Commit e1bbd3aa authored by latham's avatar latham
Browse files

start iptables plugin, just documenting now

parent 18152908
class iptables_plugin
var $plugin_name = 'iptables_plugin';
var $class_name = 'iptables_plugin';
function onInstall()
global $conf;
if($conf['iptables']['installed'] = true) return true;
else return false;
function onLoad()
global $app;
function insert($event_name,$data)
global $app, $conf;
function update($event_name,$data)
global $app, $conf;
ok, here is where we do some fun stuff. First off we need to see the currently
running iptables (sans the fail2ban) and compare with the database. This is
the method that is good for multi servers and keeping the firewall read only so
a comromised box will not corrupt the master server.
If the running iptables and the new iptables don't match, lets send a note to
the monitoring data to say that there is a difference. Maybe we can have the
iptables gui inteface check the data field for changes and post a warning and
or the changes as disabled rules. If an admin adds a rule on the comand line
we should make it easy to add to the database, but hard to overwrite the data.
So first is a reading of the current rules by filter:table with our friend awk
Compare with database
Send notices or updates
Apply rules from database
Preform some type of sainity check like the apache restart script
# automate this with a loop, but here it is for santity sake.
exec('iptables -S INPUT');
exec('iptables -S OUTPUT');
exec('iptables -S FORWARD');
$data['new'] should have lots of fun stuff
exec('iptables -I XYZ');
function delete($event_name,$data)
global $app, $conf;
exec('iptables -D xyz');
\ No newline at end of file
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment