Fwctl
1 match

 view release on metacpan or  search on metacpan

Fwctl.pm  view on Meta::CPAN 

  }

  # Read in the additional aliases
  my $file = $self->{aliases_file};
  open ( ALIASES, $file )
    or die "fwctl: can't open file $file: $!\n";
  while (<ALIASES>) {
    next if /^\s*#/;    # Skip comments 
    next if /^\s*$/;	# Skip blank lines
    chomp;

    my ( $alias, $exp ) = /^\s*(\w+)\s*[=:]+\s*([^#]+)/;
    die "fwctl: invalid alias at line $. of file $file\n"
      unless $alias and $exp;
    $self->alias( $alias, $exp);
  }
  close ALIASES;
}

# Read in the firewall rules
sub read_rules {
  my $self = shift;
  my $file = $self->{rules_file};
  my $error = 0;
  open ( RULES, $file ) or die "fwctl: can't open file $file: $!\n";
 RULE:
  while (<RULES>) {
    next if /^\s*#/;    # Skip comments
    next if /^\s*$/;	# Skip blank lines
    chomp;

    # When loop is sucessful it is decrement. Must be 0 when the loop quit.
    $error++;
    my ($action,$service,@opts) = split;

    # Validate rule
    unless ( $action and $service ) {
      warn __PACKAGE__, ": incomplete rule at line $. of file $file\n";
      next RULE;
    }

    $action = uc $action;
    unless ( $ACTIONS{ $action } ) {
      warn __PACKAGE__, ": unknown action $action at line $. of file $file\n";
      next RULE;
    }

    unless ( $self->service( $service ) ) {
      warn __PACKAGE__, ": unknown service $service at line $. of file $file\n";
      next RULE;
    }

    # Parse options
    my %options	      = ( masq	    => 0,
			  mark	    => 0,
			  copy	    => 0,
			  account   => 0,
			);
    $options{log}     = $action =~ /REJECT|DENY/ ? 1 : 0;
    {
      local @ARGV = @opts;
      local $SIG{__WARN__} = 'IGNORE';

      GetOptions( \%options, @STANDARD_OPTIONS,
		  $self->service($service)->valid_options )
	or do {
	  warn __PACKAGE__, ": error while parsing options in service $service\n";
	  next RULE;
	};

      if (@ARGV ) {
	warn __PACKAGE__, ": unknown options", join( ",", @ARGV ), "\n";
	next RULE;
      }
      if ( $options{portfw} && ! $PORTFW ) {
	  warn __PACKAGE__, ": can't use portfw because IPChains::PortFW ",
	    "isn't available at line $.\n";
	  next RULE;
      }
      if ( ($options{masq} || exists $options{portfw} ) && 
	   $action =~ /reject|deny/i ) 
      {
	warn __PACKAGE__, ": useless use of masq/portfw option at line $.\n";
	next RULE;
      }
      if ($options{masq} && exists $options{portfw} ) {
	warn __PACKAGE__, ": conflicting use of masq and portfw at line $.\n";
	next RULE;
      }
      if ($options{account} && $action eq "ACCOUNT" ) {
	warn __PACKAGE__, ": can't use account option with ACCOUNT action at line $.\n";
	next RULE;
      }
    };

    # Parse portfw
    my ($portfw,$portfw_if) = ( $options{portfw} );
    if ( $portfw ) {
	eval {
	    ($portfw, $portfw_if ) = @{($self->expand( $portfw ))[0]};
	    $options{portfw} = $portfw;
	};
	if ( $@ ) {
	    warn __PACKAGE__, ": invalid aliase expansion in portfw at line $.: $@\n";
	    next RULE;
	}

	if ( $portfw_if->{name} eq 'ANY' ) {
	    warn __PACKAGE__, ": can't use ANY interface for portfw at line $.\n";
	    next RULE;
	}
	if ( $portfw_if->{ip} ne $portfw ) {
	    warn __PACKAGE__, ": not a local interface in portfw at line $.\n";
	    next RULE;
	}
    }

    # Parse src
    my @src = ();
    if ( $options{src} ) {
	eval {



( run in 1.537 second using v1.01-cache-2.11-cpan-5735350b133 )