#!/usr/bin/perl # # This keeps an eye on the network configuration and ensures the firewall is configured appropriately. What # exactly that means depends on why kind of machine the local host is. # # # Exit codes; # 0 = Normal exit. # # use strict; use warnings; use Anvil::Tools; use Data::Dumper; # Disable buffering $| = 1; my $THIS_FILE = ($0 =~ /^.*\/(.*)$/)[0]; my $running_directory = ($0 =~ /^(.*?)\/$THIS_FILE$/)[0]; if (($running_directory =~ /^\./) && ($ENV{PWD})) { $running_directory =~ s/^\./$ENV{PWD}/; } my $anvil = Anvil::Tools->new({log_level => 2, log_secure => 1}); $anvil->Storage->read_config({file => $anvil->data->{path}{configs}{'anvil.conf'}}); $anvil->Log->entry({source => $THIS_FILE, line => __LINE__, level => 1, secure => 0, key => "log_0115", variables => { program => $THIS_FILE }}); # Read switches $anvil->data->{switches}{'y'} = ""; $anvil->Get->switches; check_initial_setup($anvil); # We're done $anvil->nice_exit({exit_code => 0}); ############################################################################################################# # Private functions. # ############################################################################################################# sub check_initial_setup { my ($anvil) = @_; # Get a list of networks. $anvil->System->get_ips(); my $internet_zone = ""; foreach my $interface (sort {$a cmp $b} keys %{$anvil->data->{sys}{network}{interface}}) { if ($interface =~ /^((bcn|ifn|sn)\d+)_/) { # We'll use the start as the zone, though it should always be overridden by the # ZONE="" variable in each interface's config. my $zone = $1; $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { zone => $zone }}); if ((exists $anvil->data->{sys}{network}{interface}{$interface}{variable}{ZONE}) && ($anvil->data->{sys}{network}{interface}{$interface}{variable}{ZONE})) { $zone = $anvil->data->{sys}{network}{interface}{$interface}{variable}{ZONE}; $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { zone => $zone }}); } $anvil->data->{zones}{$zone}{interface}{$interface}{ip} = $anvil->data->{sys}{network}{interface}{$interface}{ip}; $anvil->data->{zones}{$zone}{interface}{$interface}{subnet} = $anvil->data->{sys}{network}{interface}{$interface}{subnet}; $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { "zones::${zone}::interface::${interface}::ip" => $anvil->data->{zones}{$zone}{interface}{$interface}{ip}, "zones::${zone}::interface::${interface}::subnet" => $anvil->data->{zones}{$zone}{interface}{$interface}{subnet}, }}); $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { "sys::network::interface::${interface}::default_gateway" => $anvil->data->{sys}{network}{interface}{$interface}{default_gateway}, }}); if ($anvil->data->{sys}{network}{interface}{$interface}{default_gateway}) { $internet_zone = $zone; $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { internet_zone => $internet_zone }}); } } } # See what we've found... foreach my $zone (sort {$a cmp $b} keys %{$anvil->data->{zones}}) { $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { zone => $zone }}); foreach my $interface (sort {$a cmp $b} keys %{$anvil->data->{zones}{$zone}{interface}}) { $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { interface => $interface }}); } } # Get the list of existing zones. my $firewall = $anvil->System->check_firewall({debug => 2}); print Dumper $firewall; # What am I? my $type = $anvil->System->get_host_type(); $anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { type => $type }}); return(0); }