# not been blocked yet, call the responisible
# function to do this now.
unless (exists($blockhash{$address})) {
- # XXX
- # Add posibility to use a configure-able action.
- my $action;
+ # Obtain the configured FirewallAction.
+ my $action = $self->{FirewallAction};
# Block the given address.
my $error = &DoBlock($address, $action);
our @EXPORT = qw(DoBlock DoUnblock DoFlush);
+# Array of supported block actions.
+my @supported_actions = ("DROP", "REJECT");
+
# The path to the iptables executeable.
my $iptables = "/usr/sbin/iptables";
$action = "DROP";
}
+ # Check if the given action is supported.
+ my $error = &_check_action($action);
+
+ # Abort and return the recieved error.
+ if ($error) {
+ return $error;
+ }
+
# Call iptables to block the given address.
system("$iptables --wait -A $chain -s $address -j $action");
}
return @reversed_rules;
}
+#
+## The _check_action function.
+#
+## This private function is used to check if the given action is supported by
+## the firewall engine.
+#
+sub _check_action ($) {
+ my $action = $_[0];
+
+ # Check if the recieved action is part of the supported_actions array.
+ foreach my $item (@supported_actions) {
+ # Exit the loop and return "nothing" if we found a match.
+ if($item eq $action) {
+ return;
+ }
+ }
+
+ # If we got here, the given action is not part of the array of supported
+ # actions. Return an error message.
+ return "Unsupported action: $action";
+}
+
1;