in reply to Re: Break the foreach loop on count on 50 and then insert a new foreach loop
in thread Break the foreach loop on count on 50 and then insert a new foreach loop
@Discipulus Please see what i did with the code and it works fine now but the problem is that it is executing one address at a time so it takes more time then it should take so is there a way i can make my new code more effiecient?
See my new code below
sub addRules { my %args = @_; my $protocol = $args{protocol}; my $ports = $args{ports}; my $addresses = $args{addresses}; my $domain = $args{domain}; my $appendCmd = "iptablesAdm append"; $appendCmd .= " --type=rule"; $appendCmd .= " --table=filter"; $appendCmd .= " --chain=INPUT"; $appendCmd .= " --protocol=${protocol}"; $appendCmd .= " --domain=${domain}"; $appendCmd .= " --persist=yes"; Dbug->debug("Base Insert CMD: ${appendCmd}"); # # Loop over the ports and create a rule for each of the addresses +with each port: foreach my $port (@$ports) { my $portNum = $port->port(); my $transport = $port->transportStr(); Dbug->log("Inserting rules for ${portNum} addresses @{$address +es}"); # # Build up the match string portion of the iptables command: foreach my $addr (@$addresses) { my $matchString = "-m state"; $matchString .= " --state NEW"; $matchString .= " -m ${transport}"; $matchString .= " --protocol ${transport}"; $matchString .= " --dport ${portNum}"; $matchString .= " -s $addr"; $matchString .= " -j ACCEPT"; # # Build the full command: my $cmd = "${appendCmd} --match=\"${matchString}\""; # # Run the command: Dbug->log("\tCMD: ${cmd}\n"); system($cmd) && do { Dbug->error("Rule insert failed!"); Dbug->error("CMD: ${cmd}"); return 0; }; } } # # As a side effect of getting the rules we will display what they +are right # now, and we would like to see what things look like after adding + this # rule: printRules('protocol' => $protocol, 'domain' => $domain); return 1; }
|
|---|