diff options
author | An-Cheng Huang <ancheng@vyatta.com> | 2008-12-03 11:23:53 -0800 |
---|---|---|
committer | An-Cheng Huang <ancheng@vyatta.com> | 2008-12-03 11:23:53 -0800 |
commit | 0a5b4efc5e48358525b6a1ec119aa296fee388d4 (patch) | |
tree | 2491c81a10fa90fee37e3713ce9727a1f9af9c1c | |
parent | 515c6678e3d486768bd6fb5ed3c0efd5538caa1d (diff) | |
download | vyatta-cfg-firewall-0a5b4efc5e48358525b6a1ec119aa296fee388d4.tar.gz vyatta-cfg-firewall-0a5b4efc5e48358525b6a1ec119aa296fee388d4.zip |
add ipp2p config options
17 files changed, 65 insertions, 0 deletions
diff --git a/lib/Vyatta/IpTables/Rule.pm b/lib/Vyatta/IpTables/Rule.pm index fa7a0e5..9cbd303 100644 --- a/lib/Vyatta/IpTables/Rule.pm +++ b/lib/Vyatta/IpTables/Rule.pm @@ -28,6 +28,15 @@ my %fields = ( _non_frag => undef, _recent_time => undef, _recent_cnt => undef, + _p2p => { + _all => undef, + _apple => undef, + _bit => undef, + _dc => undef, + _edk => undef, + _gnu => undef, + _kazaa => undef, + }, ); my %dummy_rule = ( @@ -51,6 +60,15 @@ my %dummy_rule = ( _non_frag => undef, _recent_time => undef, _recent_cnt => undef, + _p2p => { + _all => undef, + _apple => undef, + _bit => undef, + _dc => undef, + _edk => undef, + _gnu => undef, + _kazaa => undef, + }, ); sub new { @@ -99,6 +117,14 @@ sub setup { $self->{_non_frag} = $config->exists("fragment match-non-frag"); $self->{_recent_time} = $config->returnValue('recent time'); $self->{_recent_cnt} = $config->returnValue('recent count'); + + $self->{_p2p}->{_all} = $config->exists("p2p all"); + $self->{_p2p}->{_apple} = $config->exists("p2p applejuice"); + $self->{_p2p}->{_bit} = $config->exists("p2p bittorrent"); + $self->{_p2p}->{_dc} = $config->exists("p2p directconnect"); + $self->{_p2p}->{_edk} = $config->exists("p2p edonkey"); + $self->{_p2p}->{_gnu} = $config->exists("p2p gnutella"); + $self->{_p2p}->{_kazaa} = $config->exists("p2p kazaa"); # TODO: need $config->exists("$level source") in Vyatta::Config.pm $src->setup("$level source"); @@ -137,6 +163,14 @@ sub setupOrig { $self->{_recent_time} = $config->returnOrigValue('recent time'); $self->{_recent_cnt} = $config->returnOrigValue('recent count'); + $self->{_p2p}->{_all} = $config->existsOrig("p2p all"); + $self->{_p2p}->{_apple} = $config->existsOrig("p2p applejuice"); + $self->{_p2p}->{_bit} = $config->existsOrig("p2p bittorrent"); + $self->{_p2p}->{_dc} = $config->existsOrig("p2p directconnect"); + $self->{_p2p}->{_edk} = $config->existsOrig("p2p edonkey"); + $self->{_p2p}->{_gnu} = $config->existsOrig("p2p gnutella"); + $self->{_p2p}->{_kazaa} = $config->existsOrig("p2p kazaa"); + # TODO: need $config->exists("$level source") in Vyatta::Config.pm $src->setupOrig("$level source"); $dst->setupOrig("$level destination"); @@ -286,6 +320,21 @@ sub rule { } } + my $p2p = undef; + if (defined($self->{_p2p}->{_all})) { + $p2p = '--apple --bit --dc --edk --gnu --kazaa '; + } else { + my @apps = qw(apple bit dc edk gnu kazaa); + foreach (@apps) { + if (defined($self->{_p2p}->{"_$_"})) { + $p2p .= "--$_ "; + } + } + } + if (defined($p2p)) { + $rule .= " -m ipp2p $p2p "; + } + my $chain = $self->{_name}; my $rule_num = $self->{_rule_number}; my $rule2 = undef; diff --git a/templates/firewall/modify/node.tag/rule/node.tag/p2p/all/node.def b/templates/firewall/modify/node.tag/rule/node.tag/p2p/all/node.def new file mode 100644 index 0000000..3359454 --- /dev/null +++ b/templates/firewall/modify/node.tag/rule/node.tag/p2p/all/node.def @@ -0,0 +1 @@ +help: Match AppleJuice/BitTorrent/Direct Connect/eDonkey/eMule/Gnutella/KaZaA application packets diff --git a/templates/firewall/modify/node.tag/rule/node.tag/p2p/applejuice/node.def b/templates/firewall/modify/node.tag/rule/node.tag/p2p/applejuice/node.def new file mode 100644 index 0000000..35c2182 --- /dev/null +++ b/templates/firewall/modify/node.tag/rule/node.tag/p2p/applejuice/node.def @@ -0,0 +1 @@ +help: Match AppleJuice application packets diff --git a/templates/firewall/modify/node.tag/rule/node.tag/p2p/bittorrent/node.def b/templates/firewall/modify/node.tag/rule/node.tag/p2p/bittorrent/node.def new file mode 100644 index 0000000..a6330de --- /dev/null +++ b/templates/firewall/modify/node.tag/rule/node.tag/p2p/bittorrent/node.def @@ -0,0 +1 @@ +help: Match BitTorrent application packets diff --git a/templates/firewall/modify/node.tag/rule/node.tag/p2p/directconnect/node.def b/templates/firewall/modify/node.tag/rule/node.tag/p2p/directconnect/node.def new file mode 100644 index 0000000..ab11805 --- /dev/null +++ b/templates/firewall/modify/node.tag/rule/node.tag/p2p/directconnect/node.def @@ -0,0 +1 @@ +help: Match Direct Connect application packets diff --git a/templates/firewall/modify/node.tag/rule/node.tag/p2p/edonkey/node.def b/templates/firewall/modify/node.tag/rule/node.tag/p2p/edonkey/node.def new file mode 100644 index 0000000..25a97e5 --- /dev/null +++ b/templates/firewall/modify/node.tag/rule/node.tag/p2p/edonkey/node.def @@ -0,0 +1 @@ +help: Match eDonkey/eMule application packets diff --git a/templates/firewall/modify/node.tag/rule/node.tag/p2p/gnutella/node.def b/templates/firewall/modify/node.tag/rule/node.tag/p2p/gnutella/node.def new file mode 100644 index 0000000..52d9d6c --- /dev/null +++ b/templates/firewall/modify/node.tag/rule/node.tag/p2p/gnutella/node.def @@ -0,0 +1 @@ +help: Match Gnutella application packets diff --git a/templates/firewall/modify/node.tag/rule/node.tag/p2p/kazaa/node.def b/templates/firewall/modify/node.tag/rule/node.tag/p2p/kazaa/node.def new file mode 100644 index 0000000..a6eab48 --- /dev/null +++ b/templates/firewall/modify/node.tag/rule/node.tag/p2p/kazaa/node.def @@ -0,0 +1 @@ +help: Match KaZaA application packets diff --git a/templates/firewall/modify/node.tag/rule/node.tag/p2p/node.def b/templates/firewall/modify/node.tag/rule/node.tag/p2p/node.def new file mode 100644 index 0000000..9013fe5 --- /dev/null +++ b/templates/firewall/modify/node.tag/rule/node.tag/p2p/node.def @@ -0,0 +1 @@ +help: Set P2P application packet matching diff --git a/templates/firewall/name/node.tag/rule/node.tag/p2p/all/node.def b/templates/firewall/name/node.tag/rule/node.tag/p2p/all/node.def new file mode 100644 index 0000000..3359454 --- /dev/null +++ b/templates/firewall/name/node.tag/rule/node.tag/p2p/all/node.def @@ -0,0 +1 @@ +help: Match AppleJuice/BitTorrent/Direct Connect/eDonkey/eMule/Gnutella/KaZaA application packets diff --git a/templates/firewall/name/node.tag/rule/node.tag/p2p/applejuice/node.def b/templates/firewall/name/node.tag/rule/node.tag/p2p/applejuice/node.def new file mode 100644 index 0000000..35c2182 --- /dev/null +++ b/templates/firewall/name/node.tag/rule/node.tag/p2p/applejuice/node.def @@ -0,0 +1 @@ +help: Match AppleJuice application packets diff --git a/templates/firewall/name/node.tag/rule/node.tag/p2p/bittorrent/node.def b/templates/firewall/name/node.tag/rule/node.tag/p2p/bittorrent/node.def new file mode 100644 index 0000000..a6330de --- /dev/null +++ b/templates/firewall/name/node.tag/rule/node.tag/p2p/bittorrent/node.def @@ -0,0 +1 @@ +help: Match BitTorrent application packets diff --git a/templates/firewall/name/node.tag/rule/node.tag/p2p/directconnect/node.def b/templates/firewall/name/node.tag/rule/node.tag/p2p/directconnect/node.def new file mode 100644 index 0000000..ab11805 --- /dev/null +++ b/templates/firewall/name/node.tag/rule/node.tag/p2p/directconnect/node.def @@ -0,0 +1 @@ +help: Match Direct Connect application packets diff --git a/templates/firewall/name/node.tag/rule/node.tag/p2p/edonkey/node.def b/templates/firewall/name/node.tag/rule/node.tag/p2p/edonkey/node.def new file mode 100644 index 0000000..25a97e5 --- /dev/null +++ b/templates/firewall/name/node.tag/rule/node.tag/p2p/edonkey/node.def @@ -0,0 +1 @@ +help: Match eDonkey/eMule application packets diff --git a/templates/firewall/name/node.tag/rule/node.tag/p2p/gnutella/node.def b/templates/firewall/name/node.tag/rule/node.tag/p2p/gnutella/node.def new file mode 100644 index 0000000..52d9d6c --- /dev/null +++ b/templates/firewall/name/node.tag/rule/node.tag/p2p/gnutella/node.def @@ -0,0 +1 @@ +help: Match Gnutella application packets diff --git a/templates/firewall/name/node.tag/rule/node.tag/p2p/kazaa/node.def b/templates/firewall/name/node.tag/rule/node.tag/p2p/kazaa/node.def new file mode 100644 index 0000000..a6eab48 --- /dev/null +++ b/templates/firewall/name/node.tag/rule/node.tag/p2p/kazaa/node.def @@ -0,0 +1 @@ +help: Match KaZaA application packets diff --git a/templates/firewall/name/node.tag/rule/node.tag/p2p/node.def b/templates/firewall/name/node.tag/rule/node.tag/p2p/node.def new file mode 100644 index 0000000..9013fe5 --- /dev/null +++ b/templates/firewall/name/node.tag/rule/node.tag/p2p/node.def @@ -0,0 +1 @@ +help: Set P2P application packet matching |