summaryrefslogtreecommitdiffstats
path: root/lib/network/drakfirewall.pm
diff options
context:
space:
mode:
authorEugeni Dodonov <eugeni@mandriva.org>2009-03-17 00:58:42 +0000
committerEugeni Dodonov <eugeni@mandriva.org>2009-03-17 00:58:42 +0000
commitc4ea36ab15729cc00e8e23de62449f9a92f93911 (patch)
tree340a6e2ec1f04b045aabc12690910103e10784cb /lib/network/drakfirewall.pm
parent8ee007145717514f248dd9fa60ba5b0967a9843c (diff)
downloaddrakx-net-c4ea36ab15729cc00e8e23de62449f9a92f93911.tar
drakx-net-c4ea36ab15729cc00e8e23de62449f9a92f93911.tar.gz
drakx-net-c4ea36ab15729cc00e8e23de62449f9a92f93911.tar.bz2
drakx-net-c4ea36ab15729cc00e8e23de62449f9a92f93911.tar.xz
drakx-net-c4ea36ab15729cc00e8e23de62449f9a92f93911.zip
Automatically configuring NFS to use fixed ports when protecting with
drakfirewall.
Diffstat (limited to 'lib/network/drakfirewall.pm')
-rw-r--r--lib/network/drakfirewall.pm32
1 files changed, 32 insertions, 0 deletions
diff --git a/lib/network/drakfirewall.pm b/lib/network/drakfirewall.pm
index e00dfa6..7eb0e31 100644
--- a/lib/network/drakfirewall.pm
+++ b/lib/network/drakfirewall.pm
@@ -49,6 +49,8 @@ my @all_servers =
pkg => 'nfs-utils nfs-utils-clients',
ports => '111/tcp 111/udp 2049/tcp 2049/udp 4001/tcp 4001/udp 4002/tcp 4002/udp 4003/tcp 4003/udp 4004/tcp 4004/udp',
hide => 1,
+ prepare => sub { prepare_nfs_services(); },
+ restart => 'nfs-common nfs-server',
},
{
name => N_("Windows Files Sharing (SMB)"),
@@ -88,6 +90,23 @@ my @ifw_rules = (
},
);
+sub prepare_nfs_services {
+ # enabling fixed ports for NFS services
+ # nfs-common
+ substInFile {
+ s/^(STATD_OPTIONS)=$/$1="--port 4001"/;
+ s/^(STATD_OPTIONS)="(.*)(--port \d+)(.*)"$/$1="$2--port 4001$4"/;
+ s/^(LOCKD_)(TCP|UDP)(PORT)=.*/$1$2$3=4002/;
+ } "/etc/sysconfig/nfs-common";
+ # nfs-server
+ substInFile {
+ s/^(RPCMOUNTD_OPTIONS)=$/$1="--port 4003"/;
+ s/^(RPCMOUNTD_OPTIONS)="(.*)(--port \d+)(.*)"$/$1="$2--port 4003$4"/;
+ s/^(RPCRQUOTAD_OPTIONS)=$/$1="--port 4004"/;
+ s/^(RPCRQUOTAD_OPTIONS)="(.*)(--port \d+)(.*)"$/$1="$2--port 4004$4"/;
+ } "/etc/sysconfig/nfs-server";
+}
+
sub port2server {
my ($port) = @_;
find {
@@ -296,12 +315,25 @@ sub main {
choose_watched_services($in, $servers, $unlisted) or return;
}
+ # preparing services when required
+ foreach (@$servers) {
+ exists $_->{prepare} and $_->{prepare}();
+ }
+
my $ports = to_ports($servers, $unlisted);
+
set_ports($in->do_pkgs, $disabled, $ports, $log_net_drop, $in) or return;
# restart mandi
require services;
services::is_service_running("mandi") and services::restart("mandi");
+ # restarting services if needed
+ foreach my $service (@$servers) {
+ if ($service->{restart}) {
+ services::is_service_running($_) and services::restart($_) foreach split(' ', $service->{restart});
+ }
+ }
+
($disabled, $ports);
}