jablonka.czprosek.czf

hotsanic

Subversion Repositories:
[/] [trunk/] [modules/] [networks/] [init] - Diff between revs 5 and 6

Show entire file Ignore whitespace

Rev 5 Rev 6
Line 28... Line 28...
} }
   
if ( ! defined $IPTABLES) { die time," ",$MODNAME,": IPTABLES not configured in module settings...\n"; } if ( ! defined $IPTABLES) { die time," ",$MODNAME,": IPTABLES not configured in module settings...\n"; }
   
print "\nclearing old and setting up new accounting chains\n"; print "\nclearing old and setting up new accounting chains\n";
foreach $prt ("tcp","udp","icmp","all") { foreach $prt ("tcp","udp","other") {
system("$IPTABLES -F acct_ext_$prt > /dev/null"); system("$IPTABLES -F acct_ext_$prt > /dev/null");
system("$IPTABLES -X acct_ext_$prt > /dev/null"); system("$IPTABLES -X acct_ext_$prt > /dev/null");
system("$IPTABLES -F acct_int_$prt > /dev/null "); system("$IPTABLES -F acct_int_$prt > /dev/null ");
system("$IPTABLES -X acct_int_$prt > /dev/null"); system("$IPTABLES -X acct_int_$prt > /dev/null");
system("$IPTABLES -N acct_ext_$prt > /dev/null"); system("$IPTABLES -N acct_ext_$prt > /dev/null");
Line 45... Line 45...
   
print "\naccounting for local targets\n"; print "\naccounting for local targets\n";
   
foreach $host (@LOCALDEST) { foreach $host (@LOCALDEST) {
print " ",$host,"\n"; print " ",$host,"\n";
foreach $prt ("tcp","udp","icmp","all") { foreach $prt ("tcp","udp") {
system("$IPTABLES -A acct_int_$prt -s $host"); system("$IPTABLES -A acct_int_$prt -s $host");
system("$IPTABLES -A acct_int_$prt -d $host"); system("$IPTABLES -A acct_int_$prt -d $host");
} }
  system("$IPTABLES -A acct_int_other -s $host");
  system("$IPTABLES -A acct_int_other -d $host");
} }
  #this will kick out all tcp and udp from other accounting chain
  system("$IPTABLES -I acct_int_other -p tcp -j RETURN");
  system("$IPTABLES -I acct_int_other -p udp -j RETURN");
   
# #
# set up accounting for dedicated networks to local subnet # set up accounting for dedicated networks to local subnet
# #
   
print "\naccounting for externel targets\n"; print "\naccounting for externel targets\n";
   
foreach $host (@WORLDDEST) { foreach $host (@WORLDDEST) {
print " ",$host,"\n"; print " ",$host,"\n";
foreach $prt ("tcp","udp","icmp","all") { foreach $prt ("tcp","udp") {
system("$IPTABLES -A acct_ext_$prt -s $host"); system("$IPTABLES -A acct_ext_$prt -s $host");
system("$IPTABLES -A acct_ext_$prt -d $host"); system("$IPTABLES -A acct_ext_$prt -d $host");
} }
  system("$IPTABLES -A acct_ext_other -s $host");
  system("$IPTABLES -A acct_ext_other -d $host");
} }
  #this will kick out all tcp and udp from other accounting chain
  system("$IPTABLES -I acct_ext_other -p tcp -j RETURN");
  system("$IPTABLES -I acct_ext_other -p udp -j RETURN");
   
print "\nlinking accounting chains to INPUT/OUTPUT chain\n"; print "\nlinking accounting chains to INPUT/OUTPUT chain\n";
foreach $dev (split(/,/,$EXTIF)) { foreach $dev (split(/,/,$EXTIF)) {
if ($IPTABLES =~ /ipchains/) { if ($IPTABLES =~ /ipchains/) {
system("$IPTABLES -I input -i $dev -j acct_ext > /dev/null"); system("$IPTABLES -I input -i $dev -j acct_ext > /dev/null");
system("$IPTABLES -I output -i $dev -j acct_ext > /dev/null"); system("$IPTABLES -I output -i $dev -j acct_ext > /dev/null");
} }
else { else {
foreach $prt ("tcp","udp","icmp","all") { #this will sent ALL to other chain
  system("$IPTABLES -I INPUT -i $dev -p all -j acct_ext_other > /dev/null");
  system("$IPTABLES -I OUTPUT -o $dev -p all -j acct_ext_other > /dev/null");
  system("$IPTABLES -I FORWARD -i $dev -p all -j acct_ext_other > /dev/null");
  system("$IPTABLES -I FORWARD -o $dev -p all -j acct_ext_other > /dev/null");
  foreach $prt ("tcp","udp") {
system("$IPTABLES -I INPUT -i $dev -p $prt -j acct_ext_$prt > /dev/null"); system("$IPTABLES -I INPUT -i $dev -p $prt -j acct_ext_$prt > /dev/null");
system("$IPTABLES -I OUTPUT -o $dev -p $prt -j acct_ext_$prt > /dev/null"); system("$IPTABLES -I OUTPUT -o $dev -p $prt -j acct_ext_$prt > /dev/null");
system("$IPTABLES -I FORWARD -i $dev -p $prt -j acct_ext_$prt > /dev/null"); system("$IPTABLES -I FORWARD -i $dev -p $prt -j acct_ext_$prt > /dev/null");
system("$IPTABLES -I FORWARD -o $dev -p $prt -j acct_ext_$prt > /dev/null"); system("$IPTABLES -I FORWARD -o $dev -p $prt -j acct_ext_$prt > /dev/null");
} }
Line 87... Line 102...
if ($IPTABLES =~ /ipchains/) { if ($IPTABLES =~ /ipchains/) {
system("$IPTABLES -I input -i $dev -j acct_int > /dev/null"); system("$IPTABLES -I input -i $dev -j acct_int > /dev/null");
system("$IPTABLES -I output -i $dev -j acct_int > /dev/null"); system("$IPTABLES -I output -i $dev -j acct_int > /dev/null");
} }
else { else {
foreach $prt ("tcp","udp","icmp","all") { #this will sent ALL to other chain
  system("$IPTABLES -I INPUT -i $dev -p all -j acct_int_other > /dev/null");
  system("$IPTABLES -I OUTPUT -o $dev -p all -j acct_int_other > /dev/null");
  system("$IPTABLES -I FORWARD -i $dev -p all -j acct_int_other > /dev/null");
  system("$IPTABLES -I FORWARD -o $dev -p all -j acct_int_other > /dev/null");
  foreach $prt ("tcp","udp") {
system("$IPTABLES -I INPUT -i $dev -p $prt -j acct_int_$prt > /dev/null"); system("$IPTABLES -I INPUT -i $dev -p $prt -j acct_int_$prt > /dev/null");
system("$IPTABLES -I OUTPUT -o $dev -p $prt -j acct_int_$prt > /dev/null"); system("$IPTABLES -I OUTPUT -o $dev -p $prt -j acct_int_$prt > /dev/null");
system("$IPTABLES -I FORWARD -i $dev -p $prt -j acct_int_$prt > /dev/null"); system("$IPTABLES -I FORWARD -i $dev -p $prt -j acct_int_$prt > /dev/null");
system("$IPTABLES -I FORWARD -o $dev -p $prt -j acct_int_$prt > /dev/null"); system("$IPTABLES -I FORWARD -o $dev -p $prt -j acct_int_$prt > /dev/null");
} }

Powered by WebSVN 2.2.1