[Astlinux-commits] SF.net SVN: astlinux:[6076] branches/1.0/package/arnofw

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Revision: 6076
          http://sourceforge.net/p/astlinux/code/6076
Author:   abelbeck
Date:     2013-05-07 23:30:35 +0000 (Tue, 07 May 2013)
Log Message:
-----------
arnofw, time-schedule-host-block plugin, add TIME_SCHEDULE_HOST_BLOCK_LOG logging option

Modified Paths:
--------------
    branches/1.0/package/arnofw/arnofw.serial
    branches/1.0/package/arnofw/time-schedule-host-block/30time-schedule-host-block.plugin.sh
    branches/1.0/package/arnofw/time-schedule-host-block/time-schedule-host-block.conf

Modified: branches/1.0/package/arnofw/arnofw.serial
===================================================================

--- branches/1.0/package/arnofw/arnofw.serial	2013-05-07 17:32:25 UTC (rev 6075)
+++ branches/1.0/package/arnofw/arnofw.serial	2013-05-07 23:30:35 UTC (rev 6076)
@@ -1 +1 @@
-0002~0019~0000~0000~0000~
+0002~0020~0000~0000~0000~

Modified: branches/1.0/package/arnofw/time-schedule-host-block/30time-schedule-host-block.plugin.sh
===================================================================
--- branches/1.0/package/arnofw/time-schedule-host-block/30time-schedule-host-block.plugin.sh	2013-05-07 17:32:25 UTC (rev 6075)
+++ branches/1.0/package/arnofw/time-schedule-host-block/30time-schedule-host-block.plugin.sh	2013-05-07 23:30:35 UTC (rev 6076)
@@ -32,8 +32,11 @@
 # Plugin start function
 plugin_start()
 {
-  local rule type data addr timestart timestop weekdays i DAYS SHOWRULE IFS
+  local rule type data addr timestart timestop weekdays i DAYS SHOWRULE LOG LOG_PREFIX IFS
 
+  LOG="-m limit --limit 3/m --limit-burst 1 -j LOG --log-level $LOGLEVEL --log-prefix"
+  LOG_PREFIX="AIF:Time Schedule Host Block:"
+
   IFS=$EOL
   for rule in $TIME_SCHEDULE_HOST_BLOCK_MAC; do
     unset IFS
@@ -83,16 +86,28 @@
     case $type in
       LAN-EXT|lan-ext)
         echo "$SHOWRULE"
+        if [ "$TIME_SCHEDULE_HOST_BLOCK_LOG" = "1" ]; then
+          iptables -A LAN_INET_FORWARD_CHAIN -m mac --mac-source $addr \
+                   -m time --timestart $timestart --timestop $timestop $DAYS $LOG "$LOG_PREFIX"
+        fi
         iptables -A LAN_INET_FORWARD_CHAIN -m mac --mac-source $addr \
                  -m time --timestart $timestart --timestop $timestop $DAYS -j REJECT
         ;;
       DMZ-EXT|dmz-ext)
         echo "$SHOWRULE"
+        if [ "$TIME_SCHEDULE_HOST_BLOCK_LOG" = "1" ]; then
+          iptables -A DMZ_INET_FORWARD_CHAIN -m mac --mac-source $addr \
+                   -m time --timestart $timestart --timestop $timestop $DAYS $LOG "$LOG_PREFIX"
+        fi
         iptables -A DMZ_INET_FORWARD_CHAIN -m mac --mac-source $addr \
                  -m time --timestart $timestart --timestop $timestop $DAYS -j REJECT
         ;;
       ANY|any)
         echo "$SHOWRULE"
+        if [ "$TIME_SCHEDULE_HOST_BLOCK_LOG" = "1" ]; then
+          iptables -A FORWARD_CHAIN -m mac --mac-source $addr \
+                   -m time --timestart $timestart --timestop $timestop $DAYS $LOG "$LOG_PREFIX"
+        fi
         iptables -A FORWARD_CHAIN -m mac --mac-source $addr \
                  -m time --timestart $timestart --timestop $timestop $DAYS -j REJECT
         ;;
@@ -131,16 +146,28 @@
     case $type in
       LAN-EXT|lan-ext)
         echo "$SHOWRULE"
+        if [ "$TIME_SCHEDULE_HOST_BLOCK_LOG" = "1" ]; then
+          iptables -A LAN_INET_FORWARD_CHAIN -s $addr \
+                   -m time --timestart $timestart --timestop $timestop $DAYS $LOG "$LOG_PREFIX"
+        fi
         iptables -A LAN_INET_FORWARD_CHAIN -s $addr \
                  -m time --timestart $timestart --timestop $timestop $DAYS -j REJECT
         ;;
       DMZ-EXT|dmz-ext)
         echo "$SHOWRULE"
+        if [ "$TIME_SCHEDULE_HOST_BLOCK_LOG" = "1" ]; then
+          iptables -A DMZ_INET_FORWARD_CHAIN -s $addr \
+                   -m time --timestart $timestart --timestop $timestop $DAYS $LOG "$LOG_PREFIX"
+        fi
         iptables -A DMZ_INET_FORWARD_CHAIN -s $addr \
                  -m time --timestart $timestart --timestop $timestop $DAYS -j REJECT
         ;;
       ANY|any)
         echo "$SHOWRULE"
+        if [ "$TIME_SCHEDULE_HOST_BLOCK_LOG" = "1" ]; then
+          iptables -A FORWARD_CHAIN -s $addr \
+                   -m time --timestart $timestart --timestop $timestop $DAYS $LOG "$LOG_PREFIX"
+        fi
         iptables -A FORWARD_CHAIN -s $addr \
                  -m time --timestart $timestart --timestop $timestop $DAYS -j REJECT
         ;;
@@ -152,6 +179,12 @@
     esac
   done
 
+  if [ "$TIME_SCHEDULE_HOST_BLOCK_LOG" = "1" ]; then
+    echo "${INDENT}Logging of Time Schedule Host Block packets: Enabled"
+  else
+    echo "${INDENT}Logging of Time Schedule Host Block packets: Disabled"
+  fi
+
   return 0
 }
 

Modified: branches/1.0/package/arnofw/time-schedule-host-block/time-schedule-host-block.conf
===================================================================
--- branches/1.0/package/arnofw/time-schedule-host-block/time-schedule-host-block.conf	2013-05-07 17:32:25 UTC (rev 6075)
+++ branches/1.0/package/arnofw/time-schedule-host-block/time-schedule-host-block.conf	2013-05-07 23:30:35 UTC (rev 6076)
@@ -47,3 +47,8 @@
 #DMZ-EXT|192.168.1.1/24~21:00~7:00
 "
 
+# Enable logging for both TIME_SCHEDULE_HOST_BLOCK_MAC and
+# TIME_SCHEDULE_HOST_BLOCK variables when set to "1"
+# ------------------------------------------------------------------------------
+TIME_SCHEDULE_HOST_BLOCK_LOG=0
+

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.



