|
hotsanic |
Subversion Repositories: |
Compare with Previous - Blame - Download
#!/usr/bin/env perluse warnings;use diagnostics;use lib "../../lib";use HotSaNICparser;# read global settings#$MODNAME=HotSaNICparser::get_module_name();# read module-specific settings#foreach (HotSaNICparser::read_settings(".")) {($var,$value)=HotSaNICparser::parse_line($_);if ($var eq "INTIF") { $INTIF=$value; }if ($var eq "IPTABLES") { $IPTABLES=$value; }if ($var eq "EXTIF") { $EXTIF=$value; }if ($var eq "DEVEXT") {($dev,$maxin,$maxout,$descr)=split(/,/,$value);push @WORLDDEST,$dev;}if ($var eq "DEVINT") {($dev,$maxin,$maxout,$descr)=split(/,/,$value);push @LOCALDEST,$dev;}}if ( ! defined $IPTABLES) { die time," ",$MODNAME,": IPTABLES not configured in module settings...\n"; }print "clearing old accounting chains\n";foreach $dev (split(/,/,$EXTIF)) {if ($IPTABLES =~ /ipchains/) {system("$IPTABLES -D input -i $dev -j acct_ext > /dev/null");system("$IPTABLES -D output -i $dev -j acct_ext > /dev/null");}else {system("$IPTABLES -D INPUT -i $dev -j acct_ext > /dev/null");system("$IPTABLES -D OUTPUT -o $dev -j acct_ext > /dev/null");system("$IPTABLES -D FORWARD -i $dev -j acct_ext > /dev/null");system("$IPTABLES -D FORWARD -o $dev -j acct_ext > /dev/null");}}system("$IPTABLES -F acct_ext > /dev/null");system("$IPTABLES -X acct_ext > /dev/null");foreach $dev (split(/,/,$INTIF)) {if ($IPTABLES =~ /ipchains/) {system("$IPTABLES -D input -i $dev -j acct_int > /dev/null");system("$IPTABLES -D output -i $dev -j acct_int > /dev/null");}else {system("$IPTABLES -D INPUT -i $dev -j acct_int > /dev/null");system("$IPTABLES -D OUTPUT -o $dev -j acct_int > /dev/null");system("$IPTABLES -D FORWARD -i $dev -j acct_int > /dev/null");system("$IPTABLES -D FORWARD -o $dev -j acct_int > /dev/null");}}system("$IPTABLES -F acct_int > /dev/null ");system("$IPTABLES -X acct_int > /dev/null");print "\nsetting up accounting chains\n";system("$IPTABLES -N acct_ext > /dev/null");system("$IPTABLES -N acct_int > /dev/null");## set up Accounting for unique IPs in subnet...#print "\naccounting for local targets\n";foreach $host (@LOCALDEST) {print " ",$host,"\n";foreach $prt ("tcp","udp","icmp","all") {system("$IPTABLES -A acct_int -s $host -p $prt");system("$IPTABLES -A acct_int -d $host -p $prt");}}## set up accounting for dedicated networks to loacl subnet#print "\naccounting for externel targets\n";foreach $host (@WORLDDEST) {print " ",$host,"\n";foreach $prt ("tcp","udp","icmp","all") {system("$IPTABLES -A acct_ext -s $host -p $prt");system("$IPTABLES -A acct_ext -d $host -p $prt");}}print "\nlinking accounting chains to INPUT/OUTPUT chain\n";foreach $dev (split(/,/,$EXTIF)) {if ($IPTABLES =~ /ipchains/) {system("$IPTABLES -I input -i $dev -j acct_ext > /dev/null");system("$IPTABLES -I output -i $dev -j acct_ext > /dev/null");}else {system("$IPTABLES -I INPUT -i $dev -j acct_ext > /dev/null");system("$IPTABLES -I OUTPUT -o $dev -j acct_ext > /dev/null");system("$IPTABLES -I FORWARD -i $dev -j acct_ext > /dev/null");system("$IPTABLES -I FORWARD -o $dev -j acct_ext > /dev/null");}}foreach $dev (split(/,/,$INTIF)) {if ($IPTABLES =~ /ipchains/) {system("$IPTABLES -I input -i $dev -j acct_int > /dev/null");system("$IPTABLES -I output -i $dev -j acct_int > /dev/null");}else {system("$IPTABLES -I INPUT -i $dev -j acct_int > /dev/null");system("$IPTABLES -I OUTPUT -o $dev -j acct_int > /dev/null");system("$IPTABLES -I FORWARD -i $dev -j acct_int > /dev/null");system("$IPTABLES -I FORWARD -o $dev -j acct_int > /dev/null");}}print "\n\nAll done! - accounting should be running now!\n";