import initial du script de Tab dont on a retrouv la source. grrr

darcs-hash:20020203203229-a279a-809e9a348a3e3ee32bff546fb109d943f34b589a.gz
2002-02-03 21:32:29 +01:00 · 2002-02-03 21:32:29 +01:00 · 0251e928a9
commit 0251e928a9
parent 30eb7d149c
1 changed files with 63 additions and 0 deletions
--- a/fwtool.pl
+++ b/fwtool.pl
@ -0,0 +1,63 @@
+#!/usr/bin/perl -w
+##
+## fwtool.pl
+##
+## Made by 	tab
+## Login	<tab@crans.org>
+##
+## Started on  Sun Dec  2 19:11:06 2001 tab
+## Last update dim 03 fév 2002 21:17:55 CET Nicolas STRANSKY
+##
+
+use strict;
+
+my $paireipmac = "/CRANS/generated/ether/pairesMAC-IP.txt";
+my $blacklist = "/CRANS/confs/blacklist.cf";
+
+sub iptables
+{
+	my ($string) = @_;
+	system("/sbin/iptables ".$string."\n");
+}
+
+sub mac
+{
+	open MACFILE, $paireipmac;
+	while (my $line = <MACFILE>) {
+		my ($mac, $ip) = (split " ", $line)[0,1];
+		my $ipclass = (split /\./, $ip)[2];
+		iptables("-A S".$ipclass." -s ".$ip."	-m mac --mac-source ".$mac." -j ACCEPT");
+	}
+	close(MACFILE);
+}
+
+sub blacklist
+{
+	open LIST, $blacklist;
+
+	while (my $line = <LIST>) {
+		my ($fd1) = (split "#", $line)[0]; 
+		if (!($fd1 =~ /^$/))
+		{ 
+			my ($ip, $port) = (split ":", $fd1);
+			my @tab = split ",", $port;
+			iptables("-A LIST -s ".$ip." -j BLACKLIST");
+			foreach my $i (@tab) {
+				iptables("-A BLACKLIST -p tcp -s ".$ip." --dport ".$i." -j ACCEPT");
+			}
+		}
+			
+	}
+	close(LIST);
+}
+
+if (@ARGV != 1)
+{
+	exit(1);
+}
+
+if ($ARGV[0] eq 'blacklist')
+{	blacklist(); }
+elsif ($ARGV[0] eq 'mac')
+{	mac(); }
+