Please see my code below. Now what i want to do is i have $port which has more then 75 ports/ips So my command is getting failed when i try to join all my addresses in one foreach loop
So can you propose me a solution where i can change sub addRules to only do about 50 addresses at a time. The foreach would have to have another loop inside of it to do the 50 at a time instead of the current join of all the addresses on
I am a beginner in Perl so your responses with be highly appreciated
######################################################################
+#########
# Name: addRules()
# Parameters: hash:
# protocol - Network protocol (ipv6 or ipv4)
# ports - List of Net::Port objects.
# addresses - List of addresses of this type.
# domains - List of iptables domains
# Return: 0 failure, 1 success
# Description:
# For a given set of ports add accept rules for all the specified a
+ddresses
# across all the specified net protocols and domains.
######################################################################
+#########
sub addRules {
my %args = @_;
my $protocol = $args{protocol};
my $ports = $args{ports};
my $addresses = $args{addresses};
my $domain = $args{domain};
my $appendCmd = "iptablesAdm append";
$appendCmd .= " --type=rule";
$appendCmd .= " --table=filter";
$appendCmd .= " --chain=INPUT";
$appendCmd .= " --protocol=${protocol}";
$appendCmd .= " --domain=${domain}";
$appendCmd .= " --persist=yes";
Dbug->debug("Base Insert CMD: ${appendCmd}");
#
# Loop over the ports and create a rule for each of the addresses
+with each port:
foreach my $port (@$ports) {
my $portNum = $port->port();
my $transport = $port->transportStr();
Dbug->log("Inserting rules for ${portNum} addresses @{$address
+es}");
#
# Build up the match string portion of the iptables command:
my $matchString = "-m state";
$matchString .= " --state NEW";
$matchString .= " -m ${transport}";
$matchString .= " --protocol ${transport}";
$matchString .= " --dport ${portNum}";
$matchString .= " -s " . join(',', @$addresses);
$matchString .= " -j ACCEPT";
#
# Build the full command:
my $cmd = "${appendCmd} --match=\"${matchString}\"";
#
# Run the command:
Dbug->log("\tCMD: ${cmd}\n");
system($cmd) && do {
Dbug->error("Rule insert failed!");
Dbug->error("CMD: ${cmd}");
return 0;
};
}
#
# As a side effect of getting the rules we will display what they
+are right
# now, and we would like to see what things look like after adding
+ this
# rule:
printRules('protocol' => $protocol, 'domain' => $domain);
return 1;
}