use Net::RawIP;
require './access_list.pl';
require './nets.pl';
-
-sub expand_range {
- my $range = shift;
-
- if ($range =~ /^(\d+)\.\.(\d+)$/) {
- return $1..$2;
- } else {
- return $range;
- }
-}
-
-sub match_ranges {
- my ($elem, $ranges) = @_;
-
- for my $range (@$ranges) {
- if ($range =~ /^(\d+)\.\.(\d+)$/) {
- return 1 if ($elem >= $1 && $elem <= $2);
- } else {
- return 1 if ($elem == $range);
- }
- }
-
- return 0;
-}
+require './mbd.pm';
sub fhbits {
my $bits = 0;
return $bits;
}
-# Find what ports we need to listen on
-my %port_hash = ();
-for my $e (@Config::access_list) {
- for my $r (@{$e->{'ports'}}) {
- for my $p (expand_range($r)) {
- $port_hash{$p} = 1;
- }
- }
-}
-my @ports = sort { $a <=> $b } keys %port_hash;
+open LOG, ">>", "mbd.log";
+
+my @ports = mbd::find_all_ports();
# Open a socket for each port
my @socks = ();
# Check against the ACL.
my $pass = 0;
for my $rule (@Config::access_list) {
- if (match_ranges($dport, $rule->{'ports'}) &&
- match_ranges($size, $rule->{'sizes'})) {
- $pass = 1;
+ next unless (mbd::match_ranges($dport, $rule->{'ports'}));
+ next unless (mbd::match_ranges($size, $rule->{'sizes'}));
+
+ if ($rule->{'filter'}) {
+ next unless ($rule->{'filter'}($data));
}
+
+ $pass = 1;
+ last;
}
+ print LOG "$dport $size $pass\n";
+
if (!$pass) {
print "$dport, $size bytes => filtered\n";
}