hotsanic |
Subversion Repositories: |
Rev 5 | Rev 6 | |
---|---|---|
Line 28... | Line 28... | |
} |
} | |
|
| |
if ( ! defined $IPTABLES) { die time," ",$MODNAME,": IPTABLES not configured in module settings...\n"; } |
if ( ! defined $IPTABLES) { die time," ",$MODNAME,": IPTABLES not configured in module settings...\n"; } | |
|
| |
print "\nclearing old and setting up new accounting chains\n"; |
print "\nclearing old and setting up new accounting chains\n"; | |
foreach $prt ("tcp","udp","icmp","all") { |
foreach $prt ("tcp","udp","other") { | |
system("$IPTABLES -F acct_ext_$prt > /dev/null"); |
system("$IPTABLES -F acct_ext_$prt > /dev/null"); | |
system("$IPTABLES -X acct_ext_$prt > /dev/null"); |
system("$IPTABLES -X acct_ext_$prt > /dev/null"); | |
system("$IPTABLES -F acct_int_$prt > /dev/null "); |
system("$IPTABLES -F acct_int_$prt > /dev/null "); | |
system("$IPTABLES -X acct_int_$prt > /dev/null"); |
system("$IPTABLES -X acct_int_$prt > /dev/null"); | |
system("$IPTABLES -N acct_ext_$prt > /dev/null"); |
system("$IPTABLES -N acct_ext_$prt > /dev/null"); | |
Line 45... | Line 45... | |
|
| |
print "\naccounting for local targets\n"; |
print "\naccounting for local targets\n"; | |
|
| |
foreach $host (@LOCALDEST) { |
foreach $host (@LOCALDEST) { | |
print " ",$host,"\n"; |
print " ",$host,"\n"; | |
foreach $prt ("tcp","udp","icmp","all") { |
foreach $prt ("tcp","udp") { | |
system("$IPTABLES -A acct_int_$prt -s $host"); |
system("$IPTABLES -A acct_int_$prt -s $host"); | |
system("$IPTABLES -A acct_int_$prt -d $host"); |
system("$IPTABLES -A acct_int_$prt -d $host"); | |
} |
} | |
system("$IPTABLES -A acct_int_other -s $host"); | ||
system("$IPTABLES -A acct_int_other -d $host"); | ||
} |
} | |
#this will kick out all tcp and udp from other accounting chain | ||
system("$IPTABLES -I acct_int_other -p tcp -j RETURN"); | ||
system("$IPTABLES -I acct_int_other -p udp -j RETURN"); | ||
|
| |
# |
# | |
# set up accounting for dedicated networks to local subnet |
# set up accounting for dedicated networks to local subnet | |
# |
# | |
|
| |
print "\naccounting for externel targets\n"; |
print "\naccounting for externel targets\n"; | |
|
| |
foreach $host (@WORLDDEST) { |
foreach $host (@WORLDDEST) { | |
print " ",$host,"\n"; |
print " ",$host,"\n"; | |
foreach $prt ("tcp","udp","icmp","all") { |
foreach $prt ("tcp","udp") { | |
system("$IPTABLES -A acct_ext_$prt -s $host"); |
system("$IPTABLES -A acct_ext_$prt -s $host"); | |
system("$IPTABLES -A acct_ext_$prt -d $host"); |
system("$IPTABLES -A acct_ext_$prt -d $host"); | |
} |
} | |
system("$IPTABLES -A acct_ext_other -s $host"); | ||
system("$IPTABLES -A acct_ext_other -d $host"); | ||
} |
} | |
#this will kick out all tcp and udp from other accounting chain | ||
system("$IPTABLES -I acct_ext_other -p tcp -j RETURN"); | ||
system("$IPTABLES -I acct_ext_other -p udp -j RETURN"); | ||
|
| |
print "\nlinking accounting chains to INPUT/OUTPUT chain\n"; |
print "\nlinking accounting chains to INPUT/OUTPUT chain\n"; | |
foreach $dev (split(/,/,$EXTIF)) { |
foreach $dev (split(/,/,$EXTIF)) { | |
if ($IPTABLES =~ /ipchains/) { |
if ($IPTABLES =~ /ipchains/) { | |
system("$IPTABLES -I input -i $dev -j acct_ext > /dev/null"); |
system("$IPTABLES -I input -i $dev -j acct_ext > /dev/null"); | |
system("$IPTABLES -I output -i $dev -j acct_ext > /dev/null"); |
system("$IPTABLES -I output -i $dev -j acct_ext > /dev/null"); | |
} |
} | |
else { |
else { | |
foreach $prt ("tcp","udp","icmp","all") { |
#this will sent ALL to other chain | |
system("$IPTABLES -I INPUT -i $dev -p all -j acct_ext_other > /dev/null"); | ||
system("$IPTABLES -I OUTPUT -o $dev -p all -j acct_ext_other > /dev/null"); | ||
system("$IPTABLES -I FORWARD -i $dev -p all -j acct_ext_other > /dev/null"); | ||
system("$IPTABLES -I FORWARD -o $dev -p all -j acct_ext_other > /dev/null"); | ||
foreach $prt ("tcp","udp") { | ||
system("$IPTABLES -I INPUT -i $dev -p $prt -j acct_ext_$prt > /dev/null"); |
system("$IPTABLES -I INPUT -i $dev -p $prt -j acct_ext_$prt > /dev/null"); | |
system("$IPTABLES -I OUTPUT -o $dev -p $prt -j acct_ext_$prt > /dev/null"); |
system("$IPTABLES -I OUTPUT -o $dev -p $prt -j acct_ext_$prt > /dev/null"); | |
system("$IPTABLES -I FORWARD -i $dev -p $prt -j acct_ext_$prt > /dev/null"); |
system("$IPTABLES -I FORWARD -i $dev -p $prt -j acct_ext_$prt > /dev/null"); | |
system("$IPTABLES -I FORWARD -o $dev -p $prt -j acct_ext_$prt > /dev/null"); |
system("$IPTABLES -I FORWARD -o $dev -p $prt -j acct_ext_$prt > /dev/null"); | |
} |
} | |
Line 87... | Line 102... | |
if ($IPTABLES =~ /ipchains/) { |
if ($IPTABLES =~ /ipchains/) { | |
system("$IPTABLES -I input -i $dev -j acct_int > /dev/null"); |
system("$IPTABLES -I input -i $dev -j acct_int > /dev/null"); | |
system("$IPTABLES -I output -i $dev -j acct_int > /dev/null"); |
system("$IPTABLES -I output -i $dev -j acct_int > /dev/null"); | |
} |
} | |
else { |
else { | |
foreach $prt ("tcp","udp","icmp","all") { |
#this will sent ALL to other chain | |
system("$IPTABLES -I INPUT -i $dev -p all -j acct_int_other > /dev/null"); | ||
system("$IPTABLES -I OUTPUT -o $dev -p all -j acct_int_other > /dev/null"); | ||
system("$IPTABLES -I FORWARD -i $dev -p all -j acct_int_other > /dev/null"); | ||
system("$IPTABLES -I FORWARD -o $dev -p all -j acct_int_other > /dev/null"); | ||
foreach $prt ("tcp","udp") { | ||
system("$IPTABLES -I INPUT -i $dev -p $prt -j acct_int_$prt > /dev/null"); |
system("$IPTABLES -I INPUT -i $dev -p $prt -j acct_int_$prt > /dev/null"); | |
system("$IPTABLES -I OUTPUT -o $dev -p $prt -j acct_int_$prt > /dev/null"); |
system("$IPTABLES -I OUTPUT -o $dev -p $prt -j acct_int_$prt > /dev/null"); | |
system("$IPTABLES -I FORWARD -i $dev -p $prt -j acct_int_$prt > /dev/null"); |
system("$IPTABLES -I FORWARD -i $dev -p $prt -j acct_int_$prt > /dev/null"); | |
system("$IPTABLES -I FORWARD -o $dev -p $prt -j acct_int_$prt > /dev/null"); |
system("$IPTABLES -I FORWARD -o $dev -p $prt -j acct_int_$prt > /dev/null"); | |
} |
} |