diff options
Diffstat (limited to 'scripts/firewall')
-rwxr-xr-x | scripts/firewall/vyatta-firewall-trap.pl | 6 | ||||
-rwxr-xr-x | scripts/firewall/vyatta-firewall.pl | 70 | ||||
-rwxr-xr-x | scripts/firewall/vyatta-fw-global-state-policy.pl | 36 | ||||
-rwxr-xr-x | scripts/firewall/vyatta-ipset.pl | 50 |
4 files changed, 81 insertions, 81 deletions
diff --git a/scripts/firewall/vyatta-firewall-trap.pl b/scripts/firewall/vyatta-firewall-trap.pl index 159feea..0be4e4c 100755 --- a/scripts/firewall/vyatta-firewall-trap.pl +++ b/scripts/firewall/vyatta-firewall-trap.pl @@ -46,9 +46,9 @@ my $syslog_flag = 1; my $cfglevel; -GetOptions("level=s" => \$cfglevel, - "debug" => \$debug_flag, - "syslog" => \$syslog_flag +GetOptions("level=s" => \$cfglevel, + "debug" => \$debug_flag, + "syslog" => \$syslog_flag ); openlog("firewall-trap", "pid", "user") if $syslog_flag; diff --git a/scripts/firewall/vyatta-firewall.pl b/scripts/firewall/vyatta-firewall.pl index e6fa85a..1264962 100755 --- a/scripts/firewall/vyatta-firewall.pl +++ b/scripts/firewall/vyatta-firewall.pl @@ -22,8 +22,8 @@ my $fw_stateful_file = '/var/run/vyatta_fw_stateful'; my $fw_tree_file = '/var/run/vyatta_fw_trees'; my $policy_ref_file = '/var/run/vyatta_policy_ref'; -my $FW_IN_HOOK = 'VYATTA_FW_IN_HOOK'; -my $FW_OUT_HOOK = 'VYATTA_FW_OUT_HOOK'; +my $FW_IN_HOOK = 'VYATTA_FW_IN_HOOK'; +my $FW_OUT_HOOK = 'VYATTA_FW_OUT_HOOK'; my $FW_LOCAL_HOOK = 'VYATTA_FW_LOCAL_HOOK'; # FW_LOCALOUT_HOOK is only used in mangle table for PBR of locally initiated traffic @@ -34,23 +34,23 @@ my (@setup, @updateints, @updaterules); my ($teardown, $teardown_ok); GetOptions( - "setup=s{2}" => \@setup, - "teardown=s" => \$teardown, - "teardown-ok=s" => \$teardown_ok, - "update-rules=s{2}" => \@updaterules, + "setup=s{2}" => \@setup, + "teardown=s" => \$teardown, + "teardown-ok=s" => \$teardown_ok, + "update-rules=s{2}" => \@updaterules, "update-interfaces=s{5}" => \@updateints, - "debug" => \$debug_flag, - "syslog" => \$syslog_flag + "debug" => \$debug_flag, + "syslog" => \$syslog_flag ); # mapping from config node to iptables/ip6tables table my %table_hash = ( - 'firewall name' => 'filter', - 'firewall ipv6-name' => 'filter', - 'policy route' => 'mangle', - 'policy local-route' => 'mangle', - 'policy ipv6-route' => 'mangle', - 'policy ipv6-local-route' => 'mangle' + 'firewall name' => 'filter', + 'firewall ipv6-name' => 'filter', + 'policy route' => 'mangle', + 'policy local-route' => 'mangle', + 'policy ipv6-route' => 'mangle', + 'policy ipv6-local-route' => 'mangle' ); # mapping from config node to iptables command. Note that this table @@ -58,22 +58,22 @@ my %table_hash = ( # keys of %table_hash can use the same keys to find the value associated # with the key in this table. my %cmd_hash = ( - 'firewall name' => 'iptables', - 'firewall ipv6-name' => 'ip6tables', - 'policy route' => 'iptables', - 'policy local-route' => 'iptables', - 'policy ipv6-route' => 'ip6tables', - 'policy ipv6-local-route' => 'ip6tables' + 'firewall name' => 'iptables', + 'firewall ipv6-name' => 'ip6tables', + 'policy route' => 'iptables', + 'policy local-route' => 'iptables', + 'policy ipv6-route' => 'ip6tables', + 'policy ipv6-local-route' => 'ip6tables' ); # mapping from config node to IP version string. my %ip_version_hash = ( - 'firewall name' => 'ipv4', - 'firewall ipv6-name' => 'ipv6', - 'policy route' => 'ipv4', - 'policy local-route' => 'ipv4', - 'policy ipv6-route' => 'ipv6', - 'policy ipv6-local-route' => 'ipv6' + 'firewall name' => 'ipv4', + 'firewall ipv6-name' => 'ipv6', + 'policy route' => 'ipv4', + 'policy local-route' => 'ipv4', + 'policy ipv6-route' => 'ipv6', + 'policy ipv6-local-route' => 'ipv6' ); # mapping from firewall tree to builtin chain for input @@ -102,12 +102,12 @@ my %policy_hash = ( ); my %other_tree = ( - 'firewall name' => 'policy route', - 'firewall ipv6-name' => 'policy ipv6-route', - 'policy route' => 'firewall name', - 'policy local-route' => 'firewall name', - 'policy ipv6-route' => 'firewall ipv6-name', - 'policy ipv6-local-route' => 'firewall ipv6-name' + 'firewall name' => 'policy route', + 'firewall ipv6-name' => 'policy ipv6-route', + 'policy route' => 'firewall name', + 'policy local-route' => 'firewall name', + 'policy ipv6-route' => 'firewall ipv6-name', + 'policy ipv6-local-route' => 'firewall ipv6-name' ); # Send output of shell commands to syslog for debugging and so that @@ -496,9 +496,9 @@ sub flush_route_table { } sub update_rules { - my ($tree, $name) = @_; # name, modify, ipv6-name or ipv6-modify - my $table = $table_hash{$tree}; # "filter" or "mangle" - my $iptables_cmd = $cmd_hash{$tree}; # "iptables" or "ip6tables" + my ($tree, $name) = @_; # name, modify, ipv6-name or ipv6-modify + my $table = $table_hash{$tree}; # "filter" or "mangle" + my $iptables_cmd = $cmd_hash{$tree}; # "iptables" or "ip6tables" my $config = new Vyatta::Config; my %nodes = (); diff --git a/scripts/firewall/vyatta-fw-global-state-policy.pl b/scripts/firewall/vyatta-fw-global-state-policy.pl index 526c1a1..859b810 100755 --- a/scripts/firewall/vyatta-fw-global-state-policy.pl +++ b/scripts/firewall/vyatta-fw-global-state-policy.pl @@ -33,12 +33,12 @@ use Getopt::Long; use Sys::Syslog qw(:standard :macros); # mapping from config node to iptables command -our %cmd_hash = ( 'name' => '/sbin/iptables', - 'ipv6-name' => '/sbin/ip6tables'); +our %cmd_hash = ( 'name' => '/sbin/iptables', + 'ipv6-name' => '/sbin/ip6tables'); # mapping from config node to iptables/ip6tables table -our %table_hash = ( 'name' => 'filter', - 'ipv6-name' => 'filter'); +our %table_hash = ( 'name' => 'filter', + 'ipv6-name' => 'filter'); # pre FW hooks in iptables' INPUT, OUTPUT and FORWARD chains our %pre_fw_hooks_hash = ( 'INPUT' => 'VYATTA_PRE_FW_IN_HOOK', @@ -56,15 +56,15 @@ our %state_policy_chains_hash = ( 'INPUT' => 'VYATTA_STATE_POLICY_IN_HOOK', 'OUTPUT' => 'VYATTA_STATE_POLICY_OUT_HOOK'); # state actions -our %state_action_hash = ( 'drop' => 'DROP', - 'reject' => 'REJECT', - 'accept' => 'JUMP_TO_INDIVIDUAL_POST_FW_HOOK', - 'log' => 'LOG'); +our %state_action_hash = ( 'drop' => 'DROP', + 'reject' => 'REJECT', + 'accept' => 'JUMP_TO_INDIVIDUAL_POST_FW_HOOK', + 'log' => 'LOG'); # state actions' log abbreviations -our %state_log_abbr_hash = ( 'drop' => 'D', - 'reject' => 'R', - 'accept' => 'A'); +our %state_log_abbr_hash = ( 'drop' => 'D', + 'reject' => 'R', + 'accept' => 'A'); # imp to maintain order of this array since this is the # order we want to insert rules into state-policy chains @@ -271,22 +271,22 @@ sub state_policy_validity_checks { my ($action, $state, $state_action); -GetOptions("action=s" => \$action, - "state=s" => \$state, - "state-action=s" => \$state_action, +GetOptions("action=s" => \$action, + "state=s" => \$state, + "state-action=s" => \$state_action, ); die "undefined action" if ! defined $action; my ($error, $warning); -($error, $warning) = setup_state_policy() if $action eq 'setup-state-policy'; +($error, $warning) = setup_state_policy() if $action eq 'setup-state-policy'; -($error, $warning) = teardown_state_policy() if $action eq 'teardown-state-policy'; +($error, $warning) = teardown_state_policy() if $action eq 'teardown-state-policy'; -($error, $warning) = set_state_actions() if $action eq 'set-state-actions'; +($error, $warning) = set_state_actions() if $action eq 'set-state-actions'; -($error, $warning) = enable_disable_conntrack($state) if $action eq 'enable-disable-conntrack'; +($error, $warning) = enable_disable_conntrack($state) if $action eq 'enable-disable-conntrack'; ($error, $warning) = state_policy_validity_checks($state) if $action eq 'state-policy-validity-checks'; diff --git a/scripts/firewall/vyatta-ipset.pl b/scripts/firewall/vyatta-ipset.pl index 0a079f3..e206902 100755 --- a/scripts/firewall/vyatta-ipset.pl +++ b/scripts/firewall/vyatta-ipset.pl @@ -430,55 +430,55 @@ sub check_duplicates { # my ($action, $set_name, $set_type, $set_family, $member, $set_copy, $alias); -GetOptions("action=s" => \$action, - "set-name=s" => \$set_name, - "set-type=s" => \$set_type, +GetOptions("action=s" => \$action, + "set-name=s" => \$set_name, + "set-type=s" => \$set_type, "set-family=s" => \$set_family, - "member=s" => \$member, - "alias=s" => \$alias, - "set-copy=s" => \$set_copy, + "member=s" => \$member, + "alias=s" => \$alias, + "set-copy=s" => \$set_copy, ); die "undefined action" if ! defined $action; my $rc; -show_port_groups() if $action eq 'show-port-groups'; +show_port_groups() if $action eq 'show-port-groups'; show_address_groups() if $action eq 'show-address-groups'; show_network_groups() if $action eq 'show-network-groups'; -$rc = ipset_reset($set_name, $set_type) if $action eq 'reset-set'; +$rc = ipset_reset($set_name, $set_type) if $action eq 'reset-set'; -$rc = ipset_create($set_name, $set_type, $set_family) if $action eq 'create-set'; +$rc = ipset_create($set_name, $set_type, $set_family) if $action eq 'create-set'; -$rc = ipset_delete($set_name) if $action eq 'delete-set'; +$rc = ipset_delete($set_name) if $action eq 'delete-set'; -$rc = ipset_check_member($set_name, $set_type, $member) - if $action eq 'check-member'; +$rc = ipset_check_member($set_name, $set_type, $member) if $action eq 'check-member'; -$rc = ipset_add_member($set_name, $member, $alias, $set_type) if $action eq 'add-member'; +$rc = ipset_add_member($set_name, $member, $alias, $set_type) if $action eq 'add-member'; -$rc = ipset_delete_member($set_name, $member) if $action eq 'delete-member'; +$rc = ipset_delete_member($set_name, $member) if $action eq 'delete-member'; -$rc = ipset_check_set_type($set_name, $set_type) if $action eq 'check-set-type'; +$rc = ipset_check_set_type($set_name, $set_type) if $action eq 'check-set-type'; -$rc = ipset_show_members($set_name) if $action eq 'show-set-members'; +$rc = ipset_show_members($set_name) if $action eq 'show-set-members'; -$rc = ipset_show_sets() if $action eq 'show-sets'; +$rc = ipset_show_sets() if $action eq 'show-sets'; -$rc = ipset_is_set_empty($set_name) if $action eq 'is-set-empty'; +$rc = ipset_is_set_empty($set_name) if $action eq 'is-set-empty'; -$rc = ipset_copy_set($set_name, $set_type, $set_copy) if $action eq 'copy-set'; +$rc = ipset_copy_set($set_name, $set_type, $set_copy) if $action eq 'copy-set'; -$rc = ipset_is_group_deleted($set_name, $set_type) - if $action eq 'is-group-deleted'; +$rc = ipset_is_group_deleted($set_name, $set_type) if $action eq 'is-group-deleted'; + +$rc = ipset_is_group_used($set_name, $set_type) if $action eq 'is-group-used'; -$rc = ipset_is_group_used($set_name, $set_type) if $action eq 'is-group-used'; $rc = ipset_is_group_defined($set_name, $set_type, $set_family) if $action eq 'is-group-defined'; -$rc = update_set($set_name, $set_type, $set_family) if $action eq 'update-set'; -$rc = prune_deleted_sets() if $action eq 'prune-deleted-sets'; +$rc = update_set($set_name, $set_type, $set_family) if $action eq 'update-set'; + +$rc = prune_deleted_sets() if $action eq 'prune-deleted-sets'; -$rc = check_duplicates($set_name, $set_type, $set_family) if $action eq 'check-duplicates'; +$rc = check_duplicates($set_name, $set_type, $set_family) if $action eq 'check-duplicates'; if (defined $rc) { print $rc; |