3.3. firewall

3.3.1. NAME

firewall - Guardian Digital WebTool module interface to Shorewall firewall.

3.3.2. SYNOPSIS

use firewall;
my $firewall   = new firewall;

3.3.3. DESCRIPTION

This Guardian Digital WebTool module provides an interface to manipulating the system firewall. This module allows you manage the general firewall configuration, parameters (host/network aliases), the blacklist, port forwarding, network interfaces and logical zones, policies, and, of course, firewall rules.

3.3.4. METHODS

is_installed()

This function is used to check shorewall is installed or not.

Example Usage:

if (!$firewall->is_installed()){
.....
}

blacklist_create($)

This function is used to create an entry in firewall blacklist (/etc/shorewall/blacklist). Hash reference with information containing address, protocol and ports is passed as argument.

Example Usage:

my $b = {
      'address'       => $address,
      'protocol'      => $protocol,
      'ports'         => $ports
};
$firewall->blacklist_create($b);

blacklist_delete($)

This function is used to delete a specified entry from firewall blacklist (/etc/shorewall/blacklist). Key is passed as an argument, which can be obtained by calling list_blacklist subroutine.

Example Usage:

my $blacklist = $firewall->list_blacklist();
foreach my $k (sort keys %{$blacklist}) {
  my $b    = $blacklist->{$k};
  $key     = $b->{'key'};
  $firewall->blacklist_delete($key);
}

get_blacklist_entry($)

This function is used to get a blacklist entry detail(address,ports,ports_type,protocol, protocol,protocol_type,key) by passing a key as argument, which can be obtained by calling list_blacklist subroutine. Hash reference is received in which above parameters are as keys and their respective values as hash values.

Example Usage:

my $blacklist = $firewall->list_blacklist();
foreach my $k (sort keys %{$blacklist}) {
  my $b    = $blacklist->{$k};
  $key     = $b->{'key'};
  $blacklist_entry = $firewall->get_blacklist_entry($key);
}

param_create($)

This function is used to create an entry in param configuration file /etc/shorewall/param (Hosts and Networks). It receives a hash reference as an argument containing values of name,zone and addresses.

Example Usage:

my $p = {
      'name'          => $name,
      'zone'          => $zone,
      'addresses'     => \@addresses,
};
$firewall->param_create($p);

param_delete($)

This function is used to delete a specified entry from /etc/shorewall/param. Key is passed as an argument, which can be obtained by calling list_params subroutine.

Example Usage:

my $param = $firewall->list_params();
foreach my $k (sort keys %{$param}) {
  my $b   = $param->{$k};
  $key    = $b->{'key'};
  $firewall->param_delete($key);
}

get_param_entry($)

This function is used to get a param entry detail(name,zone,key) as hash reference by passing a key as an argument, which can be obtained by calling list_params subroutine.

Example Usage:

my $param = $firewall->list_params();
foreach my $k (sort keys %{$param}) {
  my $b   = $param->{$k};
  $key    = $b->{'key'};
  $param_entry = $firewall->get_param_entry($key);
}

portfwd_create($)

This function is used to create a port forwarding rule(making entry in /etc/shorewall/ rules). It receives a hash reference as argument(see example).

Example Usage:

my $r = {
      'action'        => $in{'action'},
      'src'           => $in{'src'},
      'src_zone'      => $in{'src_zone'},
      'src_port'      => $in{'src_port'},
      'dst'           => $in{'dst_address'},
      'dst_zone'      => $in{'dst_zone'},
      'dst_port'      => $in{'dst_port'},
      'protocol'      => $in{'protocol'},
 };
$firewall->portfwd_create($r);

rule_create($)

This function is used to create a rule(ACCEPT/REJECT - making entry in /etc/shorewall/ rules). It receives a hash reference as argument(see example).

Example Usage:

my $r = {
      'action'        => $in{'action'},
      'src'           => $in{'src'},
      'dst'           => $in{'dst'},
      'protocol'      => $in{'protocol'},
      'dst_port'      => \@dst_port,
      'src_port'      => \@src_port,
};
$firewall->rule_create($r);

rule_delete($)

This function is used to delete a rule from /etc/shorewall/rules. It receives a key as an argument to delete a specified rule, which can be obtained by calling list_rules subroutine.

Example Usage:

my $rules = $firewall->list_rules();
foreach my $k (sort keys %{$rules}) {
  my $b   = $rules->{$k};
  $key    = $b->{'key'};
  $firewall->rule_delete($key);
}

get_rule_entry($)

This function is used to get a rule entry detail(action,source zone,protocol) by passing a key as an argument, which can be obtained by calling list_rules subroutine.

Example Usage:

my $rules = $firewall->list_rules();
foreach my $k (sort keys %{$rules}) {
  my $b   = $rules->{$k};
  $key    = $b->{'key'};
  $rule_entry = $firewall->get_rule_entry($key);
}

list_blacklist()

This function reads through the file /etc/shorewall/blacklist and makes a hash reference of hash, so that each address as key will contain address, protocol, ports, key, protocol type, ports type as its value. It returns hash reference as a result.

Example Usage:

my $blacklist = $self->list_blacklist();
foreach my $b (sort keys %{$blacklist}) {
  my $address         = $blacklist->{$b}->{'address'};
  my $protocol        = uc($blacklist->{$b}->{'protocol'});
  my $ports           = $blacklist->{$b}->{'ports'};
  my $key             = $blacklist->{$b}->{'key'};
  my $ports_type      = $blacklist->{$b}->{'ports_type'};
  my $protocol_type   = $blacklist->{$b}->{'protocol_type'};
}

list_interfaces()

This function basically reads through the shorewall interface configuration file (/etc/shorewall/interfaces) and returns hash reference as a result(see example for hash reference detail). Each interface as key will contain interface, broadcast, lineno, options as its value.

Example Usage:

my $interfaces = $self->list_interfaces();
foreach my $i (sort keys %{$interfaces}) {
  my $zone         = $interfaces->{$i}->{'zone'};
  my $interface    = uc($interfaces->{$i}->{'interface'});
  my $broadcast    = $interfaces->{$i}->{'broadcast'};
  my $lineno       = $interfaces->{$i}->{'lineno'};
  my $options1     = $interfaces->{$i}->{'options'}->{'options1'};
  my $options2     = $interfaces->{$i}->{'options'}->{'options2'};
  ...........
}

list_masq($)

This function basically reads through the shorewall masquerading configuration file (/etc/shorewall/masq) and makes a hash containing values like source interface, destination interface, enable/disable. It returns hash reference as a result(see example).

Example Usage:

my $masq = $self->list_masq();
$enable_status = $masq->{$dst_interface}->{$src_interface};

list_options($)

This function used to returns a hash reference of translations currently defined in WebTool. currently those are dhcp, norfc1918, blacklist, tcpflags, routeback.

Example Usage:

$options  = $firewall->list_options($page);
$dhcp_translated = $options->{'dhcp'};
$blacklist_translated = $options->{'blacklist'};

list_params()

This function basically reads through the shorewall param configuration file (/etc/shorewall/param) and it returns hash reference as a result. Each param as key will contain name, zone, addresses, key as its values. see example for detail.

Example Usage:

my $params    = $self->list_params();
foreach my $b (sort keys %{$params}) {
  my $name            = $params->{$b}->{'name'};
  my $zone            = $params->{$b}->{'zone'};
  my $addresses       = $page->str_truncate(join(',', @{$params->{$b}->{'addresses'}}), 30);
  my $key             = $params->{$b}->{'key'};
}

list_policy()

This function reads through the shorewall policy configuration file (/etc/shorewall/policy) and makes a hash containing values like source,destination, action. It returns hash reference as a result.

Example Usage:

my $policy  = $firewall->list_policy();
$action = $policy->{$dst}->{$src};

list_ports()

This function can be used to get a list of all ports in hash reference. In hash, Keys will have port names and value will be their description.

Example Usage:

my $ports  = $firewall->list_ports();

list_rules()

This function reads through the shorewall rule configuration file (/etc/shorewall/rules) and makes a hash containing values like action, source, destination,protocol,port etc. It returns hash reference as a result.

Example Usage:

my $rules  = $self->list_rules();
foreach my $r (@{$rules}) {
  my $action          = $r->{'action'};
  my $src             = $r->{'src'};
  my $src_zone        = $r->{'src_zone'};
  my $src_ports       = join(',', @{$r->{'src_ports'}});
  my $dst             = $r->{'dst'};
  my $dst_zone        = $r->{'dst_zone'};
  my $dst_ports       = join(',', @{$r->{'dst_ports'}});
  my $protocol        = uc($r->{'protocol'});
  my $key             = $r->{'key'};
  my $orig_dest       = $r->{'orig_dest'};
  my $sort            = $r->{'sort'};
  my $raw             = $r->{'raw'};
}

list_zones()

This function reads through the shorewall zones configuration file (/etc/shorewall/zones) and returns hash reference as a result. Each zone as key will contain zone, display, comment as its values. see example for detail.

Example Usage:

my $zones  = $self->list_zones();
foreach my $b (sort keys %{$zones}) {
  my $name            = $zones->{$b}->{'zone'};
  my $zone            = $zones->{$b}->{'display'};
  my $comment         = $zones->{$b}->{'comment'};
}

write_interfaces($)

This function receives a array reference of hash containing interface, zone and options. For every interface it makes comma separated list for options. Then it writes out all information in interfaces configuration file(/etc/shorewall/interfaces).

Example Usage:

push @interfaces, {
      'interface'     => $interface,
      'zone'          => $zone,
      'options'       => $options->{$interface},
}
$firewall->write_interfaces(\@interfaces);

write_masq($)

This function receives a array reference of hash containing masq information like destination interface and source interface. Then it writes out all information in masq configuration file(/etc/shorewall/masq).

Example Usage:

push @masq, {
              'src_interface' => $src_interface,
              'dst_interface' => $dst_interface,
}
$firewall->write_masq(\@masq);

write_policy($)

This function receives a array reference of hash containing source, destination and action. Depends on the action(ACCEPT/REJECT) in policy it writes out all information in policy configuration file (/etc/shorewall/policy).

Example Usage:

push @policy, {
      'src'           => $src,
      'dst'           => $dst,
      'action'        => $action
};
$firewall->write_policy(\@policy);

enable_shorewall()

This function can be used to enable shorewall firewall at start up. It edits shorewall configuration file(/etc/shorewall/shorewall.conf).

Example Usage:

$firewall->enable_shorewall();

3.3.5. AUTHORS

Ryan W. Maple <ryan@guardiandigital.com>

3.3.6. COPYRIGHT AND LICENSE

Copyright Guardian Digital, Inc., All Rights Reserved