diff options
| -rw-r--r-- | lib/network/drakfirewall.pm | 27 | ||||
| -rw-r--r-- | lib/network/nfs.pm | 63 |
2 files changed, 67 insertions, 23 deletions
diff --git a/lib/network/drakfirewall.pm b/lib/network/drakfirewall.pm index 7eb0e31..80fcb8e 100644 --- a/lib/network/drakfirewall.pm +++ b/lib/network/drakfirewall.pm @@ -5,6 +5,7 @@ use diagnostics; use network::shorewall; use common; +use network::nfs; my @all_servers = ( @@ -47,9 +48,9 @@ my @all_servers = { name => N_("NFS Server"), pkg => 'nfs-utils nfs-utils-clients', - ports => '111/tcp 111/udp 2049/tcp 2049/udp 4001/tcp 4001/udp 4002/tcp 4002/udp 4003/tcp 4003/udp 4004/tcp 4004/udp', + ports => '111/tcp 111/udp 2049/tcp 2049/udp ' . network::nfs::list_nfs_ports(), hide => 1, - prepare => sub { prepare_nfs_services(); }, + prepare => sub { network::nfs::write_nfs_ports(network::nfs::read_nfs_ports()); }, restart => 'nfs-common nfs-server', }, { @@ -90,23 +91,6 @@ my @ifw_rules = ( }, ); -sub prepare_nfs_services { - # enabling fixed ports for NFS services - # nfs-common - substInFile { - s/^(STATD_OPTIONS)=$/$1="--port 4001"/; - s/^(STATD_OPTIONS)="(.*)(--port \d+)(.*)"$/$1="$2--port 4001$4"/; - s/^(LOCKD_)(TCP|UDP)(PORT)=.*/$1$2$3=4002/; - } "/etc/sysconfig/nfs-common"; - # nfs-server - substInFile { - s/^(RPCMOUNTD_OPTIONS)=$/$1="--port 4003"/; - s/^(RPCMOUNTD_OPTIONS)="(.*)(--port \d+)(.*)"$/$1="$2--port 4003$4"/; - s/^(RPCRQUOTAD_OPTIONS)=$/$1="--port 4004"/; - s/^(RPCRQUOTAD_OPTIONS)="(.*)(--port \d+)(.*)"$/$1="$2--port 4004$4"/; - } "/etc/sysconfig/nfs-server"; -} - sub port2server { my ($port) = @_; find { @@ -307,6 +291,9 @@ Please select which network activities should be watched."), sub main { my ($in, $disabled) = @_; + use Data::Dumper; + print Dumper(@all_servers); + ($disabled, my $servers, my $unlisted, my $log_net_drop) = get_conf($in, $disabled) or return; ($disabled, $servers, $unlisted, $log_net_drop) = choose_allowed_services($in, $disabled, $servers, $unlisted, $log_net_drop) or return; @@ -320,6 +307,8 @@ sub main { exists $_->{prepare} and $_->{prepare}(); } + print Dumper($servers); + my $ports = to_ports($servers, $unlisted); set_ports($in->do_pkgs, $disabled, $ports, $log_net_drop, $in) or return; diff --git a/lib/network/nfs.pm b/lib/network/nfs.pm index e3dca58..34ea52e 100644 --- a/lib/network/nfs.pm +++ b/lib/network/nfs.pm @@ -3,9 +3,9 @@ package network::nfs; use strict; use common; -sub read_nfs_port_settings { +sub read_nfs_ports { my $statd_port = 4001; - my $statd_outgoing_port = 4001; + my $statd_outgoing_port = undef; my $lockd_tcp_port = 4002; my $lockd_udp_port = 4002; my $rpc_mountd_port = 4003; @@ -25,13 +25,68 @@ sub read_nfs_port_settings { } } - { statd_port => $statd_port, - statd_outgoing_port => $statd_outgoing_port, + my $ports = { statd_port => $statd_port, lockd_tcp_port => $lockd_tcp_port, lockd_udp_port => $lockd_udp_port, rpc_mountd_port => $rpc_mountd_port, rpc_rquotad_port => $rpc_rquotad_port, + }; + if (defined $statd_outgoing_port) { + $ports->{statd_outgoing_port} => $statd_outgoing_port, } + $ports; +} + +sub list_nfs_ports { + my $ports = read_nfs_ports(); + + my $portlist = $ports->{lockd_tcp_port}. "/tcp " . $ports->{lockd_udp_port} . "/udp"; + if (defined $ports->{statd_outgoing_port} and $ports->{statd_outgoing_port} ne $ports->{statd_port}) { + $portlist .= " " . $ports->{statd_outgoing_port} . "/tcp " . $ports->{statd_outgoing_port} . "/udp"; + } + foreach (qw(statd_port rpc_mountd_port rpc_rquotad_port)) { + my $port = $ports->{$_}; + $portlist .= " $port/tcp $port/udp"; + } + # list of ports in shorewall format + $portlist; +} + +sub write_nfs_ports { + my ($ports) = @_; + # enabling fixed ports for NFS services + # nfs-common + substInFile { + if ($ports->{statd_port}) { + my $port = $ports->{statd_port}; + s/^(STATD_OPTIONS)=$/$1="--port $port"/; + s/^(STATD_OPTIONS)="(.*)(--port \d+)(.*)"$/$1="$2--port $port$4"/; + s/^(STATD_OPTIONS)="(.*)(-p \d+)(.*)"$/$1="$2--port $port$4"/; + } + if ($ports->{lockd_tcp_port}) { + my $port = $ports->{lockd_tcp_port}; + s/^LOCKD_TCPPORT=.*/LOCKD_TCPPORT=$port/; + } + if ($ports->{lockd_udp_port}) { + my $port = $ports->{lockd_udp_port}; + s/^LOCKD_UDPPORT=.*/LOCKD_UDPPORT=$port/; + } + } "/etc/sysconfig/nfs-common"; + # nfs-server + substInFile { + if ($ports->{rpc_mountd_port}) { + my $port = $ports->{rpc_mountd_port}; + s/^(RPCMOUNTD_OPTIONS)=$/$1="--port $port"/; + s/^(RPCMOUNTD_OPTIONS)="(.*)(--port \d+)(.*)"$/$1="$2--port $port$4"/; + s/^(RPCMOUNTD_OPTIONS)="(.*)(-p \d+)(.*)"$/$1="$2--port $port$4"/; + } + if ($ports->{rpc_rquotad_port}) { + my $port = $ports->{rpc_rquotad_port}; + s/^(RPCRQUOTAD_OPTIONS)=$/$1="--port $port"/; + s/^(RPCRQUOTAD_OPTIONS)="(.*)(--port \d+)(.*)"$/$1="$2--port $port$4"/; + s/^(RPCRQUOTAD_OPTIONS)="(.*)(-p \d+)(.*)"$/$1="$2--port $port$4"/; + } + } "/etc/sysconfig/nfs-server"; } 1; |