[LON-CAPA-cvs] cvs: modules /matthew iptables_test.pl

matthew lon-capa-cvs@mail.lon-capa.org
Thu, 02 Dec 2004 18:51:00 -0000


matthew		Thu Dec  2 13:51:00 2004 EDT

  Added files:                 
    /modules/matthew	iptables_test.pl 
  Log:
  Development code used to test the iptables port opening.
  
  

Index: modules/matthew/iptables_test.pl
+++ modules/matthew/iptables_test.pl
#!/usr/bin/perl -w
#
use strict;

{ # Firewall variable scoping
    # Firewall code is based on the code in FC2 /etc/init.d/ntpd
    my $fw_chain = 'RH-Firewall-1-INPUT';
    my $iptables = '/sbin/iptables';
    my $port = 5663;

sub firewall_open_port {
    return if (! &firewall_is_active);
    print "Opening firewall access on port $port\n";
    if (! `$iptables -L -n 2>/dev/null | grep $fw_chain | wc -l`) { return; }
    # iptables is running with our chain
    #
    # We could restrict the servers allowed to attempt to communicate
    # here, but the logistics of updating the /home/httpd/lonTabs/host.tab
    # file are likely to be a problem
    my $firewall_command = 
        "$iptables -I $fw_chain -p tcp -d 0/0 --dport $port -j ACCEPT";
    system($firewall_command);
    my $return_status = $?>>8;
    if ($return_status == 1) {
        # Error
        print "Error opening port.\n";
    } elsif ($return_status == 2) {
        # Bad command
        print "Bad command error opening port.  Command was\n".
            "  ".$firewall_command."\n";
    }
}

sub firewall_is_port_open {
    # returns 1 if the firewall port is open, 0 if not.
    #
    # check if firewall is active or installed
    return if (! &firewall_is_active);
    if (`$iptables -L -n 2>/dev/null | grep "tcp dpt:$port"`) { 
        return 1;
    } else {
        return 0;
    }
}

sub firewall_is_active {
    if (-e '/proc/net/ip_tables_names') {
        return 1;
    } else {
        return 0;
    }
}

sub firewall_close_port {
    return if (! &firewall_is_active);
    print "Closing firewall access on port $port\n";
    my $firewall_command = 
        "$iptables -D $fw_chain -p tcp -d 0/0 --dport $port -j ACCEPT";
    system($firewall_command);
    my $return_status = $?>>8;
    if ($return_status == 1) {
        # Error
        print "Error closing port.\n";
    } elsif ($return_status == 2) {
        # Bad command
        print "Bad command error closing port.  Command was\n".
            "  ".$firewall_command."\n";
    }
}

} # End firewall variable scope

if (! &firewall_is_port_open()) { &firewall_open_port(); }

#if (&firewall_is_port_open()) { &firewall_close_port(); }