NAME
Net::Firewall::BlockerHelper::backends::pf - pf backend for Net::Firewall::BlockerHelper.
VERSION
Version 0.0.1
SYNOPSIS
use Net::Firewall::BlockerHelper::backends::pf;
my $backend1;
my $backend2;
eval {
$backend1 = Net::Firewall::BlockerHelper::backends::pf->new(
backend => 'ipfw',
name => 'all',
options=>{ kill=>1 },
);
$backend2 = Net::Firewall::BlockerHelper::backends::pf->new(
backend => 'ipfw',
ports => ['143'],
protocols => ['tcp'],
name => 'imap',
options=>{ kill=>0 },
);
};
if ($@) {
print 'Error: '
. $Error::Helper::error
. "\nError String: "
. $Error::Helper::errorString
. "\nError Flag: "
. $Error::Helper::errorFlag . "\n";
}
print `ipfw list`
$backend1->init;
$backend2->init;
print `ipfw list`
$backend1->ban(ban=>'1.2.3.4');
$backend1->ban(ban=>'4.3.2.1');
$backend2->ban(ban=>'4.3.2.1');
use Data::Dumper;
print Dumper($backend1->list);
print Dumper($backend2->list);
$backend1->unban(ban=>'4.3.2.1');
use Data::Dumper;
print Dumper($backend1->list);
print Dumper($backend2->list);
$backend1->teardown;
print `ipfw list`
$backend2->teardown;
print `ipfw list`METHODS
new
Initiates the the object.
- options :: Backend specific options that will be passed to the backend unchecked
outside of making sure it is a hash ref if defined. See below for furhter info.
- Default :: {}
- ports :: A array of ports to block. Checked to make sure they are positive ints or a valid
service name via getservbyname. All ports will be blocked if non are specified. If
duplicates are removed.
- Default :: []
- protocols :: A array of protocols to block. By default will block all. This
is checked against /etc/protocols via the function getprotobyname. Duplicates
will be discarded.
- Default :: []
- prefix :: Prefix to use. Must match the regex /^[a-zA-Z0-9]+$/
- default :: kur
- name :: Name of this specific instance. This must be specified.
- default :: undefThe options hash accepts the following.
- kill :: If it should kill connections to the banned IP or not.
- Default :: 0All errors are considered fatal, meaning if new fails it will die.
my $backend;
eval {
$backend = Net::Firewall::BlockerHelper::backends::pf->new(
backend => 'ipfw',
ports => ['22'],
protocols => ['tcp'],
name => 'ssh',
);
};
if ($@) {
print 'Error: '
. $Error::Helper::error
. "\nError String: "
. $Error::Helper::errorString
. "\nError Flag: "
. $Error::Helper::errorFlag . "\n";
}init
Initiates the backend. This will attempt to drop the rule number and table prior to re-adding them.
No arguments are taken.
May called a second time, it will error.
$backend->init;ban
Bans the IP.
$backend->ban(ban => $ip);unban
Unbans the an IP.
$backend->ban(ban => $ip);list
List banned IPs.
my @banned = $backend->list;re_init
Tells the backend to re-init it's self.
This will call teardown and init again. After that it will re-added all previously added bans.
Will error if already inited.
$backend->re_init;teardown
Tears down the setup for the backend.
This will delete the table as well as the firewall rule.
If called prior to calling init, this will error. It won't check if it has been inited or not.
$backend->teardown;ERROR CODES / FLAGS
Error handling is provided by Error::Helper. All errors are considered fatal.
1, notInited
Backend has not been initted yet.
2, invalidPortSpecified
Port is either not a positive int or a name that can be resolved by getservbyname.
3, portsNotArray
The data passed to new for ports is not an array.
4, protocolsNotArray
The data passed to new for protocols is not an array.
5, invalidPortSpecified
Port is either not a positive int or a name that can be resolved by getservbyname.
6, invalidPrefixSpecified
The specified prefix did not match /^[a-zA-Z0-9]+$/.
7, invalidName
The name is either undef or does not match /^[a-zA-Z0-9\-]+$/.
8, optionsNotHash
The item passed to new for options is not a hash.
9, noBanItem
No IP specified to ban.
10, banItemNotIP
The item to ban is not an IP. Either wrong ref type or regexp test using Regexp::IPv4 and Regexp::IPv6 failed.
11, invalidBackend
The specified backend failed to pass a basic sanity check of making sure it matches the regexp /^[a-zA-Z0-9\_]+$/.
12, backendInitError
Failed to init the backend.
13, banFailed
Failed to ban the item.
14, unbanFailed
Failed to unban the item.
15, listFailed
Failed get a list of bans.
16, reInitFailed
Failed to re_init the backend.
17, teardownFailed
Failed to teardown the backend.
18, alreadyInited
Backend has already been initiated.
23, initFailed
One of the required commands for init failed.
AUTHOR
Zane C. Bowers-Hadley, <vvelox at vvelox.ent>
BUGS
Please report any bugs or feature requests to bug-net-firewall-blockerhelper at rt.cpan.org, or through the web interface at https://rt.cpan.org/NoAuth/ReportBug.html?Queue=Net-Firewall-BlockerHelper. I will be notified, and then you'll automatically be notified of progress on your bug as I make changes.
SUPPORT
You can find documentation for this module with the perldoc command.
perldoc Net::Firewall::BlockerHelperYou can also look for information at:
RT: CPAN's request tracker (report bugs here)
https://rt.cpan.org/NoAuth/Bugs.html?Dist=Net-Firewall-BlockerHelper
Search CPAN
ACKNOWLEDGEMENTS
LICENSE AND COPYRIGHT
This software is Copyright (c) 2023 by Zane C. Bowers-Hadley.
This is free software, licensed under:
The GNU Lesser General Public License, Version 2.1, February 1999