-o fw2rrd -lrrd -O2
install: fw2rrd
- mkdir /usr/lib/FWcnt;true
- cp fw2rrd /usr/lib/FWcnt/
- cp init_FWcnt /usr/lib/FWcnt/
- cp clean_FWcnt /usr/lib/FWcnt/
- cp get_FWcnt /usr/lib/FWcnt/
- cp generate /usr/lib/FWcnt/
- cp FWcnt2rrd /usr/lib/FWcnt/
- mkdir /var/www/mrtg-rrd;true
- chown www-data /var/www/mrtg-rrd
- mkdir /var/lib/FWcnt;true
- mkdir /var/lib/FWcnt/etc;true
- mkdir /var/lib/FWcnt/FW_rrd_database;true
- mkdir /var/lib/FWcnt/run_conf;true
- touch /var/lib/FWcnt/etc/config
- chown Debian-ippl -R /var/lib/FWcnt/FW_rrd_database
- cp cron.d /etc/cron.d/FWcnt
- cat mrtg-rrd.wrapper.cgi >/usr/lib/cgi-bin/mrtg-rrd.wrapper.cgi
+ install -d $(DESTDIR)/usr/lib/FWcnt
+ install -m 755 fw2rrd $(DESTDIR)/usr/lib/FWcnt/fw2rrd
+ install -m 755 init_FWcnt $(DESTDIR)/usr/lib/FWcnt/init_FWcnt
+ install -m 755 clean_FWcnt $(DESTDIR)/usr/lib/FWcnt/clean_FWcnt
+ install -m 755 get_FWcnt $(DESTDIR)/usr/lib/FWcnt/get_FWcnt
+ install -m 755 generate $(DESTDIR)/usr/lib/FWcnt/generate
+ install -m 755 FWcnt2rrd $(DESTDIR)/usr/lib/FWcnt/FWcnt2rrd
+ install -m 755 install_FWcnt $(DESTDIR)/usr/lib/FWcnt/install_FWcnt
+ install -d $(DESTDIR)/var/www/mrtg-rrd
+ touch $(DESTDIR)/var/www/mrtg-rrd/.placeholder
+ install -d $(DESTDIR)/var/lib/FWcnt;true
+ install -d $(DESTDIR)/var/lib/FWcnt/etc
+ install -d $(DESTDIR)/var/lib/FWcnt/FW_rrd_database
+ touch $(DESTDIR)/var/lib/FWcnt/FW_rrd_database/.placeholder
+ install -d $(DESTDIR)/var/lib/FWcnt/run_conf
+ touch $(DESTDIR)/var/lib/FWcnt/run_conf/.placeholder
+ touch $(DESTDIR)/var/lib/FWcnt/etc/config
+ install -m 755 mrtg-rrd.wrapper.cgi $(DESTDIR)/usr/lib/cgi-bin/mrtg-rrd.wrapper.cgi
+ cp /dev/null $(DESTDIR)/etc/fwcnt.conf
+ #chown -R FWcnt $(DESTDIR)/var/lib/FWcnt/FW_rrd_database
+ #chown -R www-data $(DESTDIR)/var/www/mrtg-rrd
+ #cp cron.d $(DESTDIR)/etc/cron.d/FWcnt
-depends:
- dpkg -l gawk mrtg-rrd ippl mrtg iptables cron bash librrd2-dev
clean:
rm -f fw2rrd
+ rm -f *~
-Version 0.3pre1
----------------
-
Detailed measuring system for wide range of IPs
-----------------------------------------------
+"fast" install
+--------------
+for non debian users:
+create FWcnt user,
+uncommnent install rules
+ #chown -R FWcnt $(DESTDIR)/var/lib/FWcnt/FW_rrd_database
+ #chown -R www-data $(DESTDIR)/var/www/mrtg-rrd
+ #cp cron.d $(DESTDIR)/etc/cron.d/FWcnt
+
+(or change what needed)
+
+run "make install"
+
+
+Debian users:
+-------------
+use "debuild" and create .deb package .. or get binary .deb package
+
+
"fast" setup
------------
+Debian users: all this is in postinst script, sample working config is
+created automaticaly.
+If You customize /etc/fwcnt.conf then run
+/usr/lib/FWcnt/install_FWcnt
+show http://YOUR_WEB/cgi-bin/mrtg-rrd.wrapper.cgi
+
+non debian users:
1. copy this sample in /var/lib/FWcnt/etc/config (replace 192.168.0.0 with your
IP)
---------------- cut ----------------
cntNET 192.168.0.0
---------------- cut ----------------
-2. run /usr/lib/FWcnt/init_FWcnt
+2. run /usr/lib/FWcnt/install_FWcnt
3. run /usr/lib/FWcnt/generate
-4. show http://YOUR_WEB/cgi-bin/mrtg-rrd.wrapper.cgi
+4. insert FWcnt chain in FORWARD chain (and if needed INPUT and OUTPUT chain)
+ iptables -I FORWARD -j FWcnt
+
+5. show http://YOUR_WEB/cgi-bin/mrtg-rrd.wrapper.cgi
+
+"fast" config manual:
+---------------------
+One line per interface for "counting" interface statistics like this:
+cntLINK eth0
+
+one line per "C-class" net for counting all IP in this IP range:
+cntNET 192.168.0.0
+
+(last number not needed .. etc cntNET 192.168.0 work fine)
+
+one line per sub "C-class" range for personalized view:
+mrtgNET 192.168.42.128 25
+
+create one page with 128 IPs from 192.168.42.128 to 192.168.42.255
+default is 16 sub "C-class"
+
+
+INTERNALS
+---------
Part 1:
*******
0-55/5 * * * * root if [ -x /usr/lib/FWcnt/get_FWcnt ]; then \
(env LANG=C /usr/lib/FWcnt/get_FWcnt |su --shell=/bin/bash \
-c '(cd /var/lib/FWcnt/FW_rrd_database/; \
- /usr/lib/FWcnt/fw2rrd' Debian-ippl);fi
+ /usr/lib/FWcnt/fw2rrd' someuser);fi
Counter name is derived vrom IP number.
+SPECIAL
+-------
+fetching data from RRD:
+summary for eth0 bytes:
+rrdtool fetch eth0-b.rrd AVERAGE -s $[`date +%s` - 86400 ] -e $[`date +%s` -
+300 ]|awk '{A+=$2;B+=$3}END{print A" "B}'
* get name for IP/net
-* iptables counter setting (start/stop) from /etc/network/intrfaces
+* iptables counter setting (start/stop) from /etc/network/interfaces
+ (or other method .. )
+
#!/bin/bash
-for i in `iptables -L FWcnt -n|awk '{if($0 ~ "^FWcnt"){if(NR>2)print $1}}';iptables -F FWcnt` ;do
- for j in `iptables -L ${i} -n |awk '{if($0 ~ "^FWcnt"){if(NR>2)print $1}}';iptables -F ${i}` ;do
- iptables -F ${j}
- iptables -X ${j}
- done
- iptables -X ${i}
-done
+iptables-save |gawk 'BEGIN{
+ while(getline <"/var/lib/FWcnt/etc/config"){
+ if($1 ~ "^cntNET") {
+ split($2,IP,".")
+ Nd=sprintf("%d.%d.%d",IP[1],IP[2],IP[3])
+ Nx=sprintf("%02X%02X%02X",IP[1],IP[2],IP[3])
+ NETx[Nx]=Nd
+ NETd[Nd]=Nx
+ }
+ }
+}
+{
+ if($1 != "-A")next
+ if($2 != "FWcnt")next
+ i=1;
+ while(i<NR){
+ if($i=="-j")
+ split($(i+1),NN,"_")
+ i++
+ }
+ if(NN[2] in NETx){
+ #print "Net "NETx[NN[2]]
+ }
+ else{
+ print "Deleting "NN[1]"_"NN[2]"..."
+ C="iptables -D"
+ j=2
+ while(j<=NF){
+ C=C" "$j
+ j++
+ }
+ if(system(C))print C
+ close(C)
+ C=sprintf("iptables -F %s_%s",NN[1],NN[2])
+ if(system(C))print C
+ close(C)
+ C=sprintf("iptables -X %s_%s",NN[1],NN[2])
+ if(system(C))print C
+ close(C)
+ k=0
+ while(k<16){
+ C=sprintf("iptables -F %s_%s%X",NN[1],NN[2],k)
+ if(system(C))print C
+ close(C)
+ C=sprintf("iptables -X %s_%s%X",NN[1],NN[2],k)
+ if(system(C))print C
+ close(C)
+ k++
+ }
+ }
+}'
+if [ $# == 1 ]; then
+ if [ $1 == "force" ]; then
+ for i in `iptables-save |awk '{if($2 ~ "^FWcnt")print $2}'|sort -u`;do iptables -F $i ;done
+ iptables -D FORWARD -j FWcnt 2>/dev/null;true
+ iptables -D INPUT -j FWcnt 2>/dev/null;true
+ iptables -D OUTPUT -j FWcnt 2>/dev/null;true
+ for i in `iptables-save |awk '{if($1 ~ "^:FWcnt"){split($1,A,":");print A[2]}}'|sort -u`;do iptables -X $i ;done
+ fi
+fi
-0-55/5 * * * * root if [ -x /usr/lib/FWcnt/get_FWcnt ]; then (env LANG=C /usr/lib/FWcnt/get_FWcnt |su --shell=/bin/bash -c '(cd /var/lib/FWcnt/FW_rrd_database/;/usr/lib/FWcnt/FWcnt2rrd)' Debian-ippl);fi
+0-55/5 * * * * root if [ -x /usr/lib/FWcnt/get_FWcnt ]; then (env LANG=C /usr/lib/FWcnt/get_FWcnt |su --shell=/bin/bash -c '(cd /var/lib/FWcnt/FW_rrd_database/;/usr/lib/FWcnt/FWcnt2rrd)' FWcnt );fi
--- /dev/null
+The Debian Package fwcnt
+----------------------------
+
+Comments regarding the Package
+
+ -- Peter Popovec <popovec@fei.tuke.sk> Thu, 22 Feb 2007 14:34:16 +0100
--- /dev/null
+fwcnt (0.4) unstable; urgency=low
+
+ * Initial Release.
+
+ -- root <popovec@fei.tuke.sk> Thu, 22 Feb 2007 14:34:16 +0100
--- /dev/null
+/etc/fwcnt.conf
--- /dev/null
+Source: fwcnt
+Section: unknown
+Priority: extra
+Maintainer: root <popovec@fei.tuke.sk>
+Build-Depends: debhelper (>= 5),librrd2-dev
+Standards-Version: 3.7.2
+
+Package: fwcnt
+Architecture: any
+Depends: ${shlibs:Depends} ,gawk, mrtg-rrd, mrtg, iptables, cron, rrdtool
+Description: Firewall counter
+ Detailed measuring system for wide range of IPs based on firewall
+ rules (counters) and mrtg with rrd backend database.
--- /dev/null
+This is fwcnt, written and maintained by root <popovec@fei.tuke.sk>
+on Thu, 22 Feb 2007 14:34:16 +0100.
+
+The original source can always be found at:
+ ftp://ftp.debian.org/dists/unstable/main/source/
+
+Copyright Holder: root
+
+License:
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this package; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+
+On Debian systems, the complete text of the GNU General
+Public License can be found in `/usr/share/common-licenses/GPL'.
--- /dev/null
+../cron.d
\ No newline at end of file
--- /dev/null
+usr/lib/FWcnt
+var/lib/FWcnt
+var/lib/FWcnt/run_conf
+var/lib/FWcnt/FW_rrd_database
+var/www
+usr/lib/cgi-bin
+etc/
--- /dev/null
+README
+TODO
--- /dev/null
+#! /bin/sh -e
+# /usr/lib/emacsen-common/packages/install/fwcnt
+
+# Written by Jim Van Zandt <jrv@debian.org>, borrowing heavily
+# from the install scripts for gettext by Santiago Vila
+# <sanvila@ctv.es> and octave by Dirk Eddelbuettel <edd@debian.org>.
+
+FLAVOR=$1
+PACKAGE=fwcnt
+
+if [ ${FLAVOR} = emacs ]; then exit 0; fi
+
+echo install/${PACKAGE}: Handling install for emacsen flavor ${FLAVOR}
+
+#FLAVORTEST=`echo $FLAVOR | cut -c-6`
+#if [ ${FLAVORTEST} = xemacs ] ; then
+# SITEFLAG="-no-site-file"
+#else
+# SITEFLAG="--no-site-file"
+#fi
+FLAGS="${SITEFLAG} -q -batch -l path.el -f batch-byte-compile"
+
+ELDIR=/usr/share/emacs/site-lisp/${PACKAGE}
+ELCDIR=/usr/share/${FLAVOR}/site-lisp/${PACKAGE}
+
+# Install-info-altdir does not actually exist.
+# Maybe somebody will write it.
+if test -x /usr/sbin/install-info-altdir; then
+ echo install/${PACKAGE}: install Info links for ${FLAVOR}
+ install-info-altdir --quiet --section "" "" --dirname=${FLAVOR} /usr/info/${PACKAGE}.info.gz
+fi
+
+install -m 755 -d ${ELCDIR}
+cd ${ELDIR}
+FILES=`echo *.el`
+cp ${FILES} ${ELCDIR}
+cd ${ELCDIR}
+
+cat << EOF > path.el
+(setq load-path (cons "." load-path) byte-compile-warnings nil)
+EOF
+${FLAVOR} ${FLAGS} ${FILES}
+rm -f *.el path.el
+
+exit 0
--- /dev/null
+#!/bin/sh -e
+# /usr/lib/emacsen-common/packages/remove/fwcnt
+
+FLAVOR=$1
+PACKAGE=fwcnt
+
+if [ ${FLAVOR} != emacs ]; then
+ if test -x /usr/sbin/install-info-altdir; then
+ echo remove/${PACKAGE}: removing Info links for ${FLAVOR}
+ install-info-altdir --quiet --remove --dirname=${FLAVOR} /usr/info/fwcnt.info.gz
+ fi
+
+ echo remove/${PACKAGE}: purging byte-compiled files for ${FLAVOR}
+ rm -rf /usr/share/${FLAVOR}/site-lisp/${PACKAGE}
+fi
--- /dev/null
+;; -*-emacs-lisp-*-
+;;
+;; Emacs startup file, e.g. /etc/emacs/site-start.d/50fwcnt.el
+;; for the Debian fwcnt package
+;;
+;; Originally contributed by Nils Naumann <naumann@unileoben.ac.at>
+;; Modified by Dirk Eddelbuettel <edd@debian.org>
+;; Adapted for dh-make by Jim Van Zandt <jrv@debian.org>
+
+;; The fwcnt package follows the Debian/GNU Linux 'emacsen' policy and
+;; byte-compiles its elisp files for each 'emacs flavor' (emacs19,
+;; xemacs19, emacs20, xemacs20...). The compiled code is then
+;; installed in a subdirectory of the respective site-lisp directory.
+;; We have to add this to the load-path:
+(let ((package-dir (concat "/usr/share/"
+ (symbol-name flavor)
+ "/site-lisp/fwcnt")))
+;; If package-dir does not exist, the fwcnt package must have
+;; removed but not purged, and we should skip the setup.
+ (when (file-directory-p package-dir)
+ (setq load-path (cons package-dir load-path))
+ (autoload 'fwcnt-mode "fwcnt-mode"
+ "Major mode for editing fwcnt files." t)
+ (add-to-list 'auto-mode-alist '("\\.fwcnt$" . fwcnt-mode))))
+
--- /dev/null
+# Defaults for fwcnt initscript
+# sourced by /etc/init.d/fwcnt
+# installed at /etc/default/fwcnt by the maintainer scripts
+
+#
+# This is a POSIX shell fragment
+#
+
+# Additional options that are passed to the Daemon.
+DAEMON_OPTS=""
--- /dev/null
+Document: fwcnt
+Title: Debian fwcnt Manual
+Author: <insert document author here>
+Abstract: This manual describes what fwcnt is
+ and how it can be used to
+ manage online manuals on Debian systems.
+Section: unknown
+
+Format: debiandoc-sgml
+Files: /usr/share/doc/fwcnt/fwcnt.sgml.gz
+
+Format: postscript
+Files: /usr/share/doc/fwcnt/fwcnt.ps.gz
+
+Format: text
+Files: /usr/share/doc/fwcnt/fwcnt.text.gz
+
+Format: HTML
+Index: /usr/share/doc/fwcnt/html/index.html
+Files: /usr/share/doc/fwcnt/html/*.html
+
+
--- /dev/null
+#! /bin/sh
+#
+# skeleton example file to build /etc/init.d/ scripts.
+# This file should be used to construct scripts for /etc/init.d.
+#
+# Written by Miquel van Smoorenburg <miquels@cistron.nl>.
+# Modified for Debian
+# by Ian Murdock <imurdock@gnu.ai.mit.edu>.
+#
+# Version: @(#)skeleton 1.9 26-Feb-2001 miquels@cistron.nl
+#
+
+PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+DAEMON=/usr/sbin/fwcnt
+NAME=fwcnt
+DESC=fwcnt
+
+test -x $DAEMON || exit 0
+
+# Include fwcnt defaults if available
+if [ -f /etc/default/fwcnt ] ; then
+ . /etc/default/fwcnt
+fi
+
+set -e
+
+case "$1" in
+ start)
+ echo -n "Starting $DESC: "
+ start-stop-daemon --start --quiet --pidfile /var/run/$NAME.pid \
+ --exec $DAEMON -- $DAEMON_OPTS
+ echo "$NAME."
+ ;;
+ stop)
+ echo -n "Stopping $DESC: "
+ start-stop-daemon --stop --quiet --pidfile /var/run/$NAME.pid \
+ --exec $DAEMON
+ echo "$NAME."
+ ;;
+ #reload)
+ #
+ # If the daemon can reload its config files on the fly
+ # for example by sending it SIGHUP, do it here.
+ #
+ # If the daemon responds to changes in its config file
+ # directly anyway, make this a do-nothing entry.
+ #
+ # echo "Reloading $DESC configuration files."
+ # start-stop-daemon --stop --signal 1 --quiet --pidfile \
+ # /var/run/$NAME.pid --exec $DAEMON
+ #;;
+ force-reload)
+ #
+ # If the "reload" option is implemented, move the "force-reload"
+ # option to the "reload" entry above. If not, "force-reload" is
+ # just the same as "restart" except that it does nothing if the
+ # daemon isn't already running.
+ # check wether $DAEMON is running. If so, restart
+ start-stop-daemon --stop --test --quiet --pidfile \
+ /var/run/$NAME.pid --exec $DAEMON \
+ && $0 restart \
+ || exit 0
+ ;;
+ restart)
+ echo -n "Restarting $DESC: "
+ start-stop-daemon --stop --quiet --pidfile \
+ /var/run/$NAME.pid --exec $DAEMON
+ sleep 1
+ start-stop-daemon --start --quiet --pidfile \
+ /var/run/$NAME.pid --exec $DAEMON -- $DAEMON_OPTS
+ echo "$NAME."
+ ;;
+ *)
+ N=/etc/init.d/$NAME
+ # echo "Usage: $N {start|stop|restart|reload|force-reload}" >&2
+ echo "Usage: $N {start|stop|restart|force-reload}" >&2
+ exit 1
+ ;;
+esac
+
+exit 0
--- /dev/null
+.\" Hey, EMACS: -*- nroff -*-
+.\" First parameter, NAME, should be all caps
+.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection
+.\" other parameters are allowed: see man(7), man(1)
+.TH FWCNT SECTION "February 22, 2007"
+.\" Please adjust this date whenever revising the manpage.
+.\"
+.\" Some roff macros, for reference:
+.\" .nh disable hyphenation
+.\" .hy enable hyphenation
+.\" .ad l left justify
+.\" .ad b justify to both left and right margins
+.\" .nf disable filling
+.\" .fi enable filling
+.\" .br insert line break
+.\" .sp <n> insert n+1 empty lines
+.\" for manpage-specific macros, see man(7)
+.SH NAME
+fwcnt \- program to do something
+.SH SYNOPSIS
+.B fwcnt
+.RI [ options ] " files" ...
+.br
+.B bar
+.RI [ options ] " files" ...
+.SH DESCRIPTION
+This manual page documents briefly the
+.B fwcnt
+and
+.B bar
+commands.
+.PP
+.\" TeX users may be more comfortable with the \fB<whatever>\fP and
+.\" \fI<whatever>\fP escape sequences to invode bold face and italics,
+.\" respectively.
+\fBfwcnt\fP is a program that...
+.SH OPTIONS
+These programs follow the usual GNU command line syntax, with long
+options starting with two dashes (`-').
+A summary of options is included below.
+For a complete description, see the Info files.
+.TP
+.B \-h, \-\-help
+Show summary of options.
+.TP
+.B \-v, \-\-version
+Show version of program.
+.SH SEE ALSO
+.BR bar (1),
+.BR baz (1).
+.br
+The programs are documented fully by
+.IR "The Rise and Fall of a Fooish Bar" ,
+available via the Info system.
+.SH AUTHOR
+fwcnt was written by <upstream author>.
+.PP
+This manual page was written by root <popovec@fei.tuke.sk>,
+for the Debian project (but may be used by others).
--- /dev/null
+<!doctype refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [
+
+<!-- Process this file with docbook-to-man to generate an nroff manual
+ page: `docbook-to-man manpage.sgml > manpage.1'. You may view
+ the manual page with: `docbook-to-man manpage.sgml | nroff -man |
+ less'. A typical entry in a Makefile or Makefile.am is:
+
+manpage.1: manpage.sgml
+ docbook-to-man $< > $@
+
+
+ The docbook-to-man binary is found in the docbook-to-man package.
+ Please remember that if you create the nroff version in one of the
+ debian/rules file targets (such as build), you will need to include
+ docbook-to-man in your Build-Depends control field.
+
+ -->
+
+ <!-- Fill in your name for FIRSTNAME and SURNAME. -->
+ <!ENTITY dhfirstname "<firstname>FIRSTNAME</firstname>">
+ <!ENTITY dhsurname "<surname>SURNAME</surname>">
+ <!-- Please adjust the date whenever revising the manpage. -->
+ <!ENTITY dhdate "<date>February 22, 2007</date>">
+ <!-- SECTION should be 1-8, maybe w/ subsection other parameters are
+ allowed: see man(7), man(1). -->
+ <!ENTITY dhsection "<manvolnum>SECTION</manvolnum>">
+ <!ENTITY dhemail "<email>popovec@fei.tuke.sk</email>">
+ <!ENTITY dhusername "root">
+ <!ENTITY dhucpackage "<refentrytitle>FWCNT</refentrytitle>">
+ <!ENTITY dhpackage "fwcnt">
+
+ <!ENTITY debian "<productname>Debian</productname>">
+ <!ENTITY gnu "<acronym>GNU</acronym>">
+ <!ENTITY gpl "&gnu; <acronym>GPL</acronym>">
+]>
+
+<refentry>
+ <refentryinfo>
+ <address>
+ &dhemail;
+ </address>
+ <author>
+ &dhfirstname;
+ &dhsurname;
+ </author>
+ <copyright>
+ <year>2003</year>
+ <holder>&dhusername;</holder>
+ </copyright>
+ &dhdate;
+ </refentryinfo>
+ <refmeta>
+ &dhucpackage;
+
+ &dhsection;
+ </refmeta>
+ <refnamediv>
+ <refname>&dhpackage;</refname>
+
+ <refpurpose>program to do something</refpurpose>
+ </refnamediv>
+ <refsynopsisdiv>
+ <cmdsynopsis>
+ <command>&dhpackage;</command>
+
+ <arg><option>-e <replaceable>this</replaceable></option></arg>
+
+ <arg><option>--example <replaceable>that</replaceable></option></arg>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+ <refsect1>
+ <title>DESCRIPTION</title>
+
+ <para>This manual page documents briefly the
+ <command>&dhpackage;</command> and <command>bar</command>
+ commands.</para>
+
+ <para>This manual page was written for the &debian; distribution
+ because the original program does not have a manual page.
+ Instead, it has documentation in the &gnu;
+ <application>Info</application> format; see below.</para>
+
+ <para><command>&dhpackage;</command> is a program that...</para>
+
+ </refsect1>
+ <refsect1>
+ <title>OPTIONS</title>
+
+ <para>These programs follow the usual &gnu; command line syntax,
+ with long options starting with two dashes (`-'). A summary of
+ options is included below. For a complete description, see the
+ <application>Info</application> files.</para>
+
+ <variablelist>
+ <varlistentry>
+ <term><option>-h</option>
+ <option>--help</option>
+ </term>
+ <listitem>
+ <para>Show summary of options.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><option>-v</option>
+ <option>--version</option>
+ </term>
+ <listitem>
+ <para>Show version of program.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+ <refsect1>
+ <title>SEE ALSO</title>
+
+ <para>bar (1), baz (1).</para>
+
+ <para>The programs are documented fully by <citetitle>The Rise and
+ Fall of a Fooish Bar</citetitle> available via the
+ <application>Info</application> system.</para>
+ </refsect1>
+ <refsect1>
+ <title>AUTHOR</title>
+
+ <para>This manual page was written by &dhusername; &dhemail; for
+ the &debian; system (but may be used by others). Permission is
+ granted to copy, distribute and/or modify this document under
+ the terms of the &gnu; General Public License, Version 2 any
+ later version published by the Free Software Foundation.
+ </para>
+ <para>
+ On Debian systems, the complete text of the GNU General Public
+ License can be found in /usr/share/common-licenses/GPL.
+ </para>
+
+ </refsect1>
+</refentry>
+
+<!-- Keep this comment at the end of the file
+Local variables:
+mode: sgml
+sgml-omittag:t
+sgml-shorttag:t
+sgml-minimize-attributes:nil
+sgml-always-quote-attributes:t
+sgml-indent-step:2
+sgml-indent-data:t
+sgml-parent-document:nil
+sgml-default-dtd-file:nil
+sgml-exposed-tags:nil
+sgml-local-catalogs:nil
+sgml-local-ecat-files:nil
+End:
+-->
+
+
--- /dev/null
+<?xml version='1.0' encoding='ISO-8859-1'?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
+
+<!--
+
+Process this file with an XSLT processor: `xsltproc \
+-''-nonet /usr/share/sgml/docbook/stylesheet/xsl/nwalsh/\
+manpages/docbook.xsl manpage.dbk'. A manual page
+<package>.<section> will be generated. You may view the
+manual page with: nroff -man <package>.<section> | less'. A
+typical entry in a Makefile or Makefile.am is:
+
+DB2MAN=/usr/share/sgml/docbook/stylesheet/xsl/nwalsh/\
+manpages/docbook.xsl
+XP=xsltproc -''-nonet
+
+manpage.1: manpage.dbk
+ $(XP) $(DB2MAN) $<
+
+The xsltproc binary is found in the xsltproc package. The
+XSL files are in docbook-xsl. Please remember that if you
+create the nroff version in one of the debian/rules file
+targets (such as build), you will need to include xsltproc
+and docbook-xsl in your Build-Depends control field.
+
+-->
+
+ <!-- Fill in your name for FIRSTNAME and SURNAME. -->
+ <!ENTITY dhfirstname "<firstname>FIRSTNAME</firstname>">
+ <!ENTITY dhsurname "<surname>SURNAME</surname>">
+ <!-- Please adjust the date whenever revising the manpage. -->
+ <!ENTITY dhdate "<date>February 22, 2007</date>">
+ <!-- SECTION should be 1-8, maybe w/ subsection other parameters are
+ allowed: see man(7), man(1). -->
+ <!ENTITY dhsection "<manvolnum>SECTION</manvolnum>">
+ <!ENTITY dhemail "<email>popovec@fei.tuke.sk</email>">
+ <!ENTITY dhusername "root">
+ <!ENTITY dhucpackage "<refentrytitle>FWCNT</refentrytitle>">
+ <!ENTITY dhpackage "fwcnt">
+
+ <!ENTITY debian "<productname>Debian</productname>">
+ <!ENTITY gnu "<acronym>GNU</acronym>">
+ <!ENTITY gpl "&gnu; <acronym>GPL</acronym>">
+]>
+
+<refentry>
+ <refentryinfo>
+ <address>
+ &dhemail;
+ </address>
+ <author>
+ &dhfirstname;
+ &dhsurname;
+ </author>
+ <copyright>
+ <year>2003</year>
+ <holder>&dhusername;</holder>
+ </copyright>
+ &dhdate;
+ </refentryinfo>
+ <refmeta>
+ &dhucpackage;
+
+ &dhsection;
+ </refmeta>
+ <refnamediv>
+ <refname>&dhpackage;</refname>
+
+ <refpurpose>program to do something</refpurpose>
+ </refnamediv>
+ <refsynopsisdiv>
+ <cmdsynopsis>
+ <command>&dhpackage;</command>
+
+ <arg><option>-e <replaceable>this</replaceable></option></arg>
+
+ <arg><option>--example <replaceable>that</replaceable></option></arg>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+ <refsect1>
+ <title>DESCRIPTION</title>
+
+ <para>This manual page documents briefly the
+ <command>&dhpackage;</command> and <command>bar</command>
+ commands.</para>
+
+ <para>This manual page was written for the &debian; distribution
+ because the original program does not have a manual page.
+ Instead, it has documentation in the &gnu;
+ <application>Info</application> format; see below.</para>
+
+ <para><command>&dhpackage;</command> is a program that...</para>
+
+ </refsect1>
+ <refsect1>
+ <title>OPTIONS</title>
+
+ <para>These programs follow the usual &gnu; command line syntax,
+ with long options starting with two dashes (`-'). A summary of
+ options is included below. For a complete description, see the
+ <application>Info</application> files.</para>
+
+ <variablelist>
+ <varlistentry>
+ <term><option>-h</option>
+ <option>--help</option>
+ </term>
+ <listitem>
+ <para>Show summary of options.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><option>-v</option>
+ <option>--version</option>
+ </term>
+ <listitem>
+ <para>Show version of program.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+ <refsect1>
+ <title>SEE ALSO</title>
+
+ <para>bar (1), baz (1).</para>
+
+ <para>The programs are documented fully by <citetitle>The Rise and
+ Fall of a Fooish Bar</citetitle> available via the
+ <application>Info</application> system.</para>
+ </refsect1>
+ <refsect1>
+ <title>AUTHOR</title>
+
+ <para>This manual page was written by &dhusername; &dhemail; for
+ the &debian; system (but may be used by others). Permission is
+ granted to copy, distribute and/or modify this document under
+ the terms of the &gnu; General Public License, Version 2 any
+ later version published by the Free Software Foundation.
+ </para>
+ <para>
+ On Debian systems, the complete text of the GNU General Public
+ License can be found in /usr/share/common-licenses/GPL.
+ </para>
+
+ </refsect1>
+</refentry>
+
--- /dev/null
+?package(fwcnt):needs="X11|text|vc|wm" section="Apps/see-menu-manual"\
+ title="fwcnt" command="/usr/bin/fwcnt"
--- /dev/null
+#!/bin/sh
+# postinst script for fwcnt
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+# * <postinst> `configure' <most-recently-configured-version>
+# * <old-postinst> `abort-upgrade' <new version>
+# * <conflictor's-postinst> `abort-remove' `in-favour' <package>
+# <new-version>
+# * <postinst> `abort-remove'
+# * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
+# <failed-install-package> <version> `removing'
+# <conflicting-package> <version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+
+case "$1" in
+ configure)
+ if ! getent group FWcnt > /dev/null; then
+ # echo Adding system group: mserv.
+ addgroup --system --force-badname FWcnt
+ fi
+
+ # create mserv user if necessary.
+ if ! getent passwd FWcnt > /dev/null; then
+ adduser --system --force-badname --home /var/lib/FWcnt/FW_rrd_database/ --no-create-home --ingroup FWcnt FWcnt
+ fi
+ chown www-data /var/www/mrtg-rrd
+ chown -R FWcnt /var/lib/FWcnt/FW_rrd_database
+ if [ ! -s /etc/fwcnt.conf ]; then
+ echo "Creating initial /etc/fwcnt.conf"
+ echo "# This is initial automatic generated file" >/etc/fwcnt.conf
+ echo "# " >>/etc/fwcnt.conf
+ route -n|awk -F'.' '{if(NR<3)next;if($0 ~ "^0.0.0.0")next;if($0 ~ "^127.0.0")next;print "cntNET "$1"."$2"."$3}'|sort -u >>/etc/fwcnt.conf
+ awk -F':' '{if($0 ~ ":")print "cntLINK "$1}' /proc/net/dev >>/etc/fwcnt.conf
+ fi
+ ln -sf /etc/fwcnt.conf /var/lib/FWcnt/etc/config
+ /usr/lib/FWcnt/install_FWcnt
+ /usr/lib/FWcnt/generate
+ ;;
+ abort-upgrade|abort-remove|abort-deconfigure)
+ ;;
+
+ *)
+ echo "postinst called with unknown argument \`$1'" >&2
+ exit 1
+ ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
--- /dev/null
+#!/bin/sh
+# postinst script for fwcnt
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+# * <postinst> `configure' <most-recently-configured-version>
+# * <old-postinst> `abort-upgrade' <new version>
+# * <conflictor's-postinst> `abort-remove' `in-favour' <package>
+# <new-version>
+# * <postinst> `abort-remove'
+# * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
+# <failed-install-package> <version> `removing'
+# <conflicting-package> <version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+
+case "$1" in
+ configure)
+ ;;
+
+ abort-upgrade|abort-remove|abort-deconfigure)
+ ;;
+
+ *)
+ echo "postinst called with unknown argument \`$1'" >&2
+ exit 1
+ ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
+
+
--- /dev/null
+#!/bin/sh
+# postrm script for fwcnt
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+# * <postrm> `remove'
+# * <postrm> `purge'
+# * <old-postrm> `upgrade' <new-version>
+# * <new-postrm> `failed-upgrade' <old-version>
+# * <new-postrm> `abort-install'
+# * <new-postrm> `abort-install' <old-version>
+# * <new-postrm> `abort-upgrade' <old-version>
+# * <disappearer's-postrm> `disappear' <overwriter>
+# <overwriter-version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+
+case "$1" in
+ purge|remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
+ ;;
+
+ *)
+ echo "postrm called with unknown argument \`$1'" >&2
+ exit 1
+ ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
+
+
--- /dev/null
+#!/bin/sh
+# preinst script for fwcnt
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+# * <new-preinst> `install'
+# * <new-preinst> `install' <old-version>
+# * <new-preinst> `upgrade' <old-version>
+# * <old-preinst> `abort-upgrade' <new-version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+
+case "$1" in
+ install|upgrade)
+ ;;
+
+ abort-upgrade)
+ ;;
+
+ *)
+ echo "preinst called with unknown argument \`$1'" >&2
+ exit 1
+ ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
+
+
--- /dev/null
+#!/bin/sh
+# prerm script for fwcnt
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+# * <prerm> `remove'
+# * <old-prerm> `upgrade' <new-version>
+# * <new-prerm> `failed-upgrade' <old-version>
+# * <conflictor's-prerm> `remove' `in-favour' <package> <new-version>
+# * <deconfigured's-prerm> `deconfigure' `in-favour'
+# <package-being-installed> <version> `removing'
+# <conflicting-package> <version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+
+case "$1" in
+ remove)
+ /usr/lib/FWcnt/clean_FWcnt force
+ ;;
+ upgrade|deconfigure)
+ ;;
+
+ failed-upgrade)
+ ;;
+
+ *)
+ echo "prerm called with unknown argument \`$1'" >&2
+ exit 1
+ ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
+
+
--- /dev/null
+#!/bin/sh
+# prerm script for fwcnt
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+# * <prerm> `remove'
+# * <old-prerm> `upgrade' <new-version>
+# * <new-prerm> `failed-upgrade' <old-version>
+# * <conflictor's-prerm> `remove' `in-favour' <package> <new-version>
+# * <deconfigured's-prerm> `deconfigure' `in-favour'
+# <package-being-installed> <version> `removing'
+# <conflicting-package> <version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+
+case "$1" in
+ remove|upgrade|deconfigure)
+ ;;
+
+ failed-upgrade)
+ ;;
+
+ *)
+ echo "prerm called with unknown argument \`$1'" >&2
+ exit 1
+ ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
+
+
--- /dev/null
+#!/usr/bin/make -f
+# -*- makefile -*-
+# Sample debian/rules that uses debhelper.
+# This file was originally written by Joey Hess and Craig Small.
+# As a special exception, when this file is copied by dh-make into a
+# dh-make output file, you may use that output file without restriction.
+# This special exception was added by Craig Small in version 0.37 of dh-make.
+
+# Uncomment this to turn on verbose mode.
+#export DH_VERBOSE=1
+
+
+
+
+CFLAGS = -Wall -g
+
+ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS)))
+ CFLAGS += -O0
+else
+ CFLAGS += -O2
+endif
+
+configure: configure-stamp
+configure-stamp:
+ dh_testdir
+ # Add here commands to configure the package.
+
+ touch configure-stamp
+
+
+build: build-stamp
+
+build-stamp: configure-stamp
+ dh_testdir
+
+ # Add here commands to compile the package.
+ $(MAKE)
+ #docbook-to-man debian/fwcnt.sgml > fwcnt.1
+
+ touch $@
+
+clean:
+ dh_testdir
+ dh_testroot
+ rm -f build-stamp configure-stamp
+
+ # Add here commands to clean up after the build process.
+ -$(MAKE) clean
+
+ dh_clean
+
+install: build
+ dh_testdir
+ dh_testroot
+ dh_clean -k
+ dh_installdirs
+
+ # Add here commands to install the package into debian/fwcnt.
+ $(MAKE) DESTDIR=$(CURDIR)/debian/fwcnt install
+
+# Build architecture-independent files here.
+binary-indep: build install
+# We have nothing to do by default.
+
+# Build architecture-dependent files here.
+binary-arch: build install
+ dh_testdir
+ dh_testroot
+ dh_installchangelogs
+ dh_installdocs
+ dh_installexamples
+# dh_install
+# dh_installmenu
+# dh_installdebconf
+# dh_installlogrotate
+# dh_installemacsen
+# dh_installpam
+# dh_installmime
+# dh_python
+# dh_installinit
+ dh_installcron
+# dh_installinfo
+ dh_installman
+ dh_link
+ dh_strip
+ dh_compress
+ dh_fixperms
+# dh_perl
+# dh_makeshlibs
+ dh_installdeb
+ dh_shlibdeps
+ dh_gencontrol
+ dh_md5sums
+ dh_builddeb
+
+binary: binary-indep binary-arch
+.PHONY: build clean binary-indep binary-arch binary install configure
--- /dev/null
+# Example watch control file for uscan
+# Rename this file to "watch" and then you can run the "uscan" command
+# to check for upstream updates and more.
+# See uscan(1) for format
+
+# Compulsory line, this is a version 3 file
+version=3
+
+# Uncomment to examine a Webpage
+# <Webpage URL> <string match>
+#http://www.example.com/downloads.php fwcnt-(.*)\.tar\.gz
+
+# Uncomment to examine a Webserver directory
+#http://www.example.com/pub/fwcnt-(.*)\.tar\.gz
+
+# Uncommment to examine a FTP server
+#ftp://ftp.example.com/pub/fwcnt-(.*)\.tar\.gz debian uupdate
+
+# Uncomment to find new files on sourceforge, for debscripts >= 2.9
+# http://sf.net/fwcnt/fwcnt-(.*)\.tar\.gz
+
+
#!/bin/bash
+if [ $# -ge 1 ]; then
+ MAINT=$1
+else
+ MAINT="FWcnt"
+fi
iptables -L FWcnt -n|gawk -v CONVFMT="%d" '{if($1 ~ "^FWcntIN"){split ($NF,N,"/");print N[1]}}'|sort -u -n -t . -k1,1 -k2,2 -k3,3 -k4,4|
gawk -v CONVFMT="%d" '
printf("Options[%s-b]: bits\n",TARGET)>>OUT
printf("PageTop[%s-b]: <H1> Bytes to/from %s (%s)\n",TARGET,IP,IP) >> OUT
printf(" %s</H1>\n <TABLE>\n <TR><TD>System:</TD><TD>router</TD></TR>\n",IP) >> OUT
- printf(" <TR><TD>Maintainer:</TD><TD>krak3n</TD></TR>\n </TABLE>\n\n") >> OUT
+ printf(" <TR><TD>Maintainer:</TD><TD>%s</TD></TR>\n </TABLE>\n\n",MAINT) >> OUT
printf("Target[%s-p]: none\n",TARGET) >> OUT
printf("MaxBytes[%s-p]: %s\n",TARGET,65000) >> OUT
printf("YLegend[%s-p]: Pkts per Second\n",TARGET) >> OUT
printf("PageTop[%s-p]: <H1> Pkts to/from %s\n",TARGET,IP) >> OUT
printf(" </H1>\n <TABLE>\n <TR><TD>System:</TD><TD>router</TD></TR>\n") >> OUT
- printf(" <TR><TD>Maintainer:</TD><TD>krak3n</TD></TR>\n </TABLE>\n\n") >> OUT
+ printf(" <TR><TD>Maintainer:</TD><TD>%s</TD></TR>\n </TABLE>\n\n",MAINT) >> OUT
}
BEGIN{
}
i+=j
}
-}'
+}' MAINT=$MAINT
+
fi
iptables -N FWcnt 2>/dev/null
-NET_Ah=`printf "%X" ${NET_A}`
-NET_Bh=`printf "%X" ${NET_B}`
-NET_Ch=`printf "%X" ${NET_C}`
+NET_Ah=`printf "%02X" ${NET_A}`
+NET_Bh=`printf "%02X" ${NET_B}`
+NET_Ch=`printf "%02X" ${NET_C}`
iptables -L FWcntIN_${NET_Ah}${NET_Bh}${NET_Ch} -n 2>/dev/null >/dev/null
if [ $? == 0 ]; then
- echo "Warning, counters for net ${NET_A}.${NET_B}.${NET_C}.0/24 exists...."
+ echo "Counters for already net ${NET_A}.${NET_B}.${NET_C}.0/24 exists...."
else
-
+echo -n "${NET_A}.${NET_B}.${NET_C}:"
iptables -N FWcntIN_${NET_Ah}${NET_Bh}${NET_Ch}
iptables -N FWcntOUT_${NET_Ah}${NET_Bh}${NET_Ch}
+echo -n "."
#create counters for nets /25
iptables -A FWcntIN_${NET_Ah}${NET_Bh}${NET_Ch} -d ${NET_A}.${NET_B}.${NET_C}.0/25
iptables -A FWcntIN_${NET_Ah}${NET_Bh}${NET_Ch} -d ${NET_A}.${NET_B}.${NET_C}.128/25
iptables -A FWcntOUT_${NET_Ah}${NET_Bh}${NET_Ch} -s ${NET_A}.${NET_B}.${NET_C}.0/25
iptables -A FWcntOUT_${NET_Ah}${NET_Bh}${NET_Ch} -s ${NET_A}.${NET_B}.${NET_C}.128/25
-
+echo -n "."
#create counters for nets /26
iptables -A FWcntIN_${NET_Ah}${NET_Bh}${NET_Ch} -d ${NET_A}.${NET_B}.${NET_C}.0/26
iptables -A FWcntIN_${NET_Ah}${NET_Bh}${NET_Ch} -d ${NET_A}.${NET_B}.${NET_C}.64/26
iptables -A FWcntOUT_${NET_Ah}${NET_Bh}${NET_Ch} -s ${NET_A}.${NET_B}.${NET_C}.64/26
iptables -A FWcntOUT_${NET_Ah}${NET_Bh}${NET_Ch} -s ${NET_A}.${NET_B}.${NET_C}.128/26
iptables -A FWcntOUT_${NET_Ah}${NET_Bh}${NET_Ch} -s ${NET_A}.${NET_B}.${NET_C}.192/26
+echo -n "."
#create counters for nets /27
iptables -A FWcntIN_${NET_Ah}${NET_Bh}${NET_Ch} -d ${NET_A}.${NET_B}.${NET_C}.0/27
iptables -A FWcntOUT_${NET_Ah}${NET_Bh}${NET_Ch} -s ${NET_A}.${NET_B}.${NET_C}.160/27
iptables -A FWcntOUT_${NET_Ah}${NET_Bh}${NET_Ch} -s ${NET_A}.${NET_B}.${NET_C}.192/27
iptables -A FWcntOUT_${NET_Ah}${NET_Bh}${NET_Ch} -s ${NET_A}.${NET_B}.${NET_C}.224/27
+echo -n "."
#create subchains for counters (/28)
i=0
iptables -A FWcntOUT_${NET_Ah}${NET_Bh}${NET_Ch}${ih} -s ${NET_A}.${NET_B}.${NET_C}.${j}/29
iptables -A FWcntOUT_${NET_Ah}${NET_Bh}${NET_Ch}${ih} -s ${NET_A}.${NET_B}.${NET_C}.$[${j} + 8 ]/29
#create counters for chunk 16 IP
+ echo -n "."
k=0
while [ $k -lt 16 ]; do
iptables -A FWcntIN_${NET_Ah}${NET_Bh}${NET_Ch}${ih} -d ${NET_A}.${NET_B}.${NET_C}.$[ ${k} + ${j} ] -j RETURN
iptables -A FWcntOUT_${NET_Ah}${NET_Bh}${NET_Ch}${ih} -s ${NET_A}.${NET_B}.${NET_C}.$[ ${k} + ${j} ] -j RETURN
- k=$[$k + 1 ]
+ k=$[$k + 1 ]
done
iptables -A FWcntIN_${NET_Ah}${NET_Bh}${NET_Ch} -d ${NET_A}.${NET_B}.${NET_C}.${j}/28 -j FWcntIN_${NET_Ah}${NET_Bh}${NET_Ch}${ih}
iptables -A FWcntOUT_${NET_Ah}${NET_Bh}${NET_Ch} -s ${NET_A}.${NET_B}.${NET_C}.${j}/28 -j FWcntOUT_${NET_Ah}${NET_Bh}${NET_Ch}${ih}
iptables -A FWcnt -j FWcntIN_${NET_Ah}${NET_Bh}${NET_Ch} -d ${NET_A}.${NET_B}.${NET_C}.0/24
iptables -A FWcnt -j FWcntOUT_${NET_Ah}${NET_Bh}${NET_Ch} -s ${NET_A}.${NET_B}.${NET_C}.0/24
+echo ""
fi
done
+
+
--- /dev/null
+#!/bin/bash
+/usr/lib/FWcnt/init_FWcnt
+/usr/lib/FWcnt/clean_FWcnt
+
+
+iptables-save|awk 'BEGIN{
+C["FORWARD"]="iptables -I FORWARD -j FWcnt"
+C["INPUT"]="iptables -I INPUT -j FWcnt"
+C["OUTPUT"]="iptables -I OUTPUT -j FWcnt"
+}
+{
+ if($1 != "-A")next
+ if($0 ~ "FWcnt..?._")next
+ if($0 !~ "FWcnt")next
+ i=1;
+ while(i<NR){
+ if($i=="-j"){
+ if($(i+1)=="FWcnt"){
+ delete C[$2]
+ }
+ }
+ i++
+ }
+}
+END{
+for( i in C ){
+ system(C[i])
+ close(C[i])
+ }
+}'
TP[$2]=$1
}
close("/var/lib/FWcnt/run_conf/target.parent")
+ OUTX="default"
FS="-"
INP=ENVIRON["PATH_INFO"]
PATH_INFO=INP
gsub("/","",INP)
- if (length(INP)>4){
- split(INP,IP,".")
- split(INP,N,"_")
- X=strtonum(IP[4])
- IP[4]=X
- NX=strtonum(N[2])
- if(NX!=0){
- X=sprintf ("%d.%d.%d.%d_%d",IP[1],IP[2],IP[3],IP[4],NX)
- }
- else{
- X=sprintf ("%d.%d.%d.%d",IP[1],IP[2],IP[3],IP[4])
- }
- if(ENVIRON["PATH_INFO"] ~ ".png$") {OUTX=TP[X];exit 0}
- if(ENVIRON["PATH_INFO"] ~ ".html$") {OUTX=TP[X];exit 0}
- OUTX=X
+ if (length(INP)>1){
+ split(INP,NAME,"-")
+ if(NAME[1] in TP) OUTX=TP[NAME[1]]
+ if(ENVIRON["PATH_INFO"] ~ ".png$") exit 0
+ if(ENVIRON["PATH_INFO"] ~ ".html$") exit 0
+ OUTX=NAME[1]
PATH_INFO="/"
}
- else OUTX="default"
}
{#BLANK BODY
}
+++ /dev/null
-#!/bin/bash
-C="default.cfg"
-if [ $# -eq 1 ]; then
- C=`echo $1|awk '{print $1".cfg"}'`
-fi
-CFG=/var/lib/FWcnt/etc/${C}
-if [ -e ${CFG} ]; then
- export MRTGRRDCONF=${CFG}
-fi
-exec /usr/lib/cgi-bin/mrtg-rrd.cgi
-
+++ /dev/null
-#!/bin/bash
-IPI=${PATH_INFO}
-Cxx=`echo "${PATH_INFO}"|awk 'BEGIN{
-while (getline <"/var/lib/FWcnt/etc/target.parent"){
- gsub("/","_")
- TP[$2]=$1
- }
-close("/var/lib/FWcnt/etc/target.parent")
-FS="-"
-}
-{
-gsub("/","")
-if (length($1)>4){
-split($1,IP,".")
-split($1,N,"_")
-X=strtonum(IP[4])
-IP[4]=X
-NX=strtonum(N[2])
-if(NX!=0){
-X=sprintf ("%d.%d.%d.%d_%d",IP[1],IP[2],IP[3],IP[4],NX)
-}
-else{
-X=sprintf ("%d.%d.%d.%d",IP[1],IP[2],IP[3],IP[4])
-}
-#print(TP[X])
-if(ENVIRON["PATH_INFO"] ~ ".png$") {print(TP[X]);exit 0}
-if(ENVIRON["PATH_INFO"] ~ ".html$") {print(TP[X]);exit 0}
-print X
-exit 1
-}
-else {
- printf("default\n");
- }
-}'`
-if [ $? == 1 ]; then
- export PATH_INFO="/"
-fi
-
-CFG=/var/lib/FWcnt/etc/${Cxx}.cfg
-echo $CFG >> /var/lib/FWcnt/etc/debug
-echo "incoming PATH_INFO: "$IPI >>/var/lib/FWcnt/etc/debug
-echo "PATH_INFO: $PATH_INFO" >>/var/lib/FWcnt/etc/debug
-echo $Cxx >>/var/lib/FWcnt/etc/debug
-
-if [ -e ${CFG} ]; then
- echo "OK" >> /var/lib/FWcnt/etc/debug
- export MRTGRRDCONF=${CFG}
- exec /usr/lib/cgi-bin/mrtg-rrd.cgi
-else
- echo "Content-type: text/html"
- echo "X-Powered-By: shell"
- echo ""
- echo "no CFG "$CFG
-fi
+++ /dev/null
-#!/bin/bash
-Cxx=`echo "${PATH_INFO}"|awk 'BEGIN{
-while (getline <"/var/lib/FWcnt/etc/target.parent"){
- gsub("/","_")
- TP[$2]=$1
- }
-close("/var/lib/FWcnt/etc/target.parent")
-FS="-"
-}
-{
-gsub("/","")
-if (length($1)>4){
-split($1,IP,".")
-split($1,N,"_")
-X=strtonum(IP[4])
-IP[4]=X
-NX=strtonum(N[2])
-if(NX!=0){
-X=sprintf ("%d.%d.%d.%d_%d",IP[1],IP[2],IP[3],IP[4],NX)
-}
-else{
-X=sprintf ("%d.%d.%d.%d",IP[1],IP[2],IP[3],IP[4])
-}
-#print(TP[X])
-if(ENVIRON["PATH_INFO"] ~ ".png$") {print(TP[X]);exit 0}
-if(ENVIRON["PATH_INFO"] ~ ".html$") {print(TP[X]);exit 0}
-print X
-exit 1
-}
-else {
- printf("default\n");
- }
-}'`
-if [ $? == 1 ]; then
- export PATH_INFO="/"
-fi
-
-CFG=/var/lib/FWcnt/etc/${Cxx}.cfg
-
-if [ -e ${CFG} ]; then
- export MRTGRRDCONF=${CFG}
- exec /usr/lib/cgi-bin/mrtg-rrd.cgi
-else
- echo "Content-type: text/html"
- echo "X-Powered-By: shell"
- echo ""
- echo "no CFG "$CFG
-fi
+++ /dev/null
-#!/bin/bash
-awk 'BEGIN{
- while (getline <"/var/lib/FWcnt/run_conf/target.parent"){
- gsub("/","_")
- TP[$2]=$1
- }
- close("/var/lib/FWcnt/run_conf/target.parent")
- FS="-"
- INP=ENVIRON["PATH_INFO"]
- PATH_INFO=INP
- gsub("/","",INP)
- if (length(INP)>2){
- split(INP,IP,".")
- split(INP,N,"_")
- X=strtonum(IP[4])
- IP[4]=X
- NX=strtonum(N[2])
- if(NX!=0){
- X=sprintf ("%d.%d.%d.%d_%d",IP[1],IP[2],IP[3],IP[4],NX)
- }
- else{
- X=sprintf ("%d.%d.%d.%d",IP[1],IP[2],IP[3],IP[4])
- }
- if(X in TP){
- OUTX=TP[X]
- }
- else{
- OUTX="default"
- }
- if(ENVIRON["PATH_INFO"] ~ ".png$") {exit 0}
- if(ENVIRON["PATH_INFO"] ~ ".html$") {exit 0}
- OUTX=X
- PATH_INFO="/"
- }
- else OUTX="default"
-}
-{#BLANK BODY
-}
-END{
- CFG="/var/lib/FWcnt/run_conf/"OUTX".cfg"
- if((getline <CFG)==-1){
- printf("Content-type: text/html\n")
- printf("X-Powered-By: awk\n\n")
- printf("no CFG %s\n",CFG);
- }
- else{
- C="MRTGRRDCONF="CFG" PATH_INFO="PATH_INFO" /usr/lib/cgi-bin/mrtg-rrd.cgi"
- system(C)
- close(C)
- }
-}' /dev/null
projects / fwcnt / commitdiff