Firewall-Policy-Designer
16 results

 view release on metacpan or  search on metacpan

lib/Firewall/Policy/Designer/Asa.pm  view on Meta::CPAN 

package Firewall::Policy::Designer::Asa;

#------------------------------------------------------------------------------
# 加载系统模块,辅助构造函数功能和属性
#------------------------------------------------------------------------------
use Moose;
use namespace::autoclean;

#------------------------------------------------------------------------------
# 加载项目模块
#------------------------------------------------------------------------------
use Firewall::Utils::Ip;
use Firewall::Utils::Set;
use Firewall::Policy::Searcher::Report::FwInfo;

has dbi => ( is => 'ro', does => 'Firewall::DBI::Role', required => 1, );

has searcherReportFwInfo => ( is => 'ro', isa => 'Firewall::Policy::Searcher::Report::FwInfo', required => 1, );

has commandText => ( is => 'ro', isa => 'ArrayRef[Str]', default => sub { [] }, );

sub addToCommandText {
  my ( $self, @commands ) = @_;
  push @{$self->commandText}, @commands;
}

sub design {
  my $self = shift;
  if ( $self->searcherReportFwInfo->type eq 'new' ) {
    $self->createRule;
  }
  elsif ( $self->searcherReportFwInfo->type eq 'modify' ) {
    $self->createRule;
  }
  elsif ( $self->searcherReportFwInfo->type eq 'ignore' ) {
    if ( defined $self->searcherReportFwInfo->action ) {
      my $natSrc = $self->searcherReportFwInfo->action->{'new'}{'natSrc'};
      my $natDst = $self->searcherReportFwInfo->action->{'new'}{'natDst'};
      if ( defined $natSrc ) {
        for ( values %{$natSrc} ) {
          my %natInfo;
          $natInfo{'natSrc'} = $_;
          $self->checkAndCreateNat( \%natInfo );
        }
      }
      if ( defined $natDst ) {
        for ( values %{$natDst} ) {
          my %natInfo;
          $natInfo{'natDst'} = $_;
          $self->checkAndCreateNat( \%natInfo );
        }
      }
    } ## end if ( defined $self->searcherReportFwInfo...)
  }
  else {
    confess "ERROR: searcherReportFwInfo->type(" . $self->searcherReportFwInfo->type . ") Wrong!";
  }
  return join( '', map {"$_\n"} @{$self->commandText} );
} ## end sub design

sub createRule {
  my $self = shift;

=example

  access-list inbond extended permit tcp 10.50.0.0 255.255.0.0 host 10.11.100.252 eq 1234 log
  access-list inbond extended permit ip host 10.35.174.100 host 10.11.100.37 log
  access-list inbond extended permit tcp host 10.33.21.85 host 10.11.100.154 eq 1433
  access-list inbond extended permit tcp object-group G_Pub_Terminal_Svr host 10.11.100.52 eq 3389 log
  access-list inbond extndd permt tcp host 10.15.103.67 host 10.11.100.61 object-group P_152

=cut

  my $natSrc = $self->searcherReportFwInfo->action->{new}{natSrc};
  my $natDst = $self->searcherReportFwInfo->action->{new}{natDst};

  if ( defined $natSrc or defined $natDst ) {
    if ( defined $natSrc ) {
      for ( values %{$natSrc} ) {
        my %natInfo;



( run in 2.041 seconds using v1.01-cache-2.11-cpan-39bf76dae61 )