1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
|
Copyright (c) 1999 Jessica Quaintance. All rights reserved.
This package is free software; you can redistribute it and/or
modify it under the same terms as Perl itself (see LICENSE),
with the exception of the libipfwc.c, ipchains.c, and the files
in include/ which have separate terms derived from those of
the original ipchains sources (see LICENSE.ipchains). Please see
README.ipchains for the README that was included with the
original source code for ipchains and contains copyrights and
credits for such.
For the full original source code, documentation and other
information related to the ipchains project please see
http://www.rustcorp.com/linux/ipchains/. The Ipfw.pm module is
a seperate entity from such, so please do not bother the author
of the ipchains source with issues related to this module.
For the most current version of this module please see
http://www.x25.org/ipchains.html. For more information about the
module, or to submit questions, comments, or bug reports about
such, please email j@x25.org.
-----------------------------------------------------------------
To build this module, run the following commands:
perl Makefile.PL
make
make install
To use this module you'll need to have several features enabled
in your kernel. From the ipchains README:
--
If your kernel version is before 2.1.102; you need the ipfwchains
patch to the 2.1.x or 2.0.x kernel series.
You need to be running a kernel compiled with CONFIG_IP_FIREWALL (for
2.1.102 and above) or CONFIG_IP_FIREWALL_CHAINS set to `Y'. You can
tell that your current kernel is compiled with this by looking for
/proc/net/ip_fwchains' - if it exists, then your kernel is ready for
the ipchains utility.
--
To use features such as IP Masquerading, IP Forwarding, IP Aliasing,
etc., you will have to also enable these individually in your
kernel configuration.
-----------------------------------------------------------------
The Ipfw.pm module was created to act as an interface to the
Linux IP firewalling routines so that one might set, list, or
otherwize modify and/or access Linux firewalling rules and
information from perl, and to do so relatively painlessly.
As an example, if you wanted to deny all traffic from
192.168.100.0/24 going to 192.168.1.0/24, and log all attempts,
you could create a rule as such:
$fw = Ipfw->new(Source => "192.168.100.0",
SourceMask => "24",
Dest => "192.168.1.0",
DestMask => "24",
Rule => "DENY",
Log => "1"
);
$fw->append("input");
(Note that "input" is the chain you're applying the rule to., and
masks can also be written in the 255.255.255.0 notation).
Then, to list the results you could clear the options, set
the Verbose option, then call the list() method:
$fw->clopts();
$fw->attribute(Verbose, 1);
$fw->list("input");
Available options, attributes and syntax are listed in the POD
documentation contained in Ipfw.pm.
TODO:
1) Add a package to manage the logs generated by ipchains if the
logging option is specified.
2) Possibly add more methods for searching through set rules and
selecting/manipulating rules by search criteria.
BUGS:
No -S support quite yet. RSN.
! (invert rule) doesn't seem to work. Will be fixed RSN too.
CONTRIBUTIONS:
Thanks for bug fixes/patches/updates/additions or all of the above to:
Heather Adkins <hadkins@excitecorp.com> - early troubleshooting/bug fix
Sven Koch <haegar@comunit.net> - bug fixes and list_chains() function
Francis J. Lacoste <francis.lacoste@iNsu.COM> - bug fixes
|
