Navigation

← Previous Changeset
Next Changeset →

Changeset 1285

Timestamp:

10/05/08 14:30:06 (2 months ago)

Author:

mbr

Message:

more verbose debugging output for iptables commands

Files:

fwknop/trunk/fwknopd (modified) (8 diffs)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

fwknop/trunk/fwknopd

r1283	r1285
2724	2724	}
2725	2725
	2726	my $ipt_hr_num = 0;
2726	2727	for my $hr (@ipt_hrefs) {
2727	2728
	2729	if ($debug) {
	2730	$ipt_hr_num++;
	2731	print STDERR localtime() . " [+] ipt_href: $ipt_hr_num\n",
	2732	Dumper($hr);
	2733	}
2728	2734	my $nat_ip = '0.0.0.0/0';
2729	2735	my $nat_port = 0;
…	…
2751	2757	= $ipt->create_chain($table, $to_chain);
2752	2758
2753		unless ($rv) {
	2759	if ($rv) {
	2760	print STDERR localtime() . " create_chain() returned: $rv\n"
	2761	if $debug;
	2762	} else {
	2763	print STDERR localtime() . " [-] create_chain() ",
	2764	"returned: $rv, errors:\n" if $debug;
2754	2765	&psyslog_errs($err_aref);
2755	2766	return;
…	…
2760	2771	$from_chain, $jump_rule_position, $to_chain);
2761	2772
2762		unless ($rv) {
	2773	if ($rv) {
	2774	print STDERR localtime() . " add_jump_rule() ",
	2775	"returned: $rv\n" if $debug;
	2776	} else {
	2777	print STDERR localtime() . " [-] add_jump_rule() ",
	2778	"returned: $rv, errors:\n" if $debug;
2763	2779	&psyslog_errs($err_aref);
2764	2780	return;
…	…
2809	2825
2810	2826	if ($rv) {
	2827	print STDERR localtime() . " find_ip_rule() ",
	2828	"returned $rv\n" if $debug;
2811	2829	my $str = "$grant_src -> $grant_dst($proto/$port)";
2812	2830	if ($direction eq 'dst') {
…	…
2821	2839	"in chain: $to_chain", $SEND_MAIL);
2822	2840	} else {
	2841	print STDERR localtime() . " find_ip_rule() ",
	2842	"returned $rv\n" if $debug;
2823	2843	my $str = "add $to_chain $grant_src -> " .
2824	2844	"$grant_dst($proto/$port) $target rule ";
…	…
2842	2862	$target, \%extended_info);
2843	2863
2844		~~if ($debug) {~~
2845		~~print STDERR localtime() . " [+] Dumping $to_chain to ",~~
2846		~~"see newly added rule:\n";~~
2847		~~$ipt->run_ipt_cmd("$cmds{'iptables'} -t " .~~
2848		~~"$table -v -n -L $to_chain");~~
2849		}
2850
2851	2864	if ($rv) {
	2865
	2866	if ($debug) {
	2867	print STDERR localtime() . " [+] add_ip_rule() ",
	2868	"returned $rv\n",
	2869	" [+] Dumping $to_chain to ",
	2870	"see newly added rule:\n";
	2871	$ipt->run_ipt_cmd("$cmds{'iptables'} -t " .
	2872	"$table -v -n -L $to_chain");
	2873	}
2852	2874
2853	2875	### keep track of how many times we have granted access
…	…
2875	2897	);
2876	2898	} else {
	2899	print STDERR localtime() . " [-] add_ip_rule() ",
	2900	"returned $rv\n" if $debug;
2877	2901	&psyslog_errs($err_aref);
2878	2902	}
…	…
4780	4804	sub psyslog_errs() {
4781	4805	my $aref = shift;
	4806
	4807	if ($debug) {
	4808	for my $msg (@$aref) {
	4809	print STDERR localtime() . " $msg\n";
	4810	}
	4811	}
	4812
4782	4813	return if $config{'ALERTING_METHODS'} =~ /no.?syslog/i;
4783	4814

Navigation

Changeset 1285

Legend:

fwknop/trunk/fwknopd

Download in other formats: