version 1.21, 2004/12/02 20:49:50
|
version 1.22, 2004/12/02 21:16:56
|
Line 45 $ENV{'BASH_ENV'}="";
|
Line 45 $ENV{'BASH_ENV'}="";
|
# Firewall code is based on the code in FC2 /etc/init.d/ntpd |
# Firewall code is based on the code in FC2 /etc/init.d/ntpd |
my $fw_chain = 'RH-Firewall-1-INPUT'; |
my $fw_chain = 'RH-Firewall-1-INPUT'; |
my $iptables = '/sbin/iptables'; |
my $iptables = '/sbin/iptables'; |
my $port = 5663; |
my $lond_port = 5663; |
|
my $lonhttpd_port = 8080; |
|
|
sub firewall_open_port { |
sub firewall_open_port { |
return if (! &firewall_is_active); |
return if (! &firewall_is_active); |
print "Opening firewall access on port $port\n"; |
|
if (! `$iptables -L -n 2>/dev/null | grep $fw_chain | wc -l`) { return; } |
if (! `$iptables -L -n 2>/dev/null | grep $fw_chain | wc -l`) { return; } |
# iptables is running with our chain |
# iptables is running with our chain |
# |
# |
# We could restrict the servers allowed to attempt to communicate |
# We could restrict the servers allowed to attempt to communicate |
# here, but the logistics of updating the /home/httpd/lonTabs/host.tab |
# here, but the logistics of updating the /home/httpd/lonTabs/host.tab |
# file are likely to be a problem |
# file are likely to be a problem |
my $firewall_command = |
foreach my $port ($lond_port,$lonhttpd_port) { |
"$iptables -I $fw_chain -p tcp -d 0/0 --dport $port -j ACCEPT"; |
print "Opening firewall access on port $port.\n"; |
system($firewall_command); |
|
my $return_status = $?>>8; |
my $firewall_command = |
if ($return_status == 1) { |
"$iptables -I $fw_chain -p tcp -d 0/0 --dport $port -j ACCEPT"; |
# Error |
system($firewall_command); |
print "Error opening port.\n"; |
my $return_status = $?>>8; |
} elsif ($return_status == 2) { |
if ($return_status == 1) { |
# Bad command |
# Error |
print "Bad command error opening port. Command was\n". |
print "Error opening port.\n"; |
" ".$firewall_command."\n"; |
} elsif ($return_status == 2) { |
|
# Bad command |
|
print "Bad command error opening port. Command was\n". |
|
" ".$firewall_command."\n"; |
|
} |
} |
} |
|
|
} |
} |
|
|
sub firewall_is_port_open { |
sub firewall_is_port_open { |
Line 92 sub firewall_is_active {
|
Line 97 sub firewall_is_active {
|
|
|
sub firewall_close_port { |
sub firewall_close_port { |
return if (! &firewall_is_active); |
return if (! &firewall_is_active); |
print "Closing firewall access on port $port\n"; |
foreach my $port ($lond_port,$lonhttpd_port) { |
my $firewall_command = |
print "Closing firewall access on port $port.\n"; |
"$iptables -D $fw_chain -p tcp -d 0/0 --dport $port -j ACCEPT"; |
my $firewall_command = |
system($firewall_command); |
"$iptables -D $fw_chain -p tcp -d 0/0 --dport $port -j ACCEPT"; |
my $return_status = $?>>8; |
system($firewall_command); |
if ($return_status == 1) { |
my $return_status = $?>>8; |
# Error |
if ($return_status == 1) { |
print "Error closing port.\n"; |
# Error |
} elsif ($return_status == 2) { |
print "Error closing port.\n"; |
# Bad command |
} elsif ($return_status == 2) { |
print "Bad command error closing port. Command was\n". |
# Bad command |
" ".$firewall_command."\n"; |
print "Bad command error closing port. Command was\n". |
|
" ".$firewall_command."\n"; |
|
} |
} |
} |
} |
} |
|
|