X-Git-Url: http://git.roojs.org/?p=Pman.Admin;a=blobdiff_plain;f=Iptables.php;h=a88c246b175c8d0d0caeaf2e70877ec0e942b897;hp=8e17d3c2b8687095f6cc5f278d6f34063489b4ac;hb=HEAD;hpb=d762b38837eb4c70e188ebb9fb4f762c170eb375 diff --git a/Iptables.php b/Iptables.php index 8e17d3c..a88c246 100644 --- a/Iptables.php +++ b/Iptables.php @@ -47,7 +47,7 @@ class Pman_Admin_Iptables extends Pman { return '/tmp/run_pman_admin_iptables-'.$db; } - function get($opt = '') + function get($opt = '', $opts = Array()) { // monitor file @@ -86,7 +86,7 @@ class Pman_Admin_Iptables extends Pman { */ //DB_DataObject::debugLevel(1); - $p = DB_DataObject::Factory('Person'); + $p = DB_DataObject::Factory('core_person'); $p->autoJoin(); $p->whereAdd("join_company_id_id.comptype = 'OWNER'"); $p->selectAdd(); @@ -114,7 +114,7 @@ class Pman_Admin_Iptables extends Pman { max(event_when) + $interval as expires "); - $e->person_table = DB_DataObject::factory('person')->tableName(); + $e->person_table = DB_DataObject::factory('core_person')->tableName(); $e->whereAddIn('person_id', $peps, 'int'); $e->groupBy('ipaddr'); $e->whereAdd("event_when > NOW() - $interval"); @@ -124,9 +124,9 @@ class Pman_Admin_Iptables extends Pman { require_once 'System.php'; //inet addr:202.67.151.28 Bcast:202.67.151.255 Mask:255.255.255.0 - $ifconfig = System::which('ifconfig'); + $ifconfig = System::which('ifconfig','/sbin/ifconfig'); - if (!$ifconfig) { + if (!$ifconfig || !file_exists($ifconfig)) { $this->jerr("ifconfig could not be found."); } @@ -156,12 +156,16 @@ class Pman_Admin_Iptables extends Pman { function readChain($chain) { - require_once 'System.php'; - - $iptables = System::which('iptables'); + static $iptables; - if (!$iptables) { - $this->jerr("iptables could not be found."); + if (!$iptables) { + require_once 'System.php'; + + $iptables = System::which('iptables', '/sbin/iptables'); + + if (!$iptables || !file_exists($iptables)) { + $this->jerr("iptables could not be found."); + } } // this should have been set up already.. // in the base firewall code. @@ -223,13 +227,16 @@ class Pman_Admin_Iptables extends Pman { function updateTables() { - - require_once 'System.php'; - - $iptables = System::which('iptables'); + static $iptables; - if (!$iptables) { - $this->jerr("iptables could not be found."); + if (!$iptables) { + require_once 'System.php'; + + $iptables = System::which('iptables', '/sbin/iptables'); + + if (!$iptables || !file_exists($iptables)) { + $this->jerr("iptables could not be found."); + } } // this should have been set up already.. // in the base firewall code. @@ -322,7 +329,9 @@ class Pman_Admin_Iptables extends Pman { // remove rules that need deleting.. foreach($remove as $ip => $r) { - $this->exec("{$iptables} -d postgres {$r['num']} "); + + $this->removeIp($ip); + } @@ -332,12 +341,44 @@ class Pman_Admin_Iptables extends Pman { } + function removeIp($ip) + { + static $iptables; + + if (!$iptables) { + require_once 'System.php'; + + $iptables = System::which('iptables', '/sbin/iptables'); + + if (!$iptables || !file_exists($iptables)) { + $this->jerr("iptables could not be found."); + } + } + // we need to scan the list each time, as the order get's renumbered when we remove wone... + $ar = $this->readChain('postgres'); + foreach($ar as $row) { + if ($row['target'] != 'ACCEPT') { + continue; + } + + if ($row['source'] != $ip) { + continue; + } + $this->exec("{$iptables} -D postgres {$row['num']} "); + break; + } + } + + function createBase() { - $iptables = System::which('iptables'); - if (!$iptables) { + require_once 'System.php'; + + $iptables = System::which('iptables', '/sbin/iptables'); + + if (!$iptables || !file_exists($iptables)) { $this->jerr("iptables could not be found."); }