jablonka.czprosek.czf

hotsanic

 Subversion Repositories:
[/] [trunk/] [modules/] [networks/] [init] - Diff between revs 1 and 5

Show entire file Ignore whitespace

Rev 1 Rev 5
Line 27... Line 27...
} }
} }
   
if ( ! defined $IPTABLES) { die time," ",$MODNAME,": IPTABLES not configured in module settings...\n"; } if ( ! defined $IPTABLES) { die time," ",$MODNAME,": IPTABLES not configured in module settings...\n"; }
   
print "clearing old accounting chains\n"; print "\nclearing old and setting up new accounting chains\n";
foreach $dev (split(/,/,$EXTIF)) { foreach $prt ("tcp","udp","icmp","all") {
if ($IPTABLES =~ /ipchains/) { system("$IPTABLES -F acct_ext_$prt > /dev/null");
system("$IPTABLES -D input -i $dev -j acct_ext > /dev/null"); system("$IPTABLES -X acct_ext_$prt > /dev/null");
system("$IPTABLES -D output -i $dev -j acct_ext > /dev/null"); system("$IPTABLES -F acct_int_$prt > /dev/null ");
} system("$IPTABLES -X acct_int_$prt > /dev/null");
else { system("$IPTABLES -N acct_ext_$prt > /dev/null");
system("$IPTABLES -D INPUT -i $dev -j acct_ext > /dev/null"); system("$IPTABLES -N acct_int_$prt > /dev/null");
system("$IPTABLES -D OUTPUT -o $dev -j acct_ext > /dev/null");  
system("$IPTABLES -D FORWARD -i $dev -j acct_ext > /dev/null");  
system("$IPTABLES -D FORWARD -o $dev -j acct_ext > /dev/null");  
}  
} }
system("$IPTABLES -F acct_ext > /dev/null");  
system("$IPTABLES -X acct_ext > /dev/null");  
   
foreach $dev (split(/,/,$INTIF)) {  
if ($IPTABLES =~ /ipchains/) {  
system("$IPTABLES -D input -i $dev -j acct_int > /dev/null");  
system("$IPTABLES -D output -i $dev -j acct_int > /dev/null");  
}  
else {  
system("$IPTABLES -D INPUT -i $dev -j acct_int > /dev/null");  
system("$IPTABLES -D OUTPUT -o $dev -j acct_int > /dev/null");  
system("$IPTABLES -D FORWARD -i $dev -j acct_int > /dev/null");  
system("$IPTABLES -D FORWARD -o $dev -j acct_int > /dev/null");  
}  
}  
system("$IPTABLES -F acct_int > /dev/null ");  
system("$IPTABLES -X acct_int > /dev/null");  
   
print "\nsetting up accounting chains\n";  
system("$IPTABLES -N acct_ext > /dev/null");  
system("$IPTABLES -N acct_int > /dev/null");  
   
# #
# set up Accounting for unique IPs in subnet... # set up Accounting for unique IPs in subnet...
# #
   
print "\naccounting for local targets\n"; print "\naccounting for local targets\n";
   
foreach $host (@LOCALDEST) { foreach $host (@LOCALDEST) {
print " ",$host,"\n"; print " ",$host,"\n";
foreach $prt ("tcp","udp","icmp","all") { foreach $prt ("tcp","udp","icmp","all") {
system("$IPTABLES -A acct_int -s $host -p $prt"); system("$IPTABLES -A acct_int_$prt -s $host");
system("$IPTABLES -A acct_int -d $host -p $prt"); system("$IPTABLES -A acct_int_$prt -d $host");
} }
} }
   
# #
# set up accounting for dedicated networks to loacl subnet # set up accounting for dedicated networks to local subnet
# #
   
print "\naccounting for externel targets\n"; print "\naccounting for externel targets\n";
   
foreach $host (@WORLDDEST) { foreach $host (@WORLDDEST) {
print " ",$host,"\n"; print " ",$host,"\n";
foreach $prt ("tcp","udp","icmp","all") { foreach $prt ("tcp","udp","icmp","all") {
system("$IPTABLES -A acct_ext -s $host -p $prt"); system("$IPTABLES -A acct_ext_$prt -s $host");
system("$IPTABLES -A acct_ext -d $host -p $prt"); system("$IPTABLES -A acct_ext_$prt -d $host");
} }
} }
   
print "\nlinking accounting chains to INPUT/OUTPUT chain\n"; print "\nlinking accounting chains to INPUT/OUTPUT chain\n";
foreach $dev (split(/,/,$EXTIF)) { foreach $dev (split(/,/,$EXTIF)) {
if ($IPTABLES =~ /ipchains/) { if ($IPTABLES =~ /ipchains/) {
system("$IPTABLES -I input -i $dev -j acct_ext > /dev/null"); system("$IPTABLES -I input -i $dev -j acct_ext > /dev/null");
system("$IPTABLES -I output -i $dev -j acct_ext > /dev/null"); system("$IPTABLES -I output -i $dev -j acct_ext > /dev/null");
} }
else { else {
system("$IPTABLES -I INPUT -i $dev -j acct_ext > /dev/null"); foreach $prt ("tcp","udp","icmp","all") {
system("$IPTABLES -I OUTPUT -o $dev -j acct_ext > /dev/null"); system("$IPTABLES -I INPUT -i $dev -p $prt -j acct_ext_$prt > /dev/null");
system("$IPTABLES -I FORWARD -i $dev -j acct_ext > /dev/null"); system("$IPTABLES -I OUTPUT -o $dev -p $prt -j acct_ext_$prt > /dev/null");
system("$IPTABLES -I FORWARD -o $dev -j acct_ext > /dev/null"); system("$IPTABLES -I FORWARD -i $dev -p $prt -j acct_ext_$prt > /dev/null");
  system("$IPTABLES -I FORWARD -o $dev -p $prt -j acct_ext_$prt > /dev/null");
  }
} }
} }
   
foreach $dev (split(/,/,$INTIF)) { foreach $dev (split(/,/,$INTIF)) {
if ($IPTABLES =~ /ipchains/) { if ($IPTABLES =~ /ipchains/) {
system("$IPTABLES -I input -i $dev -j acct_int > /dev/null"); system("$IPTABLES -I input -i $dev -j acct_int > /dev/null");
system("$IPTABLES -I output -i $dev -j acct_int > /dev/null"); system("$IPTABLES -I output -i $dev -j acct_int > /dev/null");
} }
else { else {
system("$IPTABLES -I INPUT -i $dev -j acct_int > /dev/null"); foreach $prt ("tcp","udp","icmp","all") {
system("$IPTABLES -I OUTPUT -o $dev -j acct_int > /dev/null"); system("$IPTABLES -I INPUT -i $dev -p $prt -j acct_int_$prt > /dev/null");
system("$IPTABLES -I FORWARD -i $dev -j acct_int > /dev/null"); system("$IPTABLES -I OUTPUT -o $dev -p $prt -j acct_int_$prt > /dev/null");
system("$IPTABLES -I FORWARD -o $dev -j acct_int > /dev/null"); system("$IPTABLES -I FORWARD -i $dev -p $prt -j acct_int_$prt > /dev/null");
  system("$IPTABLES -I FORWARD -o $dev -p $prt -j acct_int_$prt > /dev/null");
  }
} }
} }
print "\n\nAll done! - accounting should be running now!\n"; print "\n\nAll done! - accounting should be running now!\n";
   
   

Powered by WebSVN 2.2.1