mirrors
/
Monitorix
mirror of https://github.com/mikaku/Monitorix.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

add support for the new 'use_external_firewall' option in 'nginx.pm' #262

This commit is contained in:
Jordi Sanfeliu 2019-11-21 09:59:24 +01:00
parent fe05c32185
commit 691c35bee0
2 changed files with 19 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
lib/Monitorix.pm
View File

@ -334,16 +334,12 @@ sub flush_accounting_rules {
my @rules;
while(<IN>) {
my ($rule, undef, undef, $name) = split(' ', $_);
if(lc($config->{port}->{use_external_firewall} || "") eq "n") {
if($name =~ /monitorix_IN/ || /monitorix_OUT/) {
if(lc($config->{use_external_firewall} || "") eq "n") {
if($name =~ /monitorix_IN/ || /monitorix_OUT/ || /monitorix_nginx_IN/) {
push(@rules, $rule);
push(@names, $name);
}
}
if($name =~ /monitorix_nginx_IN/) {
push(@rules, $rule);
push(@names, $name);
}
}
close(IN);
@rules = reverse(@rules);
@ -356,14 +352,11 @@ sub flush_accounting_rules {
my @rules;
while(<IN>) {
my ($rule, undef, undef, $name) = split(' ', $_);
if(lc($config->{port}->{use_external_firewall} || "") eq "n") {
if($name =~ /monitorix_IN/ || /monitorix_OUT/) {
if(lc($config->{use_external_firewall} || "") eq "n") {
if($name =~ /monitorix_IN/ || /monitorix_OUT/ || /monitorix_nginx_IN/) {
push(@rules, $rule);
}
}
if($name =~ /monitorix_nginx_IN/) {
push(@rules, $rule);
}
}
close(IN);
@rules = reverse(@rules);
@ -383,16 +376,12 @@ sub flush_accounting_rules {
my @rules;
while(<IN>) {
my ($rule, undef, undef, $name) = split(' ', $_);
if(lc($config->{port}->{use_external_firewall} || "") eq "n") {
if($name =~ /monitorix_IN/ || /monitorix_OUT/) {
if(lc($config->{use_external_firewall} || "") eq "n") {
if($name =~ /monitorix_IN/ || /monitorix_OUT/ || /monitorix_nginx_IN/) {
push(@rules, $rule);
push(@names, $name);
}
}
if($name =~ /monitorix_nginx_IN/) {
push(@rules, $rule);
push(@names, $name);
}
}
close(IN);
@rules = reverse(@rules);
@ -405,14 +394,11 @@ sub flush_accounting_rules {
my @rules;
while(<IN>) {
my ($rule, undef, undef, $name) = split(' ', $_);
if(lc($config->{port}->{use_external_firewall} || "") eq "n") {
if($name =~ /monitorix_IN/ || /monitorix_OUT/) {
if(lc($config->{use_external_firewall} || "") eq "n") {
if($name =~ /monitorix_IN/ || /monitorix_OUT/ || /monitorix_nginx_IN/) {
push(@rules, $rule);
}
}
if($name =~ /monitorix_nginx_IN/) {
push(@rules, $rule);
}
}
close(IN);
@rules = reverse(@rules);

20
lib/nginx.pm
View File

@ -115,15 +115,17 @@ sub nginx_init {
return 0;
}
if($config->{os} eq "Linux") {
system("iptables -t $table -N monitorix_nginx_IN 2>/dev/null");
system("iptables -t $table -I INPUT -p tcp --sport 1024:65535 --dport $nginx->{port} -m conntrack --ctstate NEW,ESTABLISHED,RELATED -j monitorix_nginx_IN -c 0 0");
system("iptables -t $table -I OUTPUT -p tcp --sport $nginx->{port} --dport 1024:65535 -m conntrack --ctstate ESTABLISHED,RELATED -j monitorix_nginx_IN -c 0 0");
}
if(grep {$_ eq $config->{os}} ("FreeBSD", "OpenBSD", "NetBSD")) {
system("ipfw delete $nginx->{rule} 2>/dev/null");
system("ipfw -q add $nginx->{rule} count tcp from me $nginx->{port} to any");
system("ipfw -q add $nginx->{rule} count tcp from any to me $nginx->{port}");
if(lc($config->{use_external_firewall} || "") eq "n") {
if($config->{os} eq "Linux") {
system("iptables -t $table -N monitorix_nginx_IN 2>/dev/null");
system("iptables -t $table -I INPUT -p tcp --sport 1024:65535 --dport $nginx->{port} -m conntrack --ctstate NEW,ESTABLISHED,RELATED -j monitorix_nginx_IN -c 0 0");
system("iptables -t $table -I OUTPUT -p tcp --sport $nginx->{port} --dport 1024:65535 -m conntrack --ctstate ESTABLISHED,RELATED -j monitorix_nginx_IN -c 0 0");
}
if(grep {$_ eq $config->{os}} ("FreeBSD", "OpenBSD", "NetBSD")) {
system("ipfw delete $nginx->{rule} 2>/dev/null");
system("ipfw -q add $nginx->{rule} count tcp from me $nginx->{port} to any");
system("ipfw -q add $nginx->{rule} count tcp from any to me $nginx->{port}");
}
}
$config->{nginx_hist} = ();