summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAn-Cheng Huang <ancheng@vyatta.com>2008-12-03 11:23:53 -0800
committerAn-Cheng Huang <ancheng@vyatta.com>2008-12-03 11:23:53 -0800
commit0a5b4efc5e48358525b6a1ec119aa296fee388d4 (patch)
tree2491c81a10fa90fee37e3713ce9727a1f9af9c1c
parent515c6678e3d486768bd6fb5ed3c0efd5538caa1d (diff)
downloadvyatta-cfg-firewall-0a5b4efc5e48358525b6a1ec119aa296fee388d4.tar.gz
vyatta-cfg-firewall-0a5b4efc5e48358525b6a1ec119aa296fee388d4.zip
add ipp2p config options
-rw-r--r--lib/Vyatta/IpTables/Rule.pm49
-rw-r--r--templates/firewall/modify/node.tag/rule/node.tag/p2p/all/node.def1
-rw-r--r--templates/firewall/modify/node.tag/rule/node.tag/p2p/applejuice/node.def1
-rw-r--r--templates/firewall/modify/node.tag/rule/node.tag/p2p/bittorrent/node.def1
-rw-r--r--templates/firewall/modify/node.tag/rule/node.tag/p2p/directconnect/node.def1
-rw-r--r--templates/firewall/modify/node.tag/rule/node.tag/p2p/edonkey/node.def1
-rw-r--r--templates/firewall/modify/node.tag/rule/node.tag/p2p/gnutella/node.def1
-rw-r--r--templates/firewall/modify/node.tag/rule/node.tag/p2p/kazaa/node.def1
-rw-r--r--templates/firewall/modify/node.tag/rule/node.tag/p2p/node.def1
-rw-r--r--templates/firewall/name/node.tag/rule/node.tag/p2p/all/node.def1
-rw-r--r--templates/firewall/name/node.tag/rule/node.tag/p2p/applejuice/node.def1
-rw-r--r--templates/firewall/name/node.tag/rule/node.tag/p2p/bittorrent/node.def1
-rw-r--r--templates/firewall/name/node.tag/rule/node.tag/p2p/directconnect/node.def1
-rw-r--r--templates/firewall/name/node.tag/rule/node.tag/p2p/edonkey/node.def1
-rw-r--r--templates/firewall/name/node.tag/rule/node.tag/p2p/gnutella/node.def1
-rw-r--r--templates/firewall/name/node.tag/rule/node.tag/p2p/kazaa/node.def1
-rw-r--r--templates/firewall/name/node.tag/rule/node.tag/p2p/node.def1
17 files changed, 65 insertions, 0 deletions
diff --git a/lib/Vyatta/IpTables/Rule.pm b/lib/Vyatta/IpTables/Rule.pm
index fa7a0e5..9cbd303 100644
--- a/lib/Vyatta/IpTables/Rule.pm
+++ b/lib/Vyatta/IpTables/Rule.pm
@@ -28,6 +28,15 @@ my %fields = (
_non_frag => undef,
_recent_time => undef,
_recent_cnt => undef,
+ _p2p => {
+ _all => undef,
+ _apple => undef,
+ _bit => undef,
+ _dc => undef,
+ _edk => undef,
+ _gnu => undef,
+ _kazaa => undef,
+ },
);
my %dummy_rule = (
@@ -51,6 +60,15 @@ my %dummy_rule = (
_non_frag => undef,
_recent_time => undef,
_recent_cnt => undef,
+ _p2p => {
+ _all => undef,
+ _apple => undef,
+ _bit => undef,
+ _dc => undef,
+ _edk => undef,
+ _gnu => undef,
+ _kazaa => undef,
+ },
);
sub new {
@@ -99,6 +117,14 @@ sub setup {
$self->{_non_frag} = $config->exists("fragment match-non-frag");
$self->{_recent_time} = $config->returnValue('recent time');
$self->{_recent_cnt} = $config->returnValue('recent count');
+
+ $self->{_p2p}->{_all} = $config->exists("p2p all");
+ $self->{_p2p}->{_apple} = $config->exists("p2p applejuice");
+ $self->{_p2p}->{_bit} = $config->exists("p2p bittorrent");
+ $self->{_p2p}->{_dc} = $config->exists("p2p directconnect");
+ $self->{_p2p}->{_edk} = $config->exists("p2p edonkey");
+ $self->{_p2p}->{_gnu} = $config->exists("p2p gnutella");
+ $self->{_p2p}->{_kazaa} = $config->exists("p2p kazaa");
# TODO: need $config->exists("$level source") in Vyatta::Config.pm
$src->setup("$level source");
@@ -137,6 +163,14 @@ sub setupOrig {
$self->{_recent_time} = $config->returnOrigValue('recent time');
$self->{_recent_cnt} = $config->returnOrigValue('recent count');
+ $self->{_p2p}->{_all} = $config->existsOrig("p2p all");
+ $self->{_p2p}->{_apple} = $config->existsOrig("p2p applejuice");
+ $self->{_p2p}->{_bit} = $config->existsOrig("p2p bittorrent");
+ $self->{_p2p}->{_dc} = $config->existsOrig("p2p directconnect");
+ $self->{_p2p}->{_edk} = $config->existsOrig("p2p edonkey");
+ $self->{_p2p}->{_gnu} = $config->existsOrig("p2p gnutella");
+ $self->{_p2p}->{_kazaa} = $config->existsOrig("p2p kazaa");
+
# TODO: need $config->exists("$level source") in Vyatta::Config.pm
$src->setupOrig("$level source");
$dst->setupOrig("$level destination");
@@ -286,6 +320,21 @@ sub rule {
}
}
+ my $p2p = undef;
+ if (defined($self->{_p2p}->{_all})) {
+ $p2p = '--apple --bit --dc --edk --gnu --kazaa ';
+ } else {
+ my @apps = qw(apple bit dc edk gnu kazaa);
+ foreach (@apps) {
+ if (defined($self->{_p2p}->{"_$_"})) {
+ $p2p .= "--$_ ";
+ }
+ }
+ }
+ if (defined($p2p)) {
+ $rule .= " -m ipp2p $p2p ";
+ }
+
my $chain = $self->{_name};
my $rule_num = $self->{_rule_number};
my $rule2 = undef;
diff --git a/templates/firewall/modify/node.tag/rule/node.tag/p2p/all/node.def b/templates/firewall/modify/node.tag/rule/node.tag/p2p/all/node.def
new file mode 100644
index 0000000..3359454
--- /dev/null
+++ b/templates/firewall/modify/node.tag/rule/node.tag/p2p/all/node.def
@@ -0,0 +1 @@
+help: Match AppleJuice/BitTorrent/Direct Connect/eDonkey/eMule/Gnutella/KaZaA application packets
diff --git a/templates/firewall/modify/node.tag/rule/node.tag/p2p/applejuice/node.def b/templates/firewall/modify/node.tag/rule/node.tag/p2p/applejuice/node.def
new file mode 100644
index 0000000..35c2182
--- /dev/null
+++ b/templates/firewall/modify/node.tag/rule/node.tag/p2p/applejuice/node.def
@@ -0,0 +1 @@
+help: Match AppleJuice application packets
diff --git a/templates/firewall/modify/node.tag/rule/node.tag/p2p/bittorrent/node.def b/templates/firewall/modify/node.tag/rule/node.tag/p2p/bittorrent/node.def
new file mode 100644
index 0000000..a6330de
--- /dev/null
+++ b/templates/firewall/modify/node.tag/rule/node.tag/p2p/bittorrent/node.def
@@ -0,0 +1 @@
+help: Match BitTorrent application packets
diff --git a/templates/firewall/modify/node.tag/rule/node.tag/p2p/directconnect/node.def b/templates/firewall/modify/node.tag/rule/node.tag/p2p/directconnect/node.def
new file mode 100644
index 0000000..ab11805
--- /dev/null
+++ b/templates/firewall/modify/node.tag/rule/node.tag/p2p/directconnect/node.def
@@ -0,0 +1 @@
+help: Match Direct Connect application packets
diff --git a/templates/firewall/modify/node.tag/rule/node.tag/p2p/edonkey/node.def b/templates/firewall/modify/node.tag/rule/node.tag/p2p/edonkey/node.def
new file mode 100644
index 0000000..25a97e5
--- /dev/null
+++ b/templates/firewall/modify/node.tag/rule/node.tag/p2p/edonkey/node.def
@@ -0,0 +1 @@
+help: Match eDonkey/eMule application packets
diff --git a/templates/firewall/modify/node.tag/rule/node.tag/p2p/gnutella/node.def b/templates/firewall/modify/node.tag/rule/node.tag/p2p/gnutella/node.def
new file mode 100644
index 0000000..52d9d6c
--- /dev/null
+++ b/templates/firewall/modify/node.tag/rule/node.tag/p2p/gnutella/node.def
@@ -0,0 +1 @@
+help: Match Gnutella application packets
diff --git a/templates/firewall/modify/node.tag/rule/node.tag/p2p/kazaa/node.def b/templates/firewall/modify/node.tag/rule/node.tag/p2p/kazaa/node.def
new file mode 100644
index 0000000..a6eab48
--- /dev/null
+++ b/templates/firewall/modify/node.tag/rule/node.tag/p2p/kazaa/node.def
@@ -0,0 +1 @@
+help: Match KaZaA application packets
diff --git a/templates/firewall/modify/node.tag/rule/node.tag/p2p/node.def b/templates/firewall/modify/node.tag/rule/node.tag/p2p/node.def
new file mode 100644
index 0000000..9013fe5
--- /dev/null
+++ b/templates/firewall/modify/node.tag/rule/node.tag/p2p/node.def
@@ -0,0 +1 @@
+help: Set P2P application packet matching
diff --git a/templates/firewall/name/node.tag/rule/node.tag/p2p/all/node.def b/templates/firewall/name/node.tag/rule/node.tag/p2p/all/node.def
new file mode 100644
index 0000000..3359454
--- /dev/null
+++ b/templates/firewall/name/node.tag/rule/node.tag/p2p/all/node.def
@@ -0,0 +1 @@
+help: Match AppleJuice/BitTorrent/Direct Connect/eDonkey/eMule/Gnutella/KaZaA application packets
diff --git a/templates/firewall/name/node.tag/rule/node.tag/p2p/applejuice/node.def b/templates/firewall/name/node.tag/rule/node.tag/p2p/applejuice/node.def
new file mode 100644
index 0000000..35c2182
--- /dev/null
+++ b/templates/firewall/name/node.tag/rule/node.tag/p2p/applejuice/node.def
@@ -0,0 +1 @@
+help: Match AppleJuice application packets
diff --git a/templates/firewall/name/node.tag/rule/node.tag/p2p/bittorrent/node.def b/templates/firewall/name/node.tag/rule/node.tag/p2p/bittorrent/node.def
new file mode 100644
index 0000000..a6330de
--- /dev/null
+++ b/templates/firewall/name/node.tag/rule/node.tag/p2p/bittorrent/node.def
@@ -0,0 +1 @@
+help: Match BitTorrent application packets
diff --git a/templates/firewall/name/node.tag/rule/node.tag/p2p/directconnect/node.def b/templates/firewall/name/node.tag/rule/node.tag/p2p/directconnect/node.def
new file mode 100644
index 0000000..ab11805
--- /dev/null
+++ b/templates/firewall/name/node.tag/rule/node.tag/p2p/directconnect/node.def
@@ -0,0 +1 @@
+help: Match Direct Connect application packets
diff --git a/templates/firewall/name/node.tag/rule/node.tag/p2p/edonkey/node.def b/templates/firewall/name/node.tag/rule/node.tag/p2p/edonkey/node.def
new file mode 100644
index 0000000..25a97e5
--- /dev/null
+++ b/templates/firewall/name/node.tag/rule/node.tag/p2p/edonkey/node.def
@@ -0,0 +1 @@
+help: Match eDonkey/eMule application packets
diff --git a/templates/firewall/name/node.tag/rule/node.tag/p2p/gnutella/node.def b/templates/firewall/name/node.tag/rule/node.tag/p2p/gnutella/node.def
new file mode 100644
index 0000000..52d9d6c
--- /dev/null
+++ b/templates/firewall/name/node.tag/rule/node.tag/p2p/gnutella/node.def
@@ -0,0 +1 @@
+help: Match Gnutella application packets
diff --git a/templates/firewall/name/node.tag/rule/node.tag/p2p/kazaa/node.def b/templates/firewall/name/node.tag/rule/node.tag/p2p/kazaa/node.def
new file mode 100644
index 0000000..a6eab48
--- /dev/null
+++ b/templates/firewall/name/node.tag/rule/node.tag/p2p/kazaa/node.def
@@ -0,0 +1 @@
+help: Match KaZaA application packets
diff --git a/templates/firewall/name/node.tag/rule/node.tag/p2p/node.def b/templates/firewall/name/node.tag/rule/node.tag/p2p/node.def
new file mode 100644
index 0000000..9013fe5
--- /dev/null
+++ b/templates/firewall/name/node.tag/rule/node.tag/p2p/node.def
@@ -0,0 +1 @@
+help: Set P2P application packet matching