package Shorewall::Accounting; require Exporter; use Shorewall::Common; use Shorewall::Config; use Shorewall::Zones; use Shorewall::Chains; use strict; our @ISA = qw(Exporter); our @EXPORT = qw( setup_accounting ); our @EXPORT_OK = qw( ); our @VERSION = 1.00; # # Accounting # my $jumpchainref; sub process_accounting_rule( $$$$$$$$ ) { my ($action, $chain, $source, $dest, $proto, $ports, $sports, $user ) = @_; sub accounting_error() { warning_message "Invalid Accounting rule \"$line\""; } sub jump_to_chain( $ ) { my $jumpchain = $_[0]; $jumpchainref = ensure_chain( 'filter', $jumpchain ); "-j $jumpchain"; } $chain = 'accounting' unless $chain and $chain ne '-'; my $chainref = ensure_filter_chain $chain , 0; my $target = ''; my $rule = do_proto( $proto, $ports, $sports ) . do_user ( $user ); my $rule2 = 0; unless ( $action eq 'COUNT' ) { if ( $action eq 'DONE' ) { $target = '-j RETURN'; } else { ( $action, my $cmd ) = split /:/, $action; if ( $cmd ) { if ( $cmd eq 'COUNT' ) { $rule2=1; $target = jump_to_chain $action; } elsif ( $cmd ne 'JUMP' ) { accounting_error; } } else { $target = jump_to_chain $action; } } } expand_rule $chainref , $rule , $source , $dest , '' , $target , '' , '' , '' ; if ( $rule2 ) { expand_rule $jumpchainref , $rule , $source , $dest , '' , '' , '' , '' , '' ; } } sub setup_accounting() { open ACC, "$ENV{TMP_DIR}/accounting" or fatal_error "Unable to open stripped accounting file: $!"; while ( $line = ) { chomp $line; $line =~ s/\s+/ /g; my ( $action, $chain, $source, $dest, $proto, $ports, $sports, $user, $extra ) = split /\s+/, $line; accounting_error if $extra; process_accounting_rule $action, $chain, $source, $dest, $proto, $ports, $sports, $user; } close ACC; if ( $filter_table->{accounting} ) { for my $chain qw/INPUT FORWARD OUTPUT/ { insert_rule $filter_table->{$chain}, 1, '-j accounting'; } } } 1;