diff options
| author | cy <cy@FreeBSD.org> | 2013-07-19 05:41:57 +0000 |
|---|---|---|
| committer | cy <cy@FreeBSD.org> | 2013-07-19 05:41:57 +0000 |
| commit | 672af8808c0e7c15f330b401482f9271c2eb3fa6 (patch) | |
| tree | 225b5acf68c01bc6a260b386c2b2dbf4fa2839e3 /contrib/ipfilter/perl/ipfmeta.pl | |
| parent | 71e82d94e82560b20789833f60056506de34de8b (diff) | |
| download | FreeBSD-src-672af8808c0e7c15f330b401482f9271c2eb3fa6.zip FreeBSD-src-672af8808c0e7c15f330b401482f9271c2eb3fa6.tar.gz | |
As per the developers handbook (5.3.1 step 1), prepare the vendor trees for
import of new ipfilter vendor sources by flattening them.
To keep the tags consistent with dist, the tags are also flattened.
Approved by: glebius (Mentor)
Diffstat (limited to 'contrib/ipfilter/perl/ipfmeta.pl')
| -rw-r--r-- | contrib/ipfilter/perl/ipfmeta.pl | 210 |
1 files changed, 0 insertions, 210 deletions
diff --git a/contrib/ipfilter/perl/ipfmeta.pl b/contrib/ipfilter/perl/ipfmeta.pl deleted file mode 100644 index 1a7bb3f..0000000 --- a/contrib/ipfilter/perl/ipfmeta.pl +++ /dev/null @@ -1,210 +0,0 @@ -#!/usr/bin/perl -w -# -# Written by Camiel Dobbelaar <cd@sentia.nl>, Aug-2000 -# ipfmeta is in the Public Domain. -# - -use strict; -use Getopt::Std; - -## PROCESS COMMANDLINE -our($opt_v); $opt_v=1; -getopts('v:') || die "usage: ipfmeta [-v verboselevel] [objfile]\n"; -my $verbose = $opt_v + 0; -my $objfile = shift || "ipf.objs"; -my $MAXRECURSION = 10; - -## READ OBJECTS -open(FH, "$objfile") || die "cannot open $objfile: $!\n"; -my @tokens; -while (<FH>) { - chomp; - s/#.*$//; # remove comments - s/^\s+//; # compress whitespace - s/\s+$//; - next if m/^$/; # skip empty lines - push (@tokens, split); -} -close(FH) || die "cannot close $objfile: $!\n"; -# link objects with their values -my $obj=""; -my %objs; -while (@tokens) { - my $token = shift(@tokens); - if ($token =~ m/^\[([^]]*)\]$/) { - # new object - $obj = $1; - } else { - # new value - push(@{$objs{$obj}}, $token) unless ($obj eq ""); - } -} - -# sort objects: longest first -my @objs = sort { length($b) <=> length($a) } keys %objs; - -## SUBSTITUTE OBJECTS WITH THEIR VALUES FROM STDIN -foreach (<STDIN>) { - foreach (expand($_, 0)) { - print; - } -} - -## END - -sub expand { - my $line = shift; - my $level = shift; - my @retlines = $line; - my $obj; - my $val; - - # coarse protection - if ($level > $MAXRECURSION) { - print STDERR "ERR: recursion exceeds $MAXRECURSION levels\n"; - return; - } - - foreach $obj (@objs) { - if ($line =~ m/$obj/) { - @retlines = ""; - if ($level < $verbose) { - # add metarule as a comment - push(@retlines, "# ".$line); - } - foreach $val (@{$objs{$obj}}) { - my $newline = $line; - $newline =~ s/$obj/$val/; - push(@retlines, expand($newline, $level+1)); - } - last; - } - } - - return @retlines; -} - -__END__ - -=head1 NAME - -B<ipfmeta> - use objects in IP filter files - -=head1 SYNOPSIS - -B<ipfmeta> [F<options>] [F<objfile>] - -=head1 DESCRIPTION - -B<ipfmeta> is used to simplify the maintenance of your IP filter -ruleset. It does this through the use of 'objects'. A matching -object gets replaced by its values at runtime. This is similar to -what a macro processor like m4 does. - -B<ipfmeta> is specifically geared towards IP filter. It is line -oriented, if an object has multiple values, the line with the object -is duplicated and substituted for each value. It is also recursive, -an object may have another object as a value. - -Rules to be processed are read from stdin, output goes to stdout. - -The verbose option allows for the inclusion of the metarules in the -output as comments. - -Definition of the objects and their values is done in a separate -file, the filename defaults to F<ipf.objs>. An object is delimited -by square brackets. A value is delimited by whitespace. Comments -start with '#' and end with a newline. Empty lines and extraneous -whitespace are allowed. A value belongs to the first object that -precedes it. - -It is recommended that you use all caps or another distinguishing -feature for object names. You can use B<ipfmeta> for NAT rules also, -for instance to keep them in sync with filter rules. Combine -B<ipfmeta> with a Makefile to save typing. - -=head1 OPTIONS - -=over 4 - -=item B<-v> I<verboselevel> - -Include metarules in output as comments. Default is 1, the top level -metarules. Higher levels cause expanded metarules to be included. -Level 0 does not add comments at all. - -=back - -=head1 BUGS - -A value can not have whitespace in it. - -=head1 EXAMPLE - -(this does not look good, formatted) - -I<ipf.objs> - -[PRIVATE] 10.0.0.0/8 127.0.0.0/8 172.16.0.0/12 192.168.0.0/16 - -[MULTICAST] 224.0.0.0/4 - -[UNWANTED] PRIVATE MULTICAST - -[NOC] xxx.yy.zz.1/32 xxx.yy.zz.2/32 - -[WEBSERVERS] 192.168.1.1/32 192.168.1.2/32 - -[MGMT-PORTS] 22 23 - -I<ipf.metarules> - -block in from UNWANTED to any - -pass in from NOC to WEBSERVERS port = MGMT-PORTS - -pass out all - -I<Run> - -ipfmeta ipf.objs <ipf.metarules >ipf.rules - -I<Output> - -# block in from UNWANTED to any - -block in from 10.0.0.0/8 to any - -block in from 127.0.0.0/8 to any - -block in from 172.16.0.0/12 to any - -block in from 192.168.0.0/16 to any - -block in from 224.0.0.0/4 to any - -# pass in from NOC to WEBSERVERS port = MGMT-PORTS - -pass in from xxx.yy.zz.1/32 to 192.168.1.1/32 port = 22 - -pass in from xxx.yy.zz.1/32 to 192.168.1.1/32 port = 23 - -pass in from xxx.yy.zz.1/32 to 192.168.1.2/32 port = 22 - -pass in from xxx.yy.zz.1/32 to 192.168.1.2/32 port = 23 - -pass in from xxx.yy.zz.2/32 to 192.168.1.1/32 port = 22 - -pass in from xxx.yy.zz.2/32 to 192.168.1.1/32 port = 23 - -pass in from xxx.yy.zz.2/32 to 192.168.1.2/32 port = 22 - -pass in from xxx.yy.zz.2/32 to 192.168.1.2/32 port = 23 - -pass out all - -=head1 AUTHOR - -Camiel Dobbelaar <cd@sentia.nl>. B<ipfmeta> is in the Public Domain. - -=cut |
