[bwm-tools-devel] COMMIT - r31 - trunk/bwm_firewall
Brought to you by:
nkukard
Menu
▾
▴
[bwm-tools-devel] COMMIT - r31 - trunk/bwm_firewall
|
From: SVN C. <sv...@li...> - 2005-01-05 13:08:40
|
Author: nkukard
Date: 2005-01-05 15:08:18 +0200 (Wed, 05 Jan 2005)
New Revision: 31
Modified:
trunk/bwm_firewall/bwm_firewall.c
Log:
* Giang Hu <fre...@gm...> - Added preliminary support for direct piping of iptables firewall into iptables-restore
Modified: trunk/bwm_firewall/bwm_firewall.c
===================================================================
--- trunk/bwm_firewall/bwm_firewall.c 2005-01-05 09:45:08 UTC (rev 30)
+++ trunk/bwm_firewall/bwm_firewall.c 2005-01-05 13:08:18 UTC (rev 31)
@@ -211,30 +211,43 @@
// Function to write firewall to file
-static int writeFirewall(GList *ruleList, char *filename)
+static int writeFirewall(GList *ruleList, char *filename, char load)
{
int fd;
int fuct = 0;
char *buffer, datetime[32];
+ FILE *piptables_restore = NULL;
+
-
- // Write rule by rule to file
+ // Process rule by rule & write to file and/or pipe to iptables directly
void writeRule(gpointer data, gpointer user_data)
{
int res;
+
if (!fuct)
{
+ // Write to file...
res = write(fd,data,strlen(data));
if (res < 0)
{
fprintf(stderr,"Failed to write to file: %s\n",strerror(errno));
fuct = 1;
}
+ // Check if we piping to iptables aswell
+ if (piptables_restore)
+ {
+ fprintf(piptables_restore, "%s", data);
+ // Check for IO error
+ if (ferror(piptables_restore))
+ {
+ fprintf(stderr,"Failed to write to file: %s\n",strerror(errno));
+ piptables_restore = NULL;
+ }
+ }
}
}
-
// Open firewall file
fd = open(filename,O_CREAT|O_TRUNC|O_WRONLY,S_IREAD|S_IWRITE);
if (fd < 0)
@@ -243,6 +256,15 @@
return(-1);
}
+ // Check if we piping direct to iptables aswell
+ if (load)
+ {
+ // iptables-restore should be in path
+ piptables_restore = popen("iptables-restore", "w");
+ if (!piptables_restore)
+ fprintf(stderr, "ERROR: Can not find iptables-restore in $PATH, skipping load\n");
+ }
+
buffer = (char *) malloc0(BUFFER_SIZE);
// Write out comment to say what version & at what datetime we generated the firewall
snprintf(buffer,BUFFER_SIZE,"# Generated using BWM Firewall v%s: %s\n",PACKAGE_VERSION,
@@ -255,6 +277,10 @@
// Finally close file descriptor
close(fd);
+ // If we opened iptables-restore close
+ if (piptables_restore)
+ fclose(piptables_restore);
+
return(fuct);
}
@@ -267,7 +293,7 @@
printf("Options:\n");
printf(" -c, --config=<config_file> Specify non-default BWM Tools config file\n");
printf(" -f, --file[=<output_file>] Generate iptables-restore file from BWM Tools firewall\n");
-// printf(" -l, --load Load BWM Tools firewall directly into kernel\n");
+ printf(" -l, --load Load BWM Tools firewall directly into kernel\n");
printf(" -h, --help Display this page\n");
printf(" -r, --reset-counters Reset iptables counters, usable with \"iptables-restore -c\"\n");
printf("\n");
@@ -292,7 +318,7 @@
{
{"config",required_argument,0,'c'},
{"file",optional_argument,0,'f'},
-// {"load",no_argument,0,'l'},
+ {"load",no_argument,0,'l'},
{"help",no_argument,0,'h'},
{"reset-counters",no_argument,0,'r'},
{0,0,0,0}
@@ -314,8 +340,7 @@
int option_index = 0;
// Process
-// c = getopt_long(argc,argv,"c=f:lhr",long_options,&option_index);
- c = getopt_long(argc,argv,"c:f::hr",long_options,&option_index);
+ c = getopt_long(argc,argv,"c:f::lhr",long_options,&option_index);
if (c == -1)
break;
@@ -372,7 +397,7 @@
if (fw)
{
printf("Writing IPTables configuration to \"%s\"...\n",outputFile);
- res = writeFirewall(fw,outputFile);
+ res = writeFirewall(fw,outputFile,loadFirewall);
}
// Return result code
|
