diff options
| author | Gaurav Sinha <gaurav.sinha@vyatta.com> | 2012-06-06 21:02:41 -0700 |
|---|---|---|
| committer | Gaurav Sinha <gaurav.sinha@vyatta.com> | 2012-06-06 21:02:41 -0700 |
| commit | 1a5d31c8eae4ad66c86ed66602128afc811d18e3 (patch) | |
| tree | e9473b64a8ec4d648a55757df44a79f6afd9fe93 /scripts | |
| parent | 15f68c59c5836a731a7a76e6c04da170edd53f58 (diff) | |
| parent | 3d0f8a19a4a58b5b93cdde90ef963f0708c73063 (diff) | |
| download | vyatta-conntrack-1a5d31c8eae4ad66c86ed66602128afc811d18e3.tar.gz vyatta-conntrack-1a5d31c8eae4ad66c86ed66602128afc811d18e3.zip | |
Merge branch 'user_space_helpers' into pacifica
Conflicts:
lib/Vyatta/Conntrack/ConntrackUtil.pm
Diffstat (limited to 'scripts')
| -rw-r--r-- | scripts/vyatta-cthelper.pl | 84 |
1 files changed, 84 insertions, 0 deletions
diff --git a/scripts/vyatta-cthelper.pl b/scripts/vyatta-cthelper.pl new file mode 100644 index 0000000..f038037 --- /dev/null +++ b/scripts/vyatta-cthelper.pl @@ -0,0 +1,84 @@ +#!/usr/bin/perl + +use lib "/opt/vyatta/share/perl5"; +use warnings; +use strict; + +use Vyatta::Config; +use Vyatta::Conntrack::ConntrackUtil; +use Vyatta::IpTables::Mgr; +use Getopt::Long; +use Sys::Syslog qw(:standard :macros); + + +#for future +my %cmd_hash = ( 'ipv4' => 'iptables', + 'ipv6' => 'ip6tables'); + +my $nfct = "sudo /opt/vyatta/sbin/nfct"; +my ($enable_sqlnet, $disable_sqlnet, $enable_nfs, $disable_nfs); +my $CTERROR = "Conntrack error:"; + +GetOptions('enable_sqlnet=s' => \$enable_sqlnet, + 'disable_sqlnet=s' => \$disable_sqlnet, + 'disable_nfs=s' => \$disable_nfs, + 'enable_nfs=s' => \$enable_nfs, +); + +# subroutine to add helper rule to VYATTA_CT_HELPER chain. +sub +add_helper_to_chain { + my ($module) = @_; + my $iptables_cmd = $cmd_hash {'ipv4'}; + if ($module eq 'sqlnet') { +# run_cmd (" $iptables_cmd -I VYATTA_CT_HELPER -t raw -p tcp --dport 1521 -j CT --helper oracletns "); + print " $iptables_cmd -I VYATTA_CT_HELPER -t raw -p tcp --dport 1521 -j CT --helper oracletns \n"; +# run_cmd (" $iptables_cmd -I VYATTA_CT_HELPER -t raw -p tcp --dport 1525 -j CT --helper oracletns "); + print " $iptables_cmd -I VYATTA_CT_HELPER -t raw -p tcp --dport 1525 -j CT --helper oracletns \n"; + } elsif ($module eq 'nfs') { + print " $iptables_cmd -I VYATTA_CT_HELPER -t raw -p tcp --dport 111 -j CT --helper nfs \n"; +# run_cmd (" $iptables_cmd -I VYATTA_CT_HELPER -t raw -p tcp --dport 111 -j CT --helper nfs "); + } +} + +# subroutine to delete helper rule from VYATTA_CT_HELPER chain. +sub +delete_helper_from_chain { + my ($module) = @_; + my $iptables_cmd = $cmd_hash {'ipv4'}; + if ($module eq 'sqlnet') { +# run_cmd (" $iptables_cmd -D VYATTA_CT_HELPER -t raw -p tcp --dport 1521 -j CT --helper oracletns "); + print " $iptables_cmd -D VYATTA_CT_HELPER -t raw -p tcp --dport 1521 -j CT --helper oracletns \n"; +# run_cmd (" $iptables_cmd -D VYATTA_CT_HELPER -t raw -p tcp --dport 1525 -j CT --helper oracletns "); + print " $iptables_cmd -D VYATTA_CT_HELPER -t raw -p tcp --dport 1525 -j CT --helper oracletns \n"; + } elsif ($module eq 'nfs') { + print " $iptables_cmd -D VYATTA_CT_HELPER -t raw -p tcp --dport 111 -j CT --helper nfs \n"; +# run_cmd (" $iptables_cmd -D VYATTA_CT_HELPER -t raw -p tcp --dport 111 -j CT --helper nfs "); + } +} + +# should disable the required helper module +sub disable_helper_module { + my ($module) = @_; + + print "disable $module\n"; + delete_helper_from_chain($module); +} + +# should enable the required helper module +sub enable_helper_module { + my ($module) = @_; + + print "enable $module\n"; + add_helper_to_chain($module); +} + +if (defined $enable_sqlnet){ + enable_helper_module("sqlnet"); +} elsif (defined $disable_sqlnet) { + disable_helper_module("sqlnet"); +} elsif (defined $enable_nfs) { + enable_helper_module("nfs"); +} elsif (defined $disable_nfs) { + disable_helper_module("nfs"); +} |