gestion multi-regles
This commit is contained in:
Alexandre Anriot
parent
4024f2c653
commit
06d5b3c094
1 changed files with 37 additions and 17 deletions
|
|
@ -12,20 +12,16 @@ my $Config = Config::Tiny->read( '/etc/evoauth/evoauth.conf' );
|
|||
my $activation = $Config->{control}->{enable};
|
||||
my $timetorem = $Config->{control}->{timetorem};
|
||||
|
||||
# Connexion à la base de données
|
||||
# Paramètres Base de données
|
||||
my $db = $Config->{bdd}->{db};
|
||||
my $username = $Config->{bdd}->{username};
|
||||
my $userpass = $Config->{bdd}->{userpass};
|
||||
|
||||
# Les règles du fichier de configuration sont stockées dans un tableau
|
||||
# associatif
|
||||
our %conf;
|
||||
my $cpt = 1;
|
||||
|
||||
while ($cpt <= 4) {
|
||||
$conf{"rule".$cpt} = $Config->{rules}->{"rule".$cpt};
|
||||
$cpt++;
|
||||
}
|
||||
# Règles firewall
|
||||
open(RULES, "/etc/evoauth/evoauth.rules") ||
|
||||
&ecriture("L'ouverture du fichier de règles a échoué.");
|
||||
our @rules = <RULES>;
|
||||
close(RULES);
|
||||
|
||||
sub Alter() {
|
||||
my $action = shift;
|
||||
|
|
@ -156,12 +152,20 @@ sub check_timestamp() {
|
|||
|
||||
sub Control() {
|
||||
my $action = shift;
|
||||
my ( @tmp1, @tmp2, $key, $value );
|
||||
|
||||
# initialisation d'Evoauth
|
||||
if ($action == 1) {
|
||||
while ( ($key, $value) = each(%conf) ) {
|
||||
@tmp1 = split (/\t/, $value);
|
||||
foreach my $rule1 (@rules) {
|
||||
next if m/^\#/;
|
||||
chomp $rule1;
|
||||
|
||||
# on supprimer les commentaires
|
||||
$rule1 =~ s/(*)(\#*)/$1/;
|
||||
print "aa".$rule."aa\n";
|
||||
|
||||
# on split la liste des paramètres
|
||||
my @tmp1 = split (/\t/, $value);
|
||||
|
||||
system("/sbin/iptables -t nat -A PREROUTING -p $tmp1[2] -i ppp0 --dport $tmp1[1] -j DNAT --to $tmp1[0]:$tmp1[1] 2>/dev/null");
|
||||
}
|
||||
|
||||
|
|
@ -172,9 +176,17 @@ sub Control() {
|
|||
|
||||
&Evoauth::Functions::Log("2 - Tables crées");
|
||||
|
||||
# chargement des règles du fichier de configuration
|
||||
while ( ($key, $value) = each(%conf) ) {
|
||||
@tmp2 = split (/\t/, $value);
|
||||
# chargement des règles
|
||||
foreach my $rule2 (@rules) {
|
||||
next if m/^\#/;
|
||||
chomp $rule2;
|
||||
|
||||
# on supprimer les commentaires
|
||||
$rule2 =~ s/(*)(\#*)/$1/;
|
||||
|
||||
# on split la liste des paramètres
|
||||
my @tmp2 = split (/\t/, $value);
|
||||
|
||||
system("/sbin/iptables -A FORWARD -p $tmp2[2] -i ppp0 -o eth0 --dport $tmp2[1] -j EVOAUTH 2>/dev/null");
|
||||
}
|
||||
|
||||
|
|
@ -188,8 +200,16 @@ sub Control() {
|
|||
system("/sbin/iptables -F EVOAUTH 2>/dev/null");
|
||||
&Evoauth::Functions::Log("1 - Flush de la table EVOAUTH");
|
||||
|
||||
while ( ($key, $value) = each(%conf) ) {
|
||||
foreach my $rule3 (@rules) {
|
||||
next if m/^\#/;
|
||||
chomp $rule3;
|
||||
|
||||
# on supprimer les commentaires
|
||||
$rule2 =~ s/(*)(\#*)/$1/;
|
||||
|
||||
# on split la liste des paramètres
|
||||
my @tmp3 = split (/\t/, $value);
|
||||
|
||||
system("/sbin/iptables -D FORWARD -p $tmp3[2] -i ppp0 -o eth0 --dport $tmp3[1] -j EVOAUTH 2>/dev/null");
|
||||
system("/sbin/iptables -t nat -D PREROUTING -p $tmp3[2] -i ppp0 --dport $tmp3[1] -j DNAT --to $tmp3[0]:$tmp3[1] 2>/dev/null");
|
||||
}
|
||||
|
|
|
|||
Reference in a new issue