📄 pptp.pm
字号:
## pptp.pm: Fwctl service module to handle the PPTP service.## This file is part of Fwctl.## Author: Francis J. Lacoste <francis.lacoste@iNsu.COM>## Copyright (c) 1999,2000 iNsu Innovations Inc.## This program is free software; you can redistribute it and/or modify# it under the terms of the GNU General Public License as published by# the Free Software Foundation; either version 2 of the License, or# (at your option) any later version.#package Fwctl::Services::pptp;use strict;use Fwctl::RuleSet qw(:tcp_rulesets :ip_rulesets :masq :ports);use IPChains;use Carp;sub new { my $proto = shift; my $class = ref $proto || $proto; bless {}, $class;}sub prototypes { my ($self,$target,$options) = @_; # Build prototype rule ( IPChains->new( Rule => $target, Prot => 'tcp', SourcePort => UNPRIVILEGED_PORTS, DestPort => 1723, %{$options->{ipchains}}, ), IPChains->new( Rule => $target, Prot => 47, # GRE %{$options->{ipchains}}, ), );}sub block_rules { my $self = shift; my ( $target, $src, $src_if, $dst, $dst_if, $options ) = @_; my ($control,$gre) = $self->prototypes( $target, $options ); block_tcp_ruleset( $control, $src, $src_if, $dst, $dst_if ); block_ip_ruleset( $gre, $src, $src_if, $dst, $dst_if ); block_ip_ruleset( $gre, $dst, $dst_if, $src, $src_if );}sub accept_rules { my $self = shift; my ( $target, $src, $src_if, $dst, $dst_if, $options ) = @_; my ($control, $gre ) = $self->prototypes( $target, $options ); my $masq = defined $options->{portfw} ? PORTFW : $options->{masq} ? MASQ : NOMASQ; accept_tcp_ruleset( $control, $src, $src_if, $dst, $dst_if, $masq, $options->{portfw} ); accept_ip_ruleset( $gre, $src, $src_if, $dst, $dst_if, $masq, $options->{portfw} ); if ( $masq & MASQ ) { $masq &= $masq ^ MASQ; $masq |= UNMASQ; } elsif ( $masq & PORTFW ) { $masq &= $masq ^ PORTFW; $masq |= UNPORTFW; } accept_ip_ruleset( $gre, $dst, $dst_if, $src, $src_if, $masq, $options->{portfw} ); if ($options->{masq} || $options->{portfw} ) { system ( "/sbin/modprobe", "ip_masq_pptp" ) == 0 or carp __PACKAGE__, ": couldn't load ip_masq_pptp: $?\n"; }}sub account_rules { my $self = shift; my ( $target, $src, $src_if, $dst, $dst_if, $options ) = @_; my ( $control, $gre ) = $self->prototypes( $target, $options ); my $masq = defined $options->{portfw} ? PORTFW : $options->{masq} ? MASQ : NOMASQ; acct_tcp_ruleset( $control, $src, $src_if, $dst, $dst_if, $masq, $options->{portfw} ); acct_ip_ruleset( $gre, $src, $src_if, $dst, $dst_if, $masq, $options->{portfw} ); if ( $masq & MASQ ) { $masq &= $masq ^ MASQ; $masq |= UNMASQ; } elsif ( $masq & PORTFW ) { $masq &= $masq ^ PORTFW; $masq |= UNPORTFW; } acct_ip_ruleset( $gre, $dst, $dst_if, $src, $src_if, $masq, $options->{portfw} );}sub valid_options { my $self = shift; ( );}1;=pod=head1 NAMEFwctl::Services::pptp - Fwctl module to handle the PPTP service.=head1 SYNOPSIS accept pptp -src INT_NET -dst REMOTE_PPTP --masq=head1 DESCRIPTIONThis module will implements the rules to accept/block/account the PPTPtunnelling protocol. In order to be able to masquerade that protocol, youwill need a kernel with the generic protocol masquerade patch applied.See ftp://ftp.rubyriver.com/pub/jhardin/masquerade/ for informations.If you want to generates rules for a server behind the firewall, you willhave to use the --portfw option and starts manually the ipfwd daemon.=head1 AUTHORFrancis J. Lacoste <francis.lacoste@iNsu.COM>=head1 COPYRIGHTCopyright (c) 1999,2000 iNsu Innovations Inc.All rights reserved.This program is free software; you can redistribute it and/or modifyit under the terms of the GNU General Public License as published bythe Free Software Foundation; either version 2 of the License, or(at your option) any later version.=head1 SEE ALSOfwctl(8) Fwctl(3) Fwctl::RuleSet(3)=cut⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -