From 065f09588fa1e3e0f612c88b2782ffa6be0d16b4 Mon Sep 17 00:00:00 2001 From: Jordi Sanfeliu Date: Mon, 3 Aug 2015 11:22:21 +0200 Subject: [PATCH] added the new option 'ipv6_disabled' (default: no) to disable IPv6 monitoring --- Changes | 1 + lib/Monitorix.pm | 102 +++++++++++++++++++++++++---------------------- lib/port.pm | 20 +++++++--- 3 files changed, 69 insertions(+), 54 deletions(-) diff --git a/Changes b/Changes index ebdcc4f..8cae4c8 100644 --- a/Changes +++ b/Changes @@ -27,6 +27,7 @@ - Added support of Basic Authentication to Wowza graph. [#100] - Added alert capabilities to Apache graph based on the remaining free slots. (suggested by Marco Reale, mlist AT libero.it) +- Added the new option 'ipv6_disabled' (default: no) to disable IPv6 monitoring. - Fixed the text color in the bottom URL of the Bind graph. - Fixed the text color in the bottom URL of the Icecast Streaming Server graph. - Fixed a problem with multiple 'ApplicationInstance' tags in Wowza Server diff --git a/lib/Monitorix.pm b/lib/Monitorix.pm index ba02b76..aa57c2f 100644 --- a/lib/Monitorix.pm +++ b/lib/Monitorix.pm @@ -358,41 +358,43 @@ sub flush_accounting_rules { } # IPv6 - undef(@names); - if(open(IN, "$cmd6 -t $table -nxvL INPUT --line-numbers |")) { - my @rules; - while() { - my ($rule, undef, undef, $name) = split(' ', $_); - if($name =~ /monitorix_IN/ || /monitorix_OUT/ || /monitorix_nginx_IN/) { - push(@rules, $rule); - push(@names, $name); + if(lc($config->{ipv6_disabled}) ne "y") { + undef(@names); + if(open(IN, "$cmd6 -t $table -nxvL INPUT --line-numbers |")) { + my @rules; + while() { + my ($rule, undef, undef, $name) = split(' ', $_); + if($name =~ /monitorix_IN/ || /monitorix_OUT/ || /monitorix_nginx_IN/) { + push(@rules, $rule); + push(@names, $name); + } + } + close(IN); + @rules = reverse(@rules); + foreach(@rules) { + system("$cmd6 -t $table -D INPUT $_"); + $num6++; } } - close(IN); - @rules = reverse(@rules); - foreach(@rules) { - system("$cmd6 -t $table -D INPUT $_"); - $num6++; - } - } - if(open(IN, "$cmd6 -t $table -nxvL OUTPUT --line-numbers |")) { - my @rules; - while() { - my ($rule, undef, undef, $name) = split(' ', $_); - if($name =~ /monitorix_IN/ || /monitorix_OUT/ || /monitorix_nginx_IN/) { - push(@rules, $rule); + if(open(IN, "$cmd6 -t $table -nxvL OUTPUT --line-numbers |")) { + my @rules; + while() { + my ($rule, undef, undef, $name) = split(' ', $_); + if($name =~ /monitorix_IN/ || /monitorix_OUT/ || /monitorix_nginx_IN/) { + push(@rules, $rule); + } + } + close(IN); + @rules = reverse(@rules); + foreach(@rules) { + system("$cmd6 -t $table -D OUTPUT $_"); + $num6++; } } - close(IN); - @rules = reverse(@rules); - foreach(@rules) { - system("$cmd6 -t $table -D OUTPUT $_"); - $num6++; + foreach(@names) { + system("$cmd6 -t $table -X $_"); } } - foreach(@names) { - system("$cmd6 -t $table -X $_"); - } } if(open(IN, "$cmd -t $table -nxvL FORWARD --line-numbers |")) { my @rules; @@ -415,29 +417,33 @@ sub flush_accounting_rules { system("$cmd -t $table -X $_"); } } - if(open(IN, "$cmd6 -t $table -nxvL FORWARD --line-numbers |")) { - my @rules; - my @names; - while() { - my ($rule, undef, undef, $name) = split(' ', $_); - if($name =~ /monitorix_daily_/ || /monitorix_total_/) { - push(@rules, $rule); - push(@names, $name); + if(lc($config->{ipv6_disabled}) ne "y") { + if(open(IN, "$cmd6 -t $table -nxvL FORWARD --line-numbers |")) { + my @rules; + my @names; + while() { + my ($rule, undef, undef, $name) = split(' ', $_); + if($name =~ /monitorix_daily_/ || /monitorix_total_/) { + push(@rules, $rule); + push(@names, $name); + } + } + close(IN); + @rules = reverse(@rules); + foreach(@rules) { + system("$cmd6 -t $table -D FORWARD $_"); + $num6++; + } + foreach(@names) { + system("$cmd6 -t $table -F $_"); + system("$cmd6 -t $table -X $_"); } - } - close(IN); - @rules = reverse(@rules); - foreach(@rules) { - system("$cmd6 -t $table -D FORWARD $_"); - $num6++; - } - foreach(@names) { - system("$cmd6 -t $table -F $_"); - system("$cmd6 -t $table -X $_"); } } logger("$num iptables rules have been flushed.") if $debug; - logger("$num6 ip6tables rules have been flushed.") if $debug; + if(lc($config->{ipv6_disabled}) ne "y") { + logger("$num6 ip6tables rules have been flushed.") if $debug; + } } if(grep {$_ eq $config->{os}} ("FreeBSD", "OpenBSD", "NetBSD")) { logger("Flushing out ipfw rules.") if $debug; diff --git a/lib/port.pm b/lib/port.pm index 279299d..134881e 100644 --- a/lib/port.pm +++ b/lib/port.pm @@ -147,6 +147,10 @@ sub port_init { } $cmd = "iptables" . $config->{iptables_wait_lock}; if(grep {$_ eq $p} ("tcp6", "udp6")) { + if(lc($config->{ipv6_disabled}) ne "y") { + logger("$myself: IPv6 is explicitly disabled, you shouldn't want to monitor 'tcp6' or 'udp6' protocols."); + next; + } $cmd = "ip6tables" . $config->{iptables_wait_lock}; $p =~ s/6//; } @@ -215,9 +219,11 @@ sub port_update { open(IN, "$cmd -t $table -nxvL INPUT 2>/dev/null |"); @data = ; close(IN); - open(IN, "$cmd6 -t $table -nxvL INPUT 2>/dev/null |"); - push(@data, ); - close(IN); + if(lc($config->{ipv6_disabled}) ne "y") { + open(IN, "$cmd6 -t $table -nxvL INPUT 2>/dev/null |"); + push(@data, ); + close(IN); + } for($l = 0; $l < scalar(@data); $l++) { for($n = 0; $n < $port->{max}; $n++) { $i_in[$n] = 0 unless $i_in[$n]; @@ -243,9 +249,11 @@ sub port_update { open(IN, "$cmd -t $table -nxvL OUTPUT 2>/dev/null |"); @data = ; close(IN); - open(IN, "$cmd6 -t $table -nxvL OUTPUT 2>/dev/null |"); - push(@data, ); - close(IN); + if(lc($config->{ipv6_disabled}) ne "y") { + open(IN, "$cmd6 -t $table -nxvL OUTPUT 2>/dev/null |"); + push(@data, ); + close(IN); + } for($l = 0; $l < scalar(@data); $l++) { for($n = 0; $n < $port->{max}; $n++) { $o_out[$n] = 0 unless $o_out[$n];