"Fossies" - the Fresh Open Source Software Archive

Member "aif-2.1.1/share/arno-iptables-firewall/plugins/90rpc.plugin" (16 Sep 2020, 4501 Bytes) of package /linux/privat/aif-2.1.1.tar.gz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "90rpc.plugin": 2.1.0_vs_2.1.1.

    1 # ------------------------------------------------------------------------------
    2 #               -= Arno's Iptables Firewall(AIF) - RPC plugin =-
    3 #
    4 PLUGIN_NAME="RPCplugin"
    5 PLUGIN_VERSION="0.22a-BETA"
    6 PLUGIN_CONF_FILE="rpc.conf"
    7 #
    8 # Last changed          : April 13, 2020
    9 # Requirements          : kernel 2.6
   10 # Comments              : This plugin opens RPC ports
   11 #
   12 # Author                : (C) Copyright 2011-2012 by Jared H. Hudson
   13 # Email                 : jhhudso AT volumehost DOT com
   14 # ------------------------------------------------------------------------------
   15 # This program is free software; you can redistribute it and/or
   16 # modify it under the terms of the GNU General Public License
   17 # version 2 as published by the Free Software Foundation.
   18 #
   19 # This program is distributed in the hope that it will be useful,
   20 # but WITHOUT ANY WARRANTY; without even the implied warranty of
   21 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   22 # GNU General Public License for more details.
   23 #
   24 # You should have received a copy of the GNU General Public License
   25 # along with this program; if not, write to the Free Software
   26 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
   27 # ------------------------------------------------------------------------------
   28 
   29 # Plugin start function
   30 plugin_start()
   31 {
   32   # Create new DYNDNS_CHAIN chain:
   33   iptables -N RPC_CHAIN 2>/dev/null
   34   iptables -F RPC_CHAIN
   35 
   36   # Insert rule into the main chain:
   37   iptables -A EXT_INPUT_CHAIN -j RPC_CHAIN
   38 
   39   echo "${INDENT}Enabling RPC service(s) $RPC_SERVICES for net(s) $RPC_NETS"
   40 
   41   IFS=' ,'
   42   for service in $RPC_SERVICES; do
   43     ports="$(rpcinfo -p |awk "/tcp.*$service/"' { print $4 }' |uniq |tr '\n' ' ')"
   44     echo "${INDENT}Adding TCP ports $ports for RPC service $service"
   45     for net in $RPC_NETS; do
   46       for port in $ports; do
   47         iptables -I RPC_CHAIN -p tcp -s $net --dport $port -j ACCEPT
   48       done
   49     done
   50 
   51     ports="$(rpcinfo -p |awk "/udp.*$service/"' { print $4 }' |uniq |tr '\n' ' ')"
   52     echo "${INDENT}Adding UDP ports $ports for RPC service $service"
   53     for net in $RPC_NETS; do
   54       for port in $ports; do
   55         iptables -I RPC_CHAIN -p udp -s $net --dport $port -j ACCEPT
   56       done
   57     done
   58   done
   59 
   60   return 0
   61 }
   62 
   63 
   64 # Plugin restart function
   65 plugin_restart()
   66 {
   67   ## Re-add standard chain rules that are flushed on a restart
   68   echo "${INDENT}Restarting..."
   69 
   70   # Insert rule into the main chain:
   71   iptables -A EXT_INPUT_CHAIN -j RPC_CHAIN
   72 
   73   return 0
   74 }
   75 
   76 
   77 # Plugin stop function
   78 plugin_stop()
   79 {
   80   iptables -D EXT_INPUT_CHAIN -j RPC_CHAIN 2>/dev/null
   81 
   82   iptables -F RPC_CHAIN
   83   iptables -X RPC_CHAIN 2>/dev/null
   84 
   85   return 0
   86 }
   87 
   88 
   89 # Plugin status function
   90 plugin_status()
   91 {
   92   iptables -L RPC_CHAIN |sed -e "s/^/$INDENT/"
   93 
   94   return 0
   95 }
   96 
   97 
   98 plugin_sanity_check()
   99 {
  100   if [ -z "$RPC_SERVICES" ] || [ -z "$RPC_NETS" ]; then
  101     printf "\033[40m\033[1;31m${INDENT}ERROR: The plugin config file is not properly setup!\033[0m\n" >&2
  102     return 1
  103   fi
  104 
  105   if ! check_command rpcinfo; then
  106     printf "\033[40m\033[1;31m${INDENT}ERROR: Required binary \"rpcinfo\" is not available!\n\033[0m" >&2
  107     return 1
  108   fi
  109 
  110   return 0
  111 }
  112 
  113 
  114 ############
  115 # Mainline #
  116 ############
  117 
  118 # Check where to find the config file
  119 CONF_FILE=""
  120 if [ -n "$PLUGIN_CONF_PATH" ]; then
  121   CONF_FILE="$PLUGIN_CONF_PATH/$PLUGIN_CONF_FILE"
  122 fi
  123 
  124 # Preinit to success:
  125 PLUGIN_RET_VAL=0
  126 
  127 # Check if the config file exists
  128 if [ ! -f "$CONF_FILE" ]; then
  129   printf "NOTE: Config file \"$CONF_FILE\" not found!\n        Plugin \"$PLUGIN_NAME v$PLUGIN_VERSION\" ignored!\n" >&2
  130 else
  131   # Source the plugin config file
  132   . "$CONF_FILE"
  133 
  134   if [ "$ENABLED" = "1" -a "$PLUGIN_CMD" != "stop-restart" ] ||
  135      [ "$ENABLED" = "0" -a "$PLUGIN_CMD" = "stop-restart" ] ||
  136      [ -n "$PLUGIN_LOAD_FILE" -a "$PLUGIN_CMD" = "stop" ] ||
  137      [ -n "$PLUGIN_LOAD_FILE" -a "$PLUGIN_CMD" = "status" ]; then
  138     # Show who we are:
  139     echo "${INDENT}$PLUGIN_NAME v$PLUGIN_VERSION"
  140 
  141     # Increment indention
  142     INDENT="$INDENT "
  143 
  144     # Only proceed if environment ok
  145     if ! plugin_sanity_check; then
  146       PLUGIN_RET_VAL=1
  147     else
  148       case $PLUGIN_CMD in
  149         start|'') plugin_start; PLUGIN_RET_VAL=$? ;;
  150         restart ) plugin_restart; PLUGIN_RET_VAL=$? ;;
  151         stop|stop-restart) plugin_stop; PLUGIN_RET_VAL=$? ;;
  152         status  ) plugin_status; PLUGIN_RET_VAL=$? ;;
  153         *       ) PLUGIN_RET_VAL=1; printf "\033[40m\033[1;31m${INDENT}ERROR: Invalid plugin option \"$PLUGIN_CMD\"!\033[0m\n" >&2 ;;
  154       esac
  155     fi
  156   fi
  157 fi