jablonka.czprosek.czf

hotsanic

Subversion Repositories:
[/] [trunk/] [modules/] [networks/] [init] - Blame information for rev 5

 

Line No. Rev Author Line
11simandl#!/usr/bin/env perl
2use warnings;
3use diagnostics;
4 
5use lib "../../lib";
6use HotSaNICparser;
7 
8# read global settings
9#
10$MODNAME=HotSaNICparser::get_module_name();
11 
12# read module-specific settings
13#
14 
15foreach (HotSaNICparser::read_settings(".")) {
16 ($var,$value)=HotSaNICparser::parse_line($_);
17 if ($var eq "INTIF") { $INTIF=$value; }
18 if ($var eq "IPTABLES") { $IPTABLES=$value; }
19 if ($var eq "EXTIF") { $EXTIF=$value; }
20 if ($var eq "DEVEXT") {
21 ($dev,$maxin,$maxout,$descr)=split(/,/,$value);
22 push @WORLDDEST,$dev;
23 }
24 if ($var eq "DEVINT") {
25 ($dev,$maxin,$maxout,$descr)=split(/,/,$value);
26 push @LOCALDEST,$dev;
27 }
28 }
29 
30if ( ! defined $IPTABLES) { die time," ",$MODNAME,": IPTABLES not configured in module settings...\n"; }
31 
325simandlprint "\nclearing old and setting up new accounting chains\n";
33foreach $prt ("tcp","udp","icmp","all") {
34 system("$IPTABLES -F acct_ext_$prt > /dev/null");
35 system("$IPTABLES -X acct_ext_$prt > /dev/null");
36 system("$IPTABLES -F acct_int_$prt > /dev/null ");
37 system("$IPTABLES -X acct_int_$prt > /dev/null");
38 system("$IPTABLES -N acct_ext_$prt > /dev/null");
39 system("$IPTABLES -N acct_int_$prt > /dev/null");
401simandl }
41 
42#
43# set up Accounting for unique IPs in subnet...
44#
45 
46print "\naccounting for local targets\n";
47 
48foreach $host (@LOCALDEST) {
49 print " ",$host,"\n";
50 foreach $prt ("tcp","udp","icmp","all") {
515simandl system("$IPTABLES -A acct_int_$prt -s $host");
52 system("$IPTABLES -A acct_int_$prt -d $host");
531simandl }
54 }
55 
56#
575simandl# set up accounting for dedicated networks to local subnet
581simandl#
59 
60print "\naccounting for externel targets\n";
61 
62foreach $host (@WORLDDEST) {
63 print " ",$host,"\n";
64 foreach $prt ("tcp","udp","icmp","all") {
655simandl system("$IPTABLES -A acct_ext_$prt -s $host");
66 system("$IPTABLES -A acct_ext_$prt -d $host");
671simandl }
68 }
69 
70print "\nlinking accounting chains to INPUT/OUTPUT chain\n";
71foreach $dev (split(/,/,$EXTIF)) {
72 if ($IPTABLES =~ /ipchains/) {
73 system("$IPTABLES -I input -i $dev -j acct_ext > /dev/null");
74 system("$IPTABLES -I output -i $dev -j acct_ext > /dev/null");
75 }
76 else {
775simandl foreach $prt ("tcp","udp","icmp","all") {
78 system("$IPTABLES -I INPUT -i $dev -p $prt -j acct_ext_$prt > /dev/null");
79 system("$IPTABLES -I OUTPUT -o $dev -p $prt -j acct_ext_$prt > /dev/null");
80 system("$IPTABLES -I FORWARD -i $dev -p $prt -j acct_ext_$prt > /dev/null");
81 system("$IPTABLES -I FORWARD -o $dev -p $prt -j acct_ext_$prt > /dev/null");
82 }
831simandl }
84 }
855simandl 
861simandlforeach $dev (split(/,/,$INTIF)) {
87 if ($IPTABLES =~ /ipchains/) {
88 system("$IPTABLES -I input -i $dev -j acct_int > /dev/null");
89 system("$IPTABLES -I output -i $dev -j acct_int > /dev/null");
90 }
91 else {
925simandl foreach $prt ("tcp","udp","icmp","all") {
93 system("$IPTABLES -I INPUT -i $dev -p $prt -j acct_int_$prt > /dev/null");
94 system("$IPTABLES -I OUTPUT -o $dev -p $prt -j acct_int_$prt > /dev/null");
95 system("$IPTABLES -I FORWARD -i $dev -p $prt -j acct_int_$prt > /dev/null");
96 system("$IPTABLES -I FORWARD -o $dev -p $prt -j acct_int_$prt > /dev/null");
97 }
981simandl }
99 }
100print "\n\nAll done! - accounting should be running now!\n";
101 

Powered by WebSVN 2.2.1