This commit adds the posibility to configure which action will be
passed to the firewall engine when blocking an IP address.
To prevent from any missconfiguration, the requested action will be
validated by the responsible firewall engine module before it get
executed.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
# not been blocked yet, call the responisible
# function to do this now.
unless (exists($blockhash{$address})) {
# not been blocked yet, call the responisible
# function to do this now.
unless (exists($blockhash{$address})) {
- # XXX
- # Add posibility to use a configure-able action.
- my $action;
+ # Obtain the configured FirewallAction.
+ my $action = $self->{FirewallAction};
# Block the given address.
my $error = &DoBlock($address, $action);
# Block the given address.
my $error = &DoBlock($address, $action);
our @EXPORT = qw(DoBlock DoUnblock DoFlush);
our @EXPORT = qw(DoBlock DoUnblock DoFlush);
+# Array of supported block actions.
+my @supported_actions = ("DROP", "REJECT");
+
# The path to the iptables executeable.
my $iptables = "/usr/sbin/iptables";
# The path to the iptables executeable.
my $iptables = "/usr/sbin/iptables";
+ # Check if the given action is supported.
+ my $error = &_check_action($action);
+
+ # Abort and return the recieved error.
+ if ($error) {
+ return $error;
+ }
+
# Call iptables to block the given address.
system("$iptables --wait -A $chain -s $address -j $action");
}
# Call iptables to block the given address.
system("$iptables --wait -A $chain -s $address -j $action");
}
return @reversed_rules;
}
return @reversed_rules;
}
+#
+## The _check_action function.
+#
+## This private function is used to check if the given action is supported by
+## the firewall engine.
+#
+sub _check_action ($) {
+ my $action = $_[0];
+
+ # Check if the recieved action is part of the supported_actions array.
+ foreach my $item (@supported_actions) {
+ # Exit the loop and return "nothing" if we found a match.
+ if($item eq $action) {
+ return;
+ }
+ }
+
+ # If we got here, the given action is not part of the array of supported
+ # actions. Return an error message.
+ return "Unsupported action: $action";
+}
+