forked from extern/shorewall_code
Add Accounting Module
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5540 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep
parent
7aa1629639
commit
e170fd8dc4
@ -15,6 +15,7 @@ use Shorewall::Providers;
|
|||||||
use Shorewall::Policy;
|
use Shorewall::Policy;
|
||||||
use Shorewall::Macros;
|
use Shorewall::Macros;
|
||||||
use Shorewall::Actions;
|
use Shorewall::Actions;
|
||||||
|
use Shorewall::Accounting;
|
||||||
|
|
||||||
#
|
#
|
||||||
# Set to one if we find a SECTION
|
# Set to one if we find a SECTION
|
||||||
@ -928,100 +929,6 @@ sub process_rules() {
|
|||||||
$section = 'DONE';
|
$section = 'DONE';
|
||||||
}
|
}
|
||||||
|
|
||||||
#
|
|
||||||
# Accounting
|
|
||||||
#
|
|
||||||
my $jumpchainref;
|
|
||||||
|
|
||||||
sub process_accounting_rule( $$$$$$$$ ) {
|
|
||||||
my ($action, $chain, $source, $dest, $proto, $ports, $sports, $user ) = @_;
|
|
||||||
|
|
||||||
sub accounting_error() {
|
|
||||||
warning_message "Invalid Accounting rule \"$line\"";
|
|
||||||
}
|
|
||||||
|
|
||||||
sub jump_to_chain( $ ) {
|
|
||||||
my $jumpchain = $_[0];
|
|
||||||
$jumpchainref = ensure_chain( 'filter', $jumpchain );
|
|
||||||
"-j $jumpchain";
|
|
||||||
}
|
|
||||||
|
|
||||||
$chain = 'accounting' unless $chain and $chain ne '-';
|
|
||||||
|
|
||||||
my $chainref = ensure_filter_chain $chain , 0;
|
|
||||||
|
|
||||||
my $target = '';
|
|
||||||
|
|
||||||
my $rule = do_proto( $proto, $ports, $sports ) . do_user ( $user );
|
|
||||||
my $rule2 = 0;
|
|
||||||
|
|
||||||
unless ( $action eq 'COUNT' ) {
|
|
||||||
if ( $action eq 'DONE' ) {
|
|
||||||
$target = '-j RETURN';
|
|
||||||
} else {
|
|
||||||
( $action, my $cmd ) = split /:/, $action;
|
|
||||||
if ( $cmd ) {
|
|
||||||
if ( $cmd eq 'COUNT' ) {
|
|
||||||
$rule2=1;
|
|
||||||
$target = jump_to_chain $action;
|
|
||||||
} elsif ( $cmd ne 'JUMP' ) {
|
|
||||||
accounting_error;
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
$target = jump_to_chain $action;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
expand_rule
|
|
||||||
$chainref ,
|
|
||||||
$rule ,
|
|
||||||
$source ,
|
|
||||||
$dest ,
|
|
||||||
'' ,
|
|
||||||
$target ,
|
|
||||||
'' ,
|
|
||||||
'' ,
|
|
||||||
'' ;
|
|
||||||
|
|
||||||
if ( $rule2 ) {
|
|
||||||
expand_rule
|
|
||||||
$jumpchainref ,
|
|
||||||
$rule ,
|
|
||||||
$source ,
|
|
||||||
$dest ,
|
|
||||||
'' ,
|
|
||||||
'' ,
|
|
||||||
'' ,
|
|
||||||
'' ,
|
|
||||||
'' ;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
sub setup_accounting() {
|
|
||||||
|
|
||||||
open ACC, "$ENV{TMP_DIR}/accounting" or fatal_error "Unable to open stripped accounting file: $!";
|
|
||||||
|
|
||||||
while ( $line = <ACC> ) {
|
|
||||||
|
|
||||||
chomp $line;
|
|
||||||
$line =~ s/\s+/ /g;
|
|
||||||
|
|
||||||
my ( $action, $chain, $source, $dest, $proto, $ports, $sports, $user, $extra ) = split /\s+/, $line;
|
|
||||||
|
|
||||||
accounting_error if $extra;
|
|
||||||
process_accounting_rule $action, $chain, $source, $dest, $proto, $ports, $sports, $user;
|
|
||||||
}
|
|
||||||
|
|
||||||
close ACC;
|
|
||||||
|
|
||||||
if ( $filter_table->{accounting} ) {
|
|
||||||
for my $chain qw/INPUT FORWARD OUTPUT/ {
|
|
||||||
insert_rule $filter_table->{$chain}, 1, '-j accounting';
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
#
|
#
|
||||||
# To quote an old comment, generate_matrix makes a sows ear out of a silk purse.
|
# To quote an old comment, generate_matrix makes a sows ear out of a silk purse.
|
||||||
#
|
#
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user