| Rev 8 |
|
Rev 9 |
| Line 28... |
|
Line 28... |
} |
|
} |
|
|
|
if ( ! defined $IPTABLES) { die time," ",$MODNAME,": IPTABLES not configured in module settings...\n"; } |
|
if ( ! defined $IPTABLES) { die time," ",$MODNAME,": IPTABLES not configured in module settings...\n"; } |
|
|
|
print "\nclearing old and setting up new accounting chains\n"; |
|
print "\nclearing old and setting up new accounting chains\n"; |
| |
|
#removing links in main chains |
| |
|
system("$IPTABLES -D INPUT -j acct_input > /dev/null"); |
| |
|
system("$IPTABLES -D OUTPUT -j acct_output > /dev/null"); |
| |
|
system("$IPTABLES -D FORWARD -j acct_forward > /dev/null"); |
| |
|
|
| |
|
#recreating main accounting tables |
| |
|
foreach $chain ("input","output","forward") { |
| |
|
system("$IPTABLES -F acct_$chain > /dev/null"); |
| |
|
system("$IPTABLES -X acct_$chain > /dev/null"); |
| |
|
system("$IPTABLES -N acct_$chain > /dev/null"); |
| |
|
} |
| |
|
|
| |
|
#recreating particular accounting tables |
foreach $prt ("tcp","udp","other") { |
|
foreach $prt ("tcp","udp","other") { |
system("$IPTABLES -F acct_ext_$prt > /dev/null"); |
|
system("$IPTABLES -F acct_ext_$prt > /dev/null"); |
system("$IPTABLES -X acct_ext_$prt > /dev/null"); |
|
|
system("$IPTABLES -F acct_int_$prt > /dev/null"); |
|
system("$IPTABLES -F acct_int_$prt > /dev/null"); |
| |
|
system("$IPTABLES -X acct_ext_$prt > /dev/null"); |
system("$IPTABLES -X acct_int_$prt > /dev/null"); |
|
system("$IPTABLES -X acct_int_$prt > /dev/null"); |
system("$IPTABLES -N acct_ext_$prt > /dev/null"); |
|
system("$IPTABLES -N acct_ext_$prt > /dev/null"); |
system("$IPTABLES -N acct_int_$prt > /dev/null"); |
|
system("$IPTABLES -N acct_int_$prt > /dev/null"); |
} |
|
} |
| |
|
|
| |
|
#linking back accounting to main chains |
| |
|
system("$IPTABLES -I INPUT -j acct_input > /dev/null"); |
| |
|
system("$IPTABLES -I OUTPUT -j acct_output > /dev/null"); |
| |
|
system("$IPTABLES -I FORWARD -j acct_forward > /dev/null"); |
|
|
|
# |
|
# |
# set up Accounting for unique IPs in subnet... |
|
# set up Accounting for unique IPs in subnet... |
# |
|
# |
|
|
|
| Line 83... |
|
Line 101... |
system("$IPTABLES -I input -i $dev -j acct_ext > /dev/null"); |
|
system("$IPTABLES -I input -i $dev -j acct_ext > /dev/null"); |
system("$IPTABLES -I output -i $dev -j acct_ext > /dev/null"); |
|
system("$IPTABLES -I output -i $dev -j acct_ext > /dev/null"); |
} |
|
} |
else { |
|
else { |
#this will sent ALL to other chain |
|
#this will sent ALL to other chain |
system("$IPTABLES -I INPUT -i $dev -p all -j acct_ext_other > /dev/null"); |
|
system("$IPTABLES -I acct_input -i $dev -p all -j acct_ext_other > /dev/null"); |
system("$IPTABLES -I OUTPUT -o $dev -p all -j acct_ext_other > /dev/null"); |
|
system("$IPTABLES -I acct_output -o $dev -p all -j acct_ext_other > /dev/null"); |
system("$IPTABLES -I FORWARD -i $dev -p all -j acct_ext_other > /dev/null"); |
|
system("$IPTABLES -I acct_forward -i $dev -p all -j acct_ext_other > /dev/null"); |
system("$IPTABLES -I FORWARD -o $dev -p all -j acct_ext_other > /dev/null"); |
|
system("$IPTABLES -I acct_forward -o $dev -p all -j acct_ext_other > /dev/null"); |
foreach $prt ("tcp","udp") { |
|
foreach $prt ("tcp","udp") { |
system("$IPTABLES -I INPUT -i $dev -p $prt -j acct_ext_$prt > /dev/null"); |
|
system("$IPTABLES -I acct_input -i $dev -p $prt -j acct_ext_$prt > /dev/null"); |
system("$IPTABLES -I OUTPUT -o $dev -p $prt -j acct_ext_$prt > /dev/null"); |
|
system("$IPTABLES -I acct_output -o $dev -p $prt -j acct_ext_$prt > /dev/null"); |
system("$IPTABLES -I FORWARD -i $dev -p $prt -j acct_ext_$prt > /dev/null"); |
|
system("$IPTABLES -I acct_forward -i $dev -p $prt -j acct_ext_$prt > /dev/null"); |
system("$IPTABLES -I FORWARD -o $dev -p $prt -j acct_ext_$prt > /dev/null"); |
|
system("$IPTABLES -I acct_forward -o $dev -p $prt -j acct_ext_$prt > /dev/null"); |
} |
|
} |
} |
|
} |
} |
|
} |
|
|
|
foreach $dev (split(/,/,$INTIF)) { |
|
foreach $dev (split(/,/,$INTIF)) { |
| Line 103... |
|
Line 121... |
system("$IPTABLES -I input -i $dev -j acct_int > /dev/null"); |
|
system("$IPTABLES -I input -i $dev -j acct_int > /dev/null"); |
system("$IPTABLES -I output -i $dev -j acct_int > /dev/null"); |
|
system("$IPTABLES -I output -i $dev -j acct_int > /dev/null"); |
} |
|
} |
else { |
|
else { |
#this will sent ALL to other chain |
|
#this will sent ALL to other chain |
system("$IPTABLES -I INPUT -i $dev -p all -j acct_int_other > /dev/null"); |
|
system("$IPTABLES -I acct_input -i $dev -p all -j acct_int_other > /dev/null"); |
system("$IPTABLES -I OUTPUT -o $dev -p all -j acct_int_other > /dev/null"); |
|
system("$IPTABLES -I acct_output -o $dev -p all -j acct_int_other > /dev/null"); |
system("$IPTABLES -I FORWARD -i $dev -p all -j acct_int_other > /dev/null"); |
|
system("$IPTABLES -I acct_forward -i $dev -p all -j acct_int_other > /dev/null"); |
system("$IPTABLES -I FORWARD -o $dev -p all -j acct_int_other > /dev/null"); |
|
system("$IPTABLES -I acct_forward -o $dev -p all -j acct_int_other > /dev/null"); |
foreach $prt ("tcp","udp") { |
|
foreach $prt ("tcp","udp") { |
system("$IPTABLES -I INPUT -i $dev -p $prt -j acct_int_$prt > /dev/null"); |
|
system("$IPTABLES -I acct_input -i $dev -p $prt -j acct_int_$prt > /dev/null"); |
system("$IPTABLES -I OUTPUT -o $dev -p $prt -j acct_int_$prt > /dev/null"); |
|
system("$IPTABLES -I acct_output -o $dev -p $prt -j acct_int_$prt > /dev/null"); |
system("$IPTABLES -I FORWARD -i $dev -p $prt -j acct_int_$prt > /dev/null"); |
|
system("$IPTABLES -I acct_forward -i $dev -p $prt -j acct_int_$prt > /dev/null"); |
system("$IPTABLES -I FORWARD -o $dev -p $prt -j acct_int_$prt > /dev/null"); |
|
system("$IPTABLES -I acct_forward -o $dev -p $prt -j acct_int_$prt > /dev/null"); |
} |
|
} |
} |
|
} |
} |
|
} |
print "\n\nAll done! - accounting should be running now!\n"; |
|
print "\n\nAll done! - accounting should be running now!\n"; |
|
|
|
