gestion multi-regles
This commit is contained in:
parent
4024f2c653
commit
06d5b3c094
|
@ -12,20 +12,16 @@ my $Config = Config::Tiny->read( '/etc/evoauth/evoauth.conf' );
|
||||||
my $activation = $Config->{control}->{enable};
|
my $activation = $Config->{control}->{enable};
|
||||||
my $timetorem = $Config->{control}->{timetorem};
|
my $timetorem = $Config->{control}->{timetorem};
|
||||||
|
|
||||||
# Connexion à la base de données
|
# Paramètres Base de données
|
||||||
my $db = $Config->{bdd}->{db};
|
my $db = $Config->{bdd}->{db};
|
||||||
my $username = $Config->{bdd}->{username};
|
my $username = $Config->{bdd}->{username};
|
||||||
my $userpass = $Config->{bdd}->{userpass};
|
my $userpass = $Config->{bdd}->{userpass};
|
||||||
|
|
||||||
# Les règles du fichier de configuration sont stockées dans un tableau
|
# Règles firewall
|
||||||
# associatif
|
open(RULES, "/etc/evoauth/evoauth.rules") ||
|
||||||
our %conf;
|
&ecriture("L'ouverture du fichier de règles a échoué.");
|
||||||
my $cpt = 1;
|
our @rules = <RULES>;
|
||||||
|
close(RULES);
|
||||||
while ($cpt <= 4) {
|
|
||||||
$conf{"rule".$cpt} = $Config->{rules}->{"rule".$cpt};
|
|
||||||
$cpt++;
|
|
||||||
}
|
|
||||||
|
|
||||||
sub Alter() {
|
sub Alter() {
|
||||||
my $action = shift;
|
my $action = shift;
|
||||||
|
@ -156,12 +152,20 @@ sub check_timestamp() {
|
||||||
|
|
||||||
sub Control() {
|
sub Control() {
|
||||||
my $action = shift;
|
my $action = shift;
|
||||||
my ( @tmp1, @tmp2, $key, $value );
|
|
||||||
|
|
||||||
# initialisation d'Evoauth
|
# initialisation d'Evoauth
|
||||||
if ($action == 1) {
|
if ($action == 1) {
|
||||||
while ( ($key, $value) = each(%conf) ) {
|
foreach my $rule1 (@rules) {
|
||||||
@tmp1 = split (/\t/, $value);
|
next if m/^\#/;
|
||||||
|
chomp $rule1;
|
||||||
|
|
||||||
|
# on supprimer les commentaires
|
||||||
|
$rule1 =~ s/(*)(\#*)/$1/;
|
||||||
|
print "aa".$rule."aa\n";
|
||||||
|
|
||||||
|
# on split la liste des paramètres
|
||||||
|
my @tmp1 = split (/\t/, $value);
|
||||||
|
|
||||||
system("/sbin/iptables -t nat -A PREROUTING -p $tmp1[2] -i ppp0 --dport $tmp1[1] -j DNAT --to $tmp1[0]:$tmp1[1] 2>/dev/null");
|
system("/sbin/iptables -t nat -A PREROUTING -p $tmp1[2] -i ppp0 --dport $tmp1[1] -j DNAT --to $tmp1[0]:$tmp1[1] 2>/dev/null");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -172,9 +176,17 @@ sub Control() {
|
||||||
|
|
||||||
&Evoauth::Functions::Log("2 - Tables crées");
|
&Evoauth::Functions::Log("2 - Tables crées");
|
||||||
|
|
||||||
# chargement des règles du fichier de configuration
|
# chargement des règles
|
||||||
while ( ($key, $value) = each(%conf) ) {
|
foreach my $rule2 (@rules) {
|
||||||
@tmp2 = split (/\t/, $value);
|
next if m/^\#/;
|
||||||
|
chomp $rule2;
|
||||||
|
|
||||||
|
# on supprimer les commentaires
|
||||||
|
$rule2 =~ s/(*)(\#*)/$1/;
|
||||||
|
|
||||||
|
# on split la liste des paramètres
|
||||||
|
my @tmp2 = split (/\t/, $value);
|
||||||
|
|
||||||
system("/sbin/iptables -A FORWARD -p $tmp2[2] -i ppp0 -o eth0 --dport $tmp2[1] -j EVOAUTH 2>/dev/null");
|
system("/sbin/iptables -A FORWARD -p $tmp2[2] -i ppp0 -o eth0 --dport $tmp2[1] -j EVOAUTH 2>/dev/null");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -188,8 +200,16 @@ sub Control() {
|
||||||
system("/sbin/iptables -F EVOAUTH 2>/dev/null");
|
system("/sbin/iptables -F EVOAUTH 2>/dev/null");
|
||||||
&Evoauth::Functions::Log("1 - Flush de la table EVOAUTH");
|
&Evoauth::Functions::Log("1 - Flush de la table EVOAUTH");
|
||||||
|
|
||||||
while ( ($key, $value) = each(%conf) ) {
|
foreach my $rule3 (@rules) {
|
||||||
|
next if m/^\#/;
|
||||||
|
chomp $rule3;
|
||||||
|
|
||||||
|
# on supprimer les commentaires
|
||||||
|
$rule2 =~ s/(*)(\#*)/$1/;
|
||||||
|
|
||||||
|
# on split la liste des paramètres
|
||||||
my @tmp3 = split (/\t/, $value);
|
my @tmp3 = split (/\t/, $value);
|
||||||
|
|
||||||
system("/sbin/iptables -D FORWARD -p $tmp3[2] -i ppp0 -o eth0 --dport $tmp3[1] -j EVOAUTH 2>/dev/null");
|
system("/sbin/iptables -D FORWARD -p $tmp3[2] -i ppp0 -o eth0 --dport $tmp3[1] -j EVOAUTH 2>/dev/null");
|
||||||
system("/sbin/iptables -t nat -D PREROUTING -p $tmp3[2] -i ppp0 --dport $tmp3[1] -j DNAT --to $tmp3[0]:$tmp3[1] 2>/dev/null");
|
system("/sbin/iptables -t nat -D PREROUTING -p $tmp3[2] -i ppp0 --dport $tmp3[1] -j DNAT --to $tmp3[0]:$tmp3[1] 2>/dev/null");
|
||||||
}
|
}
|
||||||
|
|
Reference in a new issue