summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--lib/network/drakfirewall.pm27
-rw-r--r--lib/network/nfs.pm63
2 files changed, 67 insertions, 23 deletions
diff --git a/lib/network/drakfirewall.pm b/lib/network/drakfirewall.pm
index 7eb0e31..80fcb8e 100644
--- a/lib/network/drakfirewall.pm
+++ b/lib/network/drakfirewall.pm
@@ -5,6 +5,7 @@ use diagnostics;
use network::shorewall;
use common;
+use network::nfs;
my @all_servers =
(
@@ -47,9 +48,9 @@ my @all_servers =
{
name => N_("NFS Server"),
pkg => 'nfs-utils nfs-utils-clients',
- ports => '111/tcp 111/udp 2049/tcp 2049/udp 4001/tcp 4001/udp 4002/tcp 4002/udp 4003/tcp 4003/udp 4004/tcp 4004/udp',
+ ports => '111/tcp 111/udp 2049/tcp 2049/udp ' . network::nfs::list_nfs_ports(),
hide => 1,
- prepare => sub { prepare_nfs_services(); },
+ prepare => sub { network::nfs::write_nfs_ports(network::nfs::read_nfs_ports()); },
restart => 'nfs-common nfs-server',
},
{
@@ -90,23 +91,6 @@ my @ifw_rules = (
},
);
-sub prepare_nfs_services {
- # enabling fixed ports for NFS services
- # nfs-common
- substInFile {
- s/^(STATD_OPTIONS)=$/$1="--port 4001"/;
- s/^(STATD_OPTIONS)="(.*)(--port \d+)(.*)"$/$1="$2--port 4001$4"/;
- s/^(LOCKD_)(TCP|UDP)(PORT)=.*/$1$2$3=4002/;
- } "/etc/sysconfig/nfs-common";
- # nfs-server
- substInFile {
- s/^(RPCMOUNTD_OPTIONS)=$/$1="--port 4003"/;
- s/^(RPCMOUNTD_OPTIONS)="(.*)(--port \d+)(.*)"$/$1="$2--port 4003$4"/;
- s/^(RPCRQUOTAD_OPTIONS)=$/$1="--port 4004"/;
- s/^(RPCRQUOTAD_OPTIONS)="(.*)(--port \d+)(.*)"$/$1="$2--port 4004$4"/;
- } "/etc/sysconfig/nfs-server";
-}
-
sub port2server {
my ($port) = @_;
find {
@@ -307,6 +291,9 @@ Please select which network activities should be watched."),
sub main {
my ($in, $disabled) = @_;
+ use Data::Dumper;
+ print Dumper(@all_servers);
+
($disabled, my $servers, my $unlisted, my $log_net_drop) = get_conf($in, $disabled) or return;
($disabled, $servers, $unlisted, $log_net_drop) = choose_allowed_services($in, $disabled, $servers, $unlisted, $log_net_drop) or return;
@@ -320,6 +307,8 @@ sub main {
exists $_->{prepare} and $_->{prepare}();
}
+ print Dumper($servers);
+
my $ports = to_ports($servers, $unlisted);
set_ports($in->do_pkgs, $disabled, $ports, $log_net_drop, $in) or return;
diff --git a/lib/network/nfs.pm b/lib/network/nfs.pm
index e3dca58..34ea52e 100644
--- a/lib/network/nfs.pm
+++ b/lib/network/nfs.pm
@@ -3,9 +3,9 @@ package network::nfs;
use strict;
use common;
-sub read_nfs_port_settings {
+sub read_nfs_ports {
my $statd_port = 4001;
- my $statd_outgoing_port = 4001;
+ my $statd_outgoing_port = undef;
my $lockd_tcp_port = 4002;
my $lockd_udp_port = 4002;
my $rpc_mountd_port = 4003;
@@ -25,13 +25,68 @@ sub read_nfs_port_settings {
}
}
- { statd_port => $statd_port,
- statd_outgoing_port => $statd_outgoing_port,
+ my $ports = { statd_port => $statd_port,
lockd_tcp_port => $lockd_tcp_port,
lockd_udp_port => $lockd_udp_port,
rpc_mountd_port => $rpc_mountd_port,
rpc_rquotad_port => $rpc_rquotad_port,
+ };
+ if (defined $statd_outgoing_port) {
+ $ports->{statd_outgoing_port} => $statd_outgoing_port,
}
+ $ports;
+}
+
+sub list_nfs_ports {
+ my $ports = read_nfs_ports();
+
+ my $portlist = $ports->{lockd_tcp_port}. "/tcp " . $ports->{lockd_udp_port} . "/udp";
+ if (defined $ports->{statd_outgoing_port} and $ports->{statd_outgoing_port} ne $ports->{statd_port}) {
+ $portlist .= " " . $ports->{statd_outgoing_port} . "/tcp " . $ports->{statd_outgoing_port} . "/udp";
+ }
+ foreach (qw(statd_port rpc_mountd_port rpc_rquotad_port)) {
+ my $port = $ports->{$_};
+ $portlist .= " $port/tcp $port/udp";
+ }
+ # list of ports in shorewall format
+ $portlist;
+}
+
+sub write_nfs_ports {
+ my ($ports) = @_;
+ # enabling fixed ports for NFS services
+ # nfs-common
+ substInFile {
+ if ($ports->{statd_port}) {
+ my $port = $ports->{statd_port};
+ s/^(STATD_OPTIONS)=$/$1="--port $port"/;
+ s/^(STATD_OPTIONS)="(.*)(--port \d+)(.*)"$/$1="$2--port $port$4"/;
+ s/^(STATD_OPTIONS)="(.*)(-p \d+)(.*)"$/$1="$2--port $port$4"/;
+ }
+ if ($ports->{lockd_tcp_port}) {
+ my $port = $ports->{lockd_tcp_port};
+ s/^LOCKD_TCPPORT=.*/LOCKD_TCPPORT=$port/;
+ }
+ if ($ports->{lockd_udp_port}) {
+ my $port = $ports->{lockd_udp_port};
+ s/^LOCKD_UDPPORT=.*/LOCKD_UDPPORT=$port/;
+ }
+ } "/etc/sysconfig/nfs-common";
+ # nfs-server
+ substInFile {
+ if ($ports->{rpc_mountd_port}) {
+ my $port = $ports->{rpc_mountd_port};
+ s/^(RPCMOUNTD_OPTIONS)=$/$1="--port $port"/;
+ s/^(RPCMOUNTD_OPTIONS)="(.*)(--port \d+)(.*)"$/$1="$2--port $port$4"/;
+ s/^(RPCMOUNTD_OPTIONS)="(.*)(-p \d+)(.*)"$/$1="$2--port $port$4"/;
+ }
+ if ($ports->{rpc_rquotad_port}) {
+ my $port = $ports->{rpc_rquotad_port};
+ s/^(RPCRQUOTAD_OPTIONS)=$/$1="--port $port"/;
+ s/^(RPCRQUOTAD_OPTIONS)="(.*)(--port \d+)(.*)"$/$1="$2--port $port$4"/;
+ s/^(RPCRQUOTAD_OPTIONS)="(.*)(-p \d+)(.*)"$/$1="$2--port $port$4"/;
+ }
+ } "/etc/sysconfig/nfs-server";
}
1;