > /dev/null"); } else { system("$IPTABLES -I INPUT -i $dev -j acct_ext > /dev/null"); system("$IPTABLES -I OUTPUT -o $dev -j acct_ext > /dev/null"); system("$IPTABLES -I FORWARD -i $dev -j acct_ext > /dev/null"); system("$IPTABLES -I FORWARD -o $dev -j acct_ext > /dev/null"); } } foreach $dev (split(/,/,$INTIF)) { if ($IPTABLES =~ /ipchains/) { system("$IPTABLES -I input -i $dev -j acct_int > /dev/null"); system("$IPTABLES -I output -i $dev -j acct_int > /dev/null"); } else { system("$IPTABLES -I INPUT -i $dev -j acct_int > /dev/null"); system("$IPTABLES -I OUTPUT -o $dev -j acct_int > /dev/null"); system("$IPTABLES -I FORWARD -i $dev -j acct_int > /dev/null"); system("$IPTABLES -I FORWARD -o $dev -j acct_int > /dev/null"); } } print "\n\nAll done! - accounting should be running now!\n"; WebSVN - hotsanic - Blame - Rev 5 - /branches/HotSaNIC-0.5.0-jablonecka/modules/networks/init
  jablonka.czprosek.czf

hotsanic

Subversion Repositories:
[/] [branches/] [HotSaNIC-0.5.0-jablonecka/] [modules/] [networks/] [init] - Blame information for rev 5

 

Line No. Rev Author Line

Powered by WebSVN 2.2.1