loncom/configuration/Firewall.pm - diff

Return to Firewall.pm CVS log

Up to [LON-CAPA] / loncom / configuration

Diff for /loncom/configuration/Firewall.pm between versions 1.11 and 1.14

version 1.11, 2011/05/15 00:49:41	version 1.14, 2014/03/17 14:47:46
Line 35 package LONCAPA::Firewall;	Line 35 package LONCAPA::Firewall;
use strict;	use strict;
use lib '/home/httpd/perl/lib';	use lib '/home/httpd/perl/lib';
use LONCAPA::Configuration;	use LONCAPA::Configuration;
	use LONCAPA;

sub firewall_open_port {	sub firewall_open_port {
my ($iptables,$fw_chains,$lond_port,$iphost,$ports) = @_;	my ($iptables,$fw_chains,$lond_port,$iphost,$ports) = @_;
Line 50 sub firewall_open_port {	Line 51 sub firewall_open_port {
}	}
}	}
if (!@okchains) {	if (!@okchains) {
return 'None of the chain names has the expected format'."\n";	return 'None of the chain names has the expected format.'."\n";
}	}
if (ref($ports) ne 'ARRAY') {	if (ref($ports) ne 'ARRAY') {
return 'List of ports to open needed.';	return 'List of ports to open needed.';
Line 60 sub firewall_open_port {	Line 61 sub firewall_open_port {
if ($portnum =~ /^(\d+)$/) {	if ($portnum =~ /^(\d+)$/) {
$port = $1;	$port = $1;
} else {	} else {
print "Skipped non-numeric port: $portnum\n";	print "Skipped non-numeric port: $portnum.\n";
next;	next;
}	}
print "Opening firewall access on port $port.\n";	print "Opening firewall access on port $port.\n";
Line 83 sub firewall_open_port {	Line 84 sub firewall_open_port {
if (($1<=255) && ($2<=255) && ($3<=255) && ($4<=255)) {	if (($1<=255) && ($2<=255) && ($3<=255) && ($4<=255)) {
$ip = "$1.$2.$3.$4";	$ip = "$1.$2.$3.$4";
} else {	} else {
	print "IP address: $key does not have expected format.\n";
next;	next;
}	}
} else {	} else {
	print "IP address: $key does not have expected format.\n";
next;	next;
}	}
if ($curropen{$ip}) {	if ($curropen{$ip}) {
Line 109 sub firewall_open_port {	Line 112 sub firewall_open_port {
}	}
}	}
}	}
	} else {
	print "no key found in $iphost hash ref\n";
}	}
	} else {
	print "$iphost is not a reference to a hash\n";
}	}
if (@lond_port_curropen) {	if (@lond_port_curropen) {
unless (grep(/^\Q$port\E$/,@opened)) {	unless (grep(/^\Q$port\E$/,@opened)) {
push(@opened,$port);	push(@opened,$port);
}	}
print "Port already open for ".scalar(@lond_port_curropen)." IP addresses\n";	print "Port already open for ".scalar(@lond_port_curropen)." IP addresses.\n";
}	}
if (@lond_port_open) {	if (@lond_port_open) {
unless (grep(/^\Q$port\E$/,@opened)) {	unless (grep(/^\Q$port\E$/,@opened)) {
push(@opened,$port);	push(@opened,$port);
}	}
print "Port opened for ".scalar(@lond_port_open)." IP addresses\n";	print "Port opened for ".scalar(@lond_port_open)." IP addresses.\n";
}	}
if (@port_error) {	if (@port_error) {
print "Error opening port for following IP addresses: ".join(', ',@port_error)."\n";	print "Error opening port for following IP addresses: ".join(', ',@port_error)."\n";
Line 231 sub firewall_close_port {	Line 238 sub firewall_close_port {
}	}
}	}
if (!@okchains) {	if (!@okchains) {
return 'None of the chain names has the expected format'."\n";	return 'None of the chain names has the expected format.'."\n";
}	}
if (ref($ports) ne 'ARRAY') {	if (ref($ports) ne 'ARRAY') {
return 'List of ports to close needed.';	return 'List of ports to close needed.';
Line 285 sub firewall_close_port {	Line 292 sub firewall_close_port {
}	}
}	}
if (@lond_port_close) {	if (@lond_port_close) {
$output .= "Port closed for ".scalar(@lond_port_close)." IP addresses\n";	$output .= "Port closed for ".scalar(@lond_port_close)." IP addresses.\n";
}	}
if (@port_error) {	if (@port_error) {
$output .= "Error closing port for following IP addresses: ".join(', ',@port_error)."\n";	$output .= "Error closing port for following IP addresses: ".join(', ',@port_error)."\n";
Line 346 sub firewall_close_anywhere {	Line 353 sub firewall_close_anywhere {
system($firewall_command);	system($firewall_command);
my $return_status = $?>>8;	my $return_status = $?>>8;
if ($return_status == 1) {	if ($return_status == 1) {
print 'Error closing port '.$port.' for source "anywhere"'."\n";	print 'Error closing port '.$port.' for source "anywhere".'."\n";
} elsif ($return_status == 2) {	} elsif ($return_status == 2) {
print 'Bad command error closing port '.$port.' for source "anywhere". Command was'."\n".	print 'Bad command error closing port '.$port.' for source "anywhere". Command was'."\n".
' '.$firewall_command."\n";	' '.$firewall_command."\n";
Line 375 sub get_lond_port {	Line 382 sub get_lond_port {

sub get_fw_chains {	sub get_fw_chains {
my ($iptables) = @_;	my ($iptables) = @_;
my $distro;	my $distro = &LONCAPA::distro();
if (open(PIPE,"/home/httpd/perl/distprobe\|")) {
$distro = <PIPE>;
close(PIPE);
}
my @fw_chains;	my @fw_chains;
my $suse_config = "/etc/sysconfig/SuSEfirewall2";	my $suse_config = "/etc/sysconfig/SuSEfirewall2";
my $ubuntu_config = "/etc/ufw/ufw.conf";	my $ubuntu_config = "/etc/ufw/ufw.conf";
Line 398 sub get_fw_chains {	Line 401 sub get_fw_chains {
if (!-e '/etc/sysconfig/iptables') {	if (!-e '/etc/sysconfig/iptables') {
if (!-e '/var/lib/iptables') {	if (!-e '/var/lib/iptables') {
unless ($distro =~ /^(debian\|ubuntu)/) {	unless ($distro =~ /^(debian\|ubuntu)/) {
print("Unable to find iptables file containing static definitions\n");	print("Unable to find iptables file containing static definitions.\n");
}	}
}	}
if ($distro =~ /^(fedora\|rhes\|centos\|scientific)/) {	if ($distro =~ /^(fedora\|rhes\|centos\|scientific)/) {
Line 438 sub get_pathto_iptables {	Line 441 sub get_pathto_iptables {
} elsif (-e '/usr/sbin/iptables') {	} elsif (-e '/usr/sbin/iptables') {
$iptables = '/usr/sbin/iptables';	$iptables = '/usr/sbin/iptables';
} else {	} else {
print("Unable to find iptables command\n");	print("Unable to find iptables command.\n");
}	}
return $iptables;	return $iptables;
}	}

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

Removed from v.1.11
changed lines
	Added in v.1.14