NAME

Net::Firewall::BlockerHelper::backends::ipfw - IPFW backend for Net::Firewall::BlockerHelper.

VERSION

Version 0.0.1

SYNOPSIS

use Net::Firewall::BlockerHelper::backends::ipfw;

my $backend1;
my $backend2;
eval {
    $backend1 = Net::Firewall::BlockerHelper::backends::ipfw->new(
            backend => 'ipfw',
            name => 'all',
            options=>{ rule=>150, kill=>1 },
        );
    $backend2 = Net::Firewall::BlockerHelper::backends::ipfw->new(
            backend => 'ipfw',
            ports => ['143'],
            protocols => ['tcp'],
            name => 'imap',
            options=>{ rule=>151 },
        );
};
if ($@) {
    print 'Error: '
        . $Error::Helper::error
        . "\nError String: "
        . $Error::Helper::errorString
        . "\nError Flag: "
        . $Error::Helper::errorFlag . "\n";
}

print `ipfw list`

$backend1->init;
$backend2->init;

print `ipfw list`

$backend1->ban(ban=>'1.2.3.4');
$backend1->ban(ban=>'4.3.2.1');
$backend2->ban(ban=>'4.3.2.1');

use Data::Dumper;
print Dumper($backend1->list);
print Dumper($backend2->list);

$backend1->unban(ban=>'4.3.2.1');

use Data::Dumper;
print Dumper($backend1->list);
print Dumper($backend2->list);

$backend1->teardown;

print `ipfw list`

$backend2->teardown;

print `ipfw list`

METHODS

new

Initiates the the object.

- options :: Backend specific options that will be passed to the backend unchecked
        outside of making sure it is a hash ref if defined. See below for furhter info.
    - Default :: {}

- ports :: A array of ports to block. Checked to make sure they are positive ints or a valid
        service name via getservbyname. All ports will be blocked if non are specified. If
        duplicates are removed.
    - Default :: []

- protocols :: A array of protocols to block. By default will block all. This
        is checked against /etc/protocols via the function getprotobyname. Duplicates
        will be discarded.
    - Default :: ['ip']

- prefix :: Prefix to use. Must match the regex /^[a-zA-Z0-9]+$/
    - default :: kur

- name :: Name of this specific instance. This must be specified.
    - default :: undef

The options hash accepts the following.

- rule :: The rule name to use for the IPFW rule. This should not
        re-used or it will result in the other rules being removed
        when init is called.
    - Default :: 150

- type :: The drop method to use. Should either be 'deny',
        'unreach', or 'unreach6'. See ipfw(8) for more info.
    - Default :: deny

- unreach :: The if using unreach, the unreach type to use.
        See ipfw(8) for more info.
    - Default :: port

- unreach6 :: The if using unreach, the unreach type to use.
        See ipfw(8) for more info.
    - Default :: port

- kill :: Use tcpdrop to kill TCP connections for that IP.
    - Default :: 0

All errors are considered fatal, meaning if new fails it will die.

my $backend;
eval {
    $backend = Net::Firewall::BlockerHelper::backends::ipfw->new(
            backend => 'ipfw',
            ports => ['22'],
            protocols => ['tcp'],
            name => 'ssh',
        );
};
if ($@) {
    print 'Error: '
        . $Error::Helper::error
        . "\nError String: "
        . $Error::Helper::errorString
        . "\nError Flag: "
        . $Error::Helper::errorFlag . "\n";
}

init

Initiates the backend. This will attempt to drop the rule number and table prior to re-adding them.

No arguments are taken.

May called a second time, it will error.

$backend->init;

ban

Bans the IP.

$backend->ban(ban => $ip);

unban

Unbans the an IP.

$backend->ban(ban => $ip);

list

List banned IPs.

my @banned = $backend->list;

re_init

Tells the backend to re-init it's self.

This will call teardown and init again. After that it will re-added all previously added bans.

$backend->re_init;

teardown

Tears down the setup for the backend.

This will delete the table as well as the firewall rule.

If called prior to calling init, this will error. It won't check if it has been inited or not.

$backend->teardown;

ERROR CODES / FLAGS

Error handling is provided by Error::Helper. All errors are considered fatal.

1, notInited

Backend has not been initted yet.

2, invalidPortSpecified

Port is either not a positive int or a name that can be resolved by getservbyname.

3, portsNotArray

The data passed to new for ports is not an array.

4, protocolsNotArray

The data passed to new for protocols is not an array.

5, invalidPortSpecified

Port is either not a positive int or a name that can be resolved by getservbyname.

6, invalidPrefixSpecified

The specified prefix did not match /^[a-zA-Z0-9]+$/.

7, invalidName

The name is either undef or does not match /^[a-zA-Z0-9\-]+$/.

8, optionsNotHash

The item passed to new for options is not a hash.

9, noBanItem

No IP specified to ban.

10, banItemNotIP

The item to ban is not an IP. Either wrong ref type or regexp test using Regexp::IPv4 and Regexp::IPv6 failed.

11, invalidBackend

The specified backend failed to pass a basic sanity check of making sure it matches the regexp /^[a-zA-Z0-9\_]+$/.

12, backendInitError

Failed to init the backend.

13, banFailed

Failed to ban the item.

14, unbanFailed

Failed to unban the item.

15, listFailed

Failed get a list of bans.

16, reInitFailed

Failed to re_init the backend.

17, teardownFailed

Failed to teardown the backend.

18, alreadyInited

Backend has already been initiated.

19, ruleInvalid

The specified rule is not a int or 1 or less.

20, typeInvalid

The value for type is not valid.

21, unreachInvalid

The value for the uncreach option is invalid. Should be of a value unstood by unreach for ipfw(8).

22, unreach6Invalid

The value for the uncreach6 option is invalid. Should be of a value unstood by unreach6 for ipfw(8).

23, initFailed

One of the required commands for init failed.

AUTHOR

Zane C. Bowers-Hadley, <vvelox at vvelox.ent>

BUGS

Please report any bugs or feature requests to bug-net-firewall-blockerhelper at rt.cpan.org, or through the web interface at https://rt.cpan.org/NoAuth/ReportBug.html?Queue=Net-Firewall-BlockerHelper. I will be notified, and then you'll automatically be notified of progress on your bug as I make changes.

SUPPORT

You can find documentation for this module with the perldoc command.

perldoc Net::Firewall::BlockerHelper

You can also look for information at:

RT: CPAN's request tracker (report bugs here)

https://rt.cpan.org/NoAuth/Bugs.html?Dist=Net-Firewall-BlockerHelper
Search CPAN

https://metacpan.org/release/Net-Firewall-BlockerHelper

ACKNOWLEDGEMENTS

LICENSE AND COPYRIGHT

This is free software, licensed under:

The GNU Lesser General Public License, Version 2.1, February 1999

To install Net::Firewall::BlockerHelper, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Net::Firewall::BlockerHelper

CPAN shell

perl -MCPAN -e shell
install Net::Firewall::BlockerHelper

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)