webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-28 11:43:25 +02:00
Code Issues Packages Projects Releases Wiki Activity

Forward Firewall: added check for mac rules

Browse Source
This commit is contained in:
Alexander Marx
2013-01-10 09:58:38 +01:00
committed by Michael Tremer
parent b526909163
commit 54cb7ff019
1 changed files with 3 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
config/forwardfw/rules.pl
View File

@@ -66,7 +66,7 @@ my $CHAIN="FORWARDFW";
################################ ################################
# DEBUG/TEST # # DEBUG/TEST #
################################ ################################
my $MODE=0; # 0 - normal operation my $MODE=1; # 0 - normal operation
# 1 - print configline and rules to console # 1 - print configline and rules to console
# #
################################ ################################
@@ -97,7 +97,6 @@ if($param eq 'flush'){
} }
} }
} }
sub flush sub flush
{ {
system ("iptables -F FORWARDFW"); system ("iptables -F FORWARDFW");
@@ -197,7 +196,7 @@ sub buildrules
foreach my $b (sort keys %targethash){ foreach my $b (sort keys %targethash){
if ($sourcehash{$a}[0] ne $targethash{$b}[0] && $targethash{$b}[0] ne 'none'){ if ($sourcehash{$a}[0] ne $targethash{$b}[0] && $targethash{$b}[0] ne 'none'){
if($SPROT eq '' || $SPROT eq $DPROT || $DPROT eq ' '){ if($SPROT eq '' || $SPROT eq $DPROT || $DPROT eq ' '){
if(substr($sourcehash{$a}[0], 4, 6) eq 'mac'){ $STAG="-s";} if(substr($sourcehash{$a}[0], 3, 3) ne 'mac'){ $STAG="-s";}
if ($$hash{$key}[17] eq 'ON'){ if ($$hash{$key}[17] eq 'ON'){
print "iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j LOG\n"; print "iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j LOG\n";
} }
@@ -217,7 +216,7 @@ sub buildrules
foreach my $b (sort keys %targethash){ foreach my $b (sort keys %targethash){
if ($sourcehash{$a}[0] ne $targethash{$b}[0] && $targethash{$b}[0] ne 'none'){ if ($sourcehash{$a}[0] ne $targethash{$b}[0] && $targethash{$b}[0] ne 'none'){
if($SPROT eq '' || $SPROT eq $DPROT || $DPROT eq ' '){ if($SPROT eq '' || $SPROT eq $DPROT || $DPROT eq ' '){
if(substr($sourcehash{$a}[0], 4, 6) eq 'mac'){ $STAG="-s";} if(substr($sourcehash{$a}[0], 3, 3) ne 'mac'){ $STAG="-s";}
if ($$hash{$key}[17] eq 'ON'){ if ($$hash{$key}[17] eq 'ON'){
system ("iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j LOG"); system ("iptables -A $$hash{$key}[1] $PROT $STAG $sourcehash{$a}[0] $SPORT -d $targethash{$b}[0] $DPORT $TIME -j LOG");
} }