anvil/tools/anvil-manage-firewall

#!/usr/bin/perl
# 
# This keeps an eye on the network configuration and ensures the firewall is configured appropriately. What
# exactly that means depends on why kind of machine the local host is.
# 
# 
# Exit codes;
# 0 = Normal exit.
# 
# 

use strict;
use warnings;
use Anvil::Tools;
use Data::Dumper;


# Disable buffering
$| = 1;

my $THIS_FILE           =  ($0 =~ /^.*\/(.*)$/)[0];
my $running_directory   =  ($0 =~ /^(.*?)\/$THIS_FILE$/)[0];
if (($running_directory =~ /^\./) && ($ENV{PWD}))
{
	$running_directory =~ s/^\./$ENV{PWD}/;
}

my $anvil = Anvil::Tools->new({log_level => 2, log_secure => 1});

$anvil->Storage->read_config({file => $anvil->data->{path}{configs}{'anvil.conf'}});
$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, level => 1, secure => 0, key => "log_0115", variables => { program => $THIS_FILE }});

# Read switches
$anvil->data->{switches}{'y'} = "";
$anvil->Get->switches;

check_initial_setup($anvil);

# We're done
$anvil->nice_exit({exit_code => 0});


#############################################################################################################
# Private functions.                                                                                        #
#############################################################################################################

sub check_initial_setup
{
	my ($anvil) = @_;
	
	# Get a list of networks.
	$anvil->System->get_ips();
	my $internet_zone = "";
	foreach my $interface (sort {$a cmp $b} keys %{$anvil->data->{sys}{network}{interface}})
	{
		if ($interface =~ /^((bcn|ifn|sn)\d+)_/)
		{
			# We'll use the start as the zone, though it should always be overridden by the 
			# ZONE="" variable in each interface's config.
			my $zone = $1;
			$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { zone => $zone }});
			if ((exists $anvil->data->{sys}{network}{interface}{$interface}{variable}{ZONE}) && ($anvil->data->{sys}{network}{interface}{$interface}{variable}{ZONE}))
			{
				$zone = $anvil->data->{sys}{network}{interface}{$interface}{variable}{ZONE};
				$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { zone => $zone }});
			}
			
			$anvil->data->{zones}{$zone}{interface}{$interface}{ip}     = $anvil->data->{sys}{network}{interface}{$interface}{ip};
			$anvil->data->{zones}{$zone}{interface}{$interface}{subnet} = $anvil->data->{sys}{network}{interface}{$interface}{subnet};
			$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { 
				"zones::${zone}::interface::${interface}::ip"     => $anvil->data->{zones}{$zone}{interface}{$interface}{ip},
				"zones::${zone}::interface::${interface}::subnet" => $anvil->data->{zones}{$zone}{interface}{$interface}{subnet},
			}});
			
			$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { 
				"sys::network::interface::${interface}::default_gateway" => $anvil->data->{sys}{network}{interface}{$interface}{default_gateway},
			}});
			if ($anvil->data->{sys}{network}{interface}{$interface}{default_gateway})
			{
				$internet_zone = $zone;
				$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { internet_zone => $internet_zone }});
			}
		}
	}
	
	# See what we've found...
	foreach my $zone (sort {$a cmp $b} keys %{$anvil->data->{zones}})
	{
		$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { zone => $zone }});
		foreach my $interface (sort {$a cmp $b} keys %{$anvil->data->{zones}{$zone}{interface}})
		{
			$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { interface => $interface }});
		}
	}
	
	# Get the list of existing zones.
	my $firewall = $anvil->System->check_firewall({debug => 2});
	print Dumper $firewall;
	
	# What am I?
	my $type = $anvil->System->get_host_type();
	$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { type => $type }});
	
	return(0);
}