added the new option 'ipv6_disabled' (default: no) to disable IPv6 monitoring

2015-08-03 11:22:21 +02:00 · 2015-08-03 11:22:21 +02:00 · 065f09588f
parent 517e3bd5d3
commit 065f09588f
3 changed files with 69 additions and 54 deletions
--- a/1
+++ b/1
@ -27,6 +27,7 @@
 - Added support of Basic Authentication to Wowza graph. [#100]
 - Added alert capabilities to Apache graph based on the remaining free slots.
 	(suggested by Marco Reale, mlist AT libero.it)
 - Added the new option 'ipv6_disabled' (default: no) to disable IPv6 monitoring.
 - Fixed the text color in the bottom URL of the Bind graph.
 - Fixed the text color in the bottom URL of the Icecast Streaming Server graph.
 - Fixed a problem with multiple 'ApplicationInstance' tags in Wowza Server
--- a/lib/Monitorix.pm
+++ b/lib/Monitorix.pm
@ -358,41 +358,43 @@ sub flush_accounting_rules {
 			}
 			# IPv6
-			undef(@names);
+			if(lc($config->{ipv6_disabled}) ne "y") {
-			if(open(IN, "$cmd6 -t $table -nxvL INPUT --line-numbers |")) {
+				undef(@names);
-				my @rules;
+				if(open(IN, "$cmd6 -t $table -nxvL INPUT --line-numbers |")) {
-				while(<IN>) {
+					my @rules;
-					my ($rule, undef, undef, $name) = split(' ', $_);
+					while(<IN>) {
-					if($name =~ /monitorix_IN/ || /monitorix_OUT/ || /monitorix_nginx_IN/) {
+						my ($rule, undef, undef, $name) = split(' ', $_);
-						push(@rules, $rule);
+						if($name =~ /monitorix_IN/ || /monitorix_OUT/ || /monitorix_nginx_IN/) {
-						push(@names, $name);
+							push(@rules, $rule);
 							push(@names, $name);
 						}
 					}
 					close(IN);
 					@rules = reverse(@rules);
 					foreach(@rules) {
 						system("$cmd6 -t $table -D INPUT $_");
 						$num6++;
 					}
 				}
-				close(IN);
+				if(open(IN, "$cmd6 -t $table -nxvL OUTPUT --line-numbers |")) {
-				@rules = reverse(@rules);
+					my @rules;
-				foreach(@rules) {
+					while(<IN>) {
-					system("$cmd6 -t $table -D INPUT $_");
+						my ($rule, undef, undef, $name) = split(' ', $_);
-					$num6++;
+						if($name =~ /monitorix_IN/ || /monitorix_OUT/ || /monitorix_nginx_IN/) {
-				}
+							push(@rules, $rule);
-			}
+						}
-			if(open(IN, "$cmd6 -t $table -nxvL OUTPUT --line-numbers |")) {
+					}
-				my @rules;
+					close(IN);
-				while(<IN>) {
+					@rules = reverse(@rules);
-					my ($rule, undef, undef, $name) = split(' ', $_);
+					foreach(@rules) {
-					if($name =~ /monitorix_IN/ || /monitorix_OUT/ || /monitorix_nginx_IN/) {
+						system("$cmd6 -t $table -D OUTPUT $_");
-						push(@rules, $rule);
+						$num6++;
 					}
 				}
-				close(IN);
+				foreach(@names) {
-				@rules = reverse(@rules);
+					system("$cmd6 -t $table -X $_");
 				foreach(@rules) {
 					system("$cmd6 -t $table -D OUTPUT $_");
 					$num6++;
 				}
 			}
 			foreach(@names) {
 				system("$cmd6 -t $table -X $_");
 			}
 		}
 		if(open(IN, "$cmd -t $table -nxvL FORWARD --line-numbers |")) {
 			my @rules;
@ -415,29 +417,33 @@ sub flush_accounting_rules {
 				system("$cmd -t $table -X $_");
 			}
 		}
-		if(open(IN, "$cmd6 -t $table -nxvL FORWARD --line-numbers |")) {
+		if(lc($config->{ipv6_disabled}) ne "y") {
-			my @rules;
+			if(open(IN, "$cmd6 -t $table -nxvL FORWARD --line-numbers |")) {
-			my @names;
+				my @rules;
-			while(<IN>) {
+				my @names;
-				my ($rule, undef, undef, $name) = split(' ', $_);
+				while(<IN>) {
-				if($name =~ /monitorix_daily_/ || /monitorix_total_/) {
+					my ($rule, undef, undef, $name) = split(' ', $_);
-					push(@rules, $rule);
+					if($name =~ /monitorix_daily_/ || /monitorix_total_/) {
-					push(@names, $name);
+						push(@rules, $rule);
 						push(@names, $name);
 					}
 				}
 				close(IN);
 				@rules = reverse(@rules);
 				foreach(@rules) {
 					system("$cmd6 -t $table -D FORWARD $_");
 					$num6++;
 				}
 				foreach(@names) {
 					system("$cmd6 -t $table -F $_");
 					system("$cmd6 -t $table -X $_");
 				}
 			}
 			close(IN);
 			@rules = reverse(@rules);
 			foreach(@rules) {
 				system("$cmd6 -t $table -D FORWARD $_");
 				$num6++;
 			}
 			foreach(@names) {
 				system("$cmd6 -t $table -F $_");
 				system("$cmd6 -t $table -X $_");
 			}
 		}
 		logger("$num iptables rules have been flushed.") if $debug;
-		logger("$num6 ip6tables rules have been flushed.") if $debug;
+		if(lc($config->{ipv6_disabled}) ne "y") {
 			logger("$num6 ip6tables rules have been flushed.") if $debug;
 		}
 	}
 	if(grep {$_ eq $config->{os}} ("FreeBSD", "OpenBSD", "NetBSD")) {
 		logger("Flushing out ipfw rules.") if $debug;
--- a/lib/port.pm
+++ b/lib/port.pm
@ -147,6 +147,10 @@ sub port_init {
 				}
 				$cmd = "iptables" . $config->{iptables_wait_lock};
 				if(grep {$_ eq $p} ("tcp6", "udp6")) {
 					if(lc($config->{ipv6_disabled}) ne "y") {
 						logger("$myself: IPv6 is explicitly disabled, you shouldn't want to monitor 'tcp6' or 'udp6' protocols.");
 						next;
 					}
 					$cmd = "ip6tables" . $config->{iptables_wait_lock};
 					$p =~ s/6//;
 				}
@ -215,9 +219,11 @@ sub port_update {
 		open(IN, "$cmd -t $table -nxvL INPUT 2>/dev/null |");
 		@data = <IN>;
 		close(IN);
-		open(IN, "$cmd6 -t $table -nxvL INPUT 2>/dev/null |");
+		if(lc($config->{ipv6_disabled}) ne "y") {
-		push(@data, <IN>);
+			open(IN, "$cmd6 -t $table -nxvL INPUT 2>/dev/null |");
-		close(IN);
+			push(@data, <IN>);
 			close(IN);
 		}
 		for($l = 0; $l < scalar(@data); $l++) {
 			for($n = 0; $n < $port->{max}; $n++) {
 				$i_in[$n] = 0 unless $i_in[$n];
@ -243,9 +249,11 @@ sub port_update {
 		open(IN, "$cmd -t $table -nxvL OUTPUT 2>/dev/null |");
 		@data = <IN>;
 		close(IN);
-		open(IN, "$cmd6 -t $table -nxvL OUTPUT 2>/dev/null |");
+		if(lc($config->{ipv6_disabled}) ne "y") {
-		push(@data, <IN>);
+			open(IN, "$cmd6 -t $table -nxvL OUTPUT 2>/dev/null |");
-		close(IN);
+			push(@data, <IN>);
 			close(IN);
 		}
 		for($l = 0; $l < scalar(@data); $l++) {
 			for($n = 0; $n < $port->{max}; $n++) {
 				$o_out[$n] = 0 unless $o_out[$n];