| 1 |
|
|---|
| 2 |
|
|---|
| 3 |
use lib '/usr/lib/fwknop'; |
|---|
| 4 |
use IPTables::ChainMgr; |
|---|
| 5 |
use IPTables::Parse; |
|---|
| 6 |
use strict; |
|---|
| 7 |
|
|---|
| 8 |
my $ipt = new IPTables::ChainMgr( |
|---|
| 9 |
'iptables' => '/sbin/iptables', |
|---|
| 10 |
'verbose' => 1 |
|---|
| 11 |
); |
|---|
| 12 |
my $total_rules = 0; |
|---|
| 13 |
|
|---|
| 14 |
my ($rv, $out_aref, $err_aref) = $ipt->create_chain('filter', 'FWKNOP'); |
|---|
| 15 |
print "create_chain() rv: $rv\n"; |
|---|
| 16 |
print "$_\n" for @$out_aref; |
|---|
| 17 |
print "$_\n" for @$err_aref; |
|---|
| 18 |
|
|---|
| 19 |
($rv, $out_aref, $err_aref) = $ipt->add_jump_rule('filter', 'INPUT', 'FWKNOP'); |
|---|
| 20 |
print "add_jump_rule() rv: $rv\n"; |
|---|
| 21 |
print "$_\n" for @$out_aref; |
|---|
| 22 |
print "$_\n" for @$err_aref; |
|---|
| 23 |
|
|---|
| 24 |
($rv, $out_aref, $err_aref) = $ipt->add_ip_rule('1.1.1.1', |
|---|
| 25 |
'0.0.0.0/0', 10, 'filter', 'FWKNOP', 'DROP'); |
|---|
| 26 |
print "add_ip_rule() rv: $rv\n"; |
|---|
| 27 |
print "$_\n" for @$out_aref; |
|---|
| 28 |
print "$_\n" for @$err_aref; |
|---|
| 29 |
|
|---|
| 30 |
($rv, $total_rules) = $ipt->find_ip_rule('1.1.1.1', '0.0.0.0/0', 'filter', 'FWKNOP', 'DROP'); |
|---|
| 31 |
print "find ip: $rv, total chain rules: $total_rules\n"; |
|---|
| 32 |
|
|---|
| 33 |
($rv, $out_aref, $err_aref) = $ipt->add_ip_rule('2.2.1.1', '0.0.0.0/0', 10, |
|---|
| 34 |
'filter', 'FWKNOP', 'DROP'); |
|---|
| 35 |
print "add_ip_rule() rv: $rv\n"; |
|---|
| 36 |
print "$_\n" for @$out_aref; |
|---|
| 37 |
print "$_\n" for @$err_aref; |
|---|
| 38 |
|
|---|
| 39 |
($rv, $out_aref, $err_aref) = $ipt->add_ip_rule('2.2.4.1', '0.0.0.0/0', 10, |
|---|
| 40 |
'filter', 'FWKNOP', 'DROP'); |
|---|
| 41 |
print "add_ip_rule() rv: $rv\n"; |
|---|
| 42 |
print "$_\n" for @$out_aref; |
|---|
| 43 |
print "$_\n" for @$err_aref; |
|---|
| 44 |
|
|---|
| 45 |
($rv, $out_aref, $err_aref) = $ipt->delete_ip_rule('1.1.1.1', '0.0.0.0/0', |
|---|
| 46 |
'filter', 'FWKNOP', 'DROP'); |
|---|
| 47 |
print "delete_ip_rule() rv: $rv\n"; |
|---|
| 48 |
print "$_\n" for @$out_aref; |
|---|
| 49 |
print "$_\n" for @$err_aref; |
|---|
| 50 |
|
|---|
| 51 |
($rv, $out_aref, $err_aref) = $ipt->delete_chain('filter', 'INPUT', 'FWKNOP'); |
|---|
| 52 |
print "delete_chain() rv: $rv\n"; |
|---|
| 53 |
print "$_\n" for @$out_aref; |
|---|
| 54 |
print "$_\n" for @$err_aref; |
|---|
| 55 |
|
|---|
| 56 |
($rv, $out_aref, $err_aref) = $ipt->run_ipt_cmd('/sbin/iptables -nL INPUT'); |
|---|
| 57 |
print "list on 'INPUT' chain rv: $rv\n"; |
|---|
| 58 |
print for @$out_aref; |
|---|
| 59 |
print for @$err_aref; |
|---|
| 60 |
|
|---|
| 61 |
($rv, $out_aref, $err_aref) = $ipt->run_ipt_cmd('/sbin/iptables -nL INPU'); |
|---|
| 62 |
print "bogus list on 'INPU' chain rv: $rv (this is expected).\n"; |
|---|
| 63 |
print for @$out_aref; |
|---|
| 64 |
print for @$err_aref; |
|---|
| 65 |
|
|---|
| 66 |
exit 0; |
|---|
