jablonka.czprosek.czf

hotsanic

Subversion Repositories:
[/] [trunk/] [modules/] [networks/] [init] - Blame information for rev 7

 

Line No. Rev Author Line
11simandl#!/usr/bin/env perl
2use warnings;
3use diagnostics;
4 
5use lib "../../lib";
6use HotSaNICparser;
7 
8# read global settings
9#
10$MODNAME=HotSaNICparser::get_module_name();
11 
12# read module-specific settings
13#
14 
15foreach (HotSaNICparser::read_settings(".")) {
16 ($var,$value)=HotSaNICparser::parse_line($_);
17 if ($var eq "INTIF") { $INTIF=$value; }
18 if ($var eq "IPTABLES") { $IPTABLES=$value; }
19 if ($var eq "EXTIF") { $EXTIF=$value; }
20 if ($var eq "DEVEXT") {
21 ($dev,$maxin,$maxout,$descr)=split(/,/,$value);
22 push @WORLDDEST,$dev;
23 }
24 if ($var eq "DEVINT") {
25 ($dev,$maxin,$maxout,$descr)=split(/,/,$value);
26 push @LOCALDEST,$dev;
27 }
28 }
29 
30if ( ! defined $IPTABLES) { die time," ",$MODNAME,": IPTABLES not configured in module settings...\n"; }
31 
325simandlprint "\nclearing old and setting up new accounting chains\n";
336simandlforeach $prt ("tcp","udp","other") {
345simandl system("$IPTABLES -F acct_ext_$prt > /dev/null");
35 system("$IPTABLES -X acct_ext_$prt > /dev/null");
36 system("$IPTABLES -F acct_int_$prt > /dev/null ");
37 system("$IPTABLES -X acct_int_$prt > /dev/null");
38 system("$IPTABLES -N acct_ext_$prt > /dev/null");
39 system("$IPTABLES -N acct_int_$prt > /dev/null");
401simandl }
41 
42#
43# set up Accounting for unique IPs in subnet...
44#
45 
46print "\naccounting for local targets\n";
47 
48foreach $host (@LOCALDEST) {
49 print " ",$host,"\n";
506simandl foreach $prt ("tcp","udp") {
515simandl system("$IPTABLES -A acct_int_$prt -s $host");
52 system("$IPTABLES -A acct_int_$prt -d $host");
531simandl }
546simandl system("$IPTABLES -A acct_int_other -s $host");
55 system("$IPTABLES -A acct_int_other -d $host");
561simandl }
576simandl#this will kick out all tcp and udp from other accounting chain
58system("$IPTABLES -I acct_int_other -p tcp -j RETURN");
59system("$IPTABLES -I acct_int_other -p udp -j RETURN");
601simandl 
61#
625simandl# set up accounting for dedicated networks to local subnet
631simandl#
64 
65print "\naccounting for externel targets\n";
66 
67foreach $host (@WORLDDEST) {
68 print " ",$host,"\n";
696simandl foreach $prt ("tcp","udp") {
705simandl system("$IPTABLES -A acct_ext_$prt -s $host");
71 system("$IPTABLES -A acct_ext_$prt -d $host");
721simandl }
736simandl system("$IPTABLES -A acct_ext_other -s $host");
74 system("$IPTABLES -A acct_ext_other -d $host");
751simandl }
766simandl#this will kick out all tcp and udp from other accounting chain
77system("$IPTABLES -I acct_ext_other -p tcp -j RETURN");
78system("$IPTABLES -I acct_ext_other -p udp -j RETURN");
791simandl 
80print "\nlinking accounting chains to INPUT/OUTPUT chain\n";
81foreach $dev (split(/,/,$EXTIF)) {
82 if ($IPTABLES =~ /ipchains/) {
83 system("$IPTABLES -I input -i $dev -j acct_ext > /dev/null");
84 system("$IPTABLES -I output -i $dev -j acct_ext > /dev/null");
85 }
86 else {
876simandl #this will sent ALL to other chain
88 system("$IPTABLES -I INPUT -i $dev -p all -j acct_ext_other > /dev/null");
89 system("$IPTABLES -I OUTPUT -o $dev -p all -j acct_ext_other > /dev/null");
90 system("$IPTABLES -I FORWARD -i $dev -p all -j acct_ext_other > /dev/null");
91 system("$IPTABLES -I FORWARD -o $dev -p all -j acct_ext_other > /dev/null");
92 foreach $prt ("tcp","udp") {
935simandl system("$IPTABLES -I INPUT -i $dev -p $prt -j acct_ext_$prt > /dev/null");
94 system("$IPTABLES -I OUTPUT -o $dev -p $prt -j acct_ext_$prt > /dev/null");
95 system("$IPTABLES -I FORWARD -i $dev -p $prt -j acct_ext_$prt > /dev/null");
96 system("$IPTABLES -I FORWARD -o $dev -p $prt -j acct_ext_$prt > /dev/null");
97 }
981simandl }
99 }
1005simandl 
1011simandlforeach $dev (split(/,/,$INTIF)) {
102 if ($IPTABLES =~ /ipchains/) {
103 system("$IPTABLES -I input -i $dev -j acct_int > /dev/null");
104 system("$IPTABLES -I output -i $dev -j acct_int > /dev/null");
105 }
106 else {
1076simandl #this will sent ALL to other chain
108 system("$IPTABLES -I INPUT -i $dev -p all -j acct_int_other > /dev/null");
109 system("$IPTABLES -I OUTPUT -o $dev -p all -j acct_int_other > /dev/null");
110 system("$IPTABLES -I FORWARD -i $dev -p all -j acct_int_other > /dev/null");
111 system("$IPTABLES -I FORWARD -o $dev -p all -j acct_int_other > /dev/null");
112 foreach $prt ("tcp","udp") {
1135simandl system("$IPTABLES -I INPUT -i $dev -p $prt -j acct_int_$prt > /dev/null");
114 system("$IPTABLES -I OUTPUT -o $dev -p $prt -j acct_int_$prt > /dev/null");
115 system("$IPTABLES -I FORWARD -i $dev -p $prt -j acct_int_$prt > /dev/null");
116 system("$IPTABLES -I FORWARD -o $dev -p $prt -j acct_int_$prt > /dev/null");
117 }
1181simandl }
119 }
120print "\n\nAll done! - accounting should be running now!\n";
121 

Powered by WebSVN 2.2.1