-
Notifications
You must be signed in to change notification settings - Fork 77
/
chainmgr_test.pl
executable file
·114 lines (87 loc) · 3.03 KB
/
chainmgr_test.pl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
#!/usr/bin/perl -w
use strict;
### path to default psad library directory for psad perl modules
my $psad_lib_dir = '/usr/lib/psad';
### import psad perl modules
&import_psad_perl_modules();
my $ipt = new IPTables::ChainMgr(
'iptables' => '/sbin/iptables',
'verbose' => 1
);
my $total_rules = 0;
my ($rv, $out_ar, $err_ar) = $ipt->create_chain('filter', 'PSAD');
print "create_chain() rv: $rv\n";
print "$_\n" for @$out_ar;
print "$_\n" for @$err_ar;
($rv, $out_ar, $err_ar) = $ipt->add_jump_rule('filter', 'INPUT', 'PSAD');
print "add_jump_rule() rv: $rv\n";
print "$_\n" for @$out_ar;
print "$_\n" for @$err_ar;
($rv, $out_ar, $err_ar) = $ipt->add_ip_rule('1.1.1.1',
'0.0.0.0/0', 10, 'filter', 'PSAD', 'DROP');
print "add_ip_rule() rv: $rv\n";
print "$_\n" for @$out_ar;
print "$_\n" for @$err_ar;
($rv, $total_rules) = $ipt->find_ip_rule('1.1.1.1', '0.0.0.0/0', 'filter', 'PSAD', 'DROP');
print "find ip: $rv, total chain rules: $total_rules\n";
($rv, $out_ar, $err_ar) = $ipt->add_ip_rule('2.2.1.1', '0.0.0.0/0', 10,
'filter', 'PSAD', 'DROP');
print "add_ip_rule() rv: $rv\n";
print "$_\n" for @$out_ar;
print "$_\n" for @$err_ar;
($rv, $out_ar, $err_ar) = $ipt->add_ip_rule('2.2.4.1', '0.0.0.0/0', 10,
'filter', 'PSAD', 'DROP');
print "add_ip_rule() rv: $rv\n";
print "$_\n" for @$out_ar;
print "$_\n" for @$err_ar;
($rv, $out_ar, $err_ar) = $ipt->delete_ip_rule('1.1.1.1', '0.0.0.0/0',
'filter', 'PSAD', 'DROP');
print "delete_ip_rule() rv: $rv\n";
print "$_\n" for @$out_ar;
print "$_\n" for @$err_ar;
($rv, $out_ar, $err_ar) = $ipt->delete_chain('filter', 'INPUT', 'PSAD');
print "delete_chain() rv: $rv\n";
print "$_\n" for @$out_ar;
print "$_\n" for @$err_ar;
($rv, $out_ar, $err_ar) = $ipt->run_ipt_cmd('/sbin/iptables -nL INPUT');
print "list on 'INPUT' chain rv: $rv\n";
print for @$out_ar;
print for @$err_ar;
($rv, $out_ar, $err_ar) = $ipt->run_ipt_cmd('/sbin/iptables -nL INPU');
print "bogus list on 'INPU' chain rv: $rv (this is expected).\n";
print for @$out_ar;
print for @$err_ar;
exit 0;
sub import_psad_perl_modules() {
my $mod_paths_ar = &get_psad_mod_paths();
push @$mod_paths_ar, @INC;
splice @INC, 0, $#$mod_paths_ar+1, @$mod_paths_ar;
require IPTables::Parse;
require IPTables::ChainMgr;
return;
}
sub get_psad_mod_paths() {
my @paths = ();
unless (-d $psad_lib_dir) {
my $dir_tmp = $psad_lib_dir;
$dir_tmp =~ s|lib/|lib64/|;
if (-d $dir_tmp) {
$psad_lib_dir = $dir_tmp;
} else {
die "[*] psad lib directory: $psad_lib_dir does not exist, ",
"use --Lib-dir <dir>";
}
}
opendir D, $psad_lib_dir or die "[*] Could not open $psad_lib_dir: $!";
my @dirs = readdir D;
closedir D;
shift @dirs; shift @dirs;
push @paths, $psad_lib_dir;
for my $dir (@dirs) {
### get directories like "/usr/lib/psad/x86_64-linux"
next unless -d "$psad_lib_dir/$dir";
push @paths, "$psad_lib_dir/$dir"
if $dir =~ m|linux| or $dir =~ m|thread|;
}
return \@paths;
}