NAME

  NethServer::Firewall -- extensible module for firewall rules generation

DESCRIPTION

  This modules implements many utilities and can determinate the zone of a
  given ip address using the getZone function.
  The module also defines an API to extend getZone function behavior. For
  example, VPNs bring new zones. Each VPN package, using the API system, can
  find if the given address belongs to their own zones.
  Each package will be a "provider", implementing a special callback
  function.
  To define a provider function, add a Perl module under Firewall/
  directory, with namespace prefix NethServer::Firewall.
  The callback function must:
  • return the name of the zone if the ip address belongs to a zone defined by the package
  • othwerwise, an empty string

USAGE

  This is an example provider "Provider1" definition.
   package NethServer::Firewall::Provider1;
   use NethServer::Firewall qw(register_callback);
   register_callback(&provider1);
   sub provider1
   {
      my $value = shift;
      # return the name of the zone if $value is in my zone
      # return '' otherwise
   }

FUNCTIONS

new
  Create a NethServer::Firewall instance.
getAddress(id, expand_zone = 0)
  Return the address value corresponding to given id. If id matches a valid
  IP or CIDR syntax, simply return it. Otherwise lookup for the id inside
  other databases and return the value of the key.
  If expand_zone flag is set to 1, zone name will be replaced with CIDR
  notation or interface name.
getZoneInterface($zone)
  Return a list of interfaces associated with given zone.
getZoneCIDR($zone)
  Return the CIDR rappresentation of given zone.
isValidNdpiProtocol(protocol)
  Return 1 if given protocol is listed in xt_ndpi kernel module, return 0
  otherwise.
getNdpiProtocol(id)
  Return the nDPI protocol for the service id, only if the protocol is
  defined in /proc/net/xt_ndpi/proto . Otherwise return undef
getTimel(id)
  Return the time string in UTC. Return an '-' if the key doesn't exists;
getPorts(id)
  Return the port value corresponding to given service id. If id matches a
  valid port or port list syntax, simply return it. Otherwise lookup for the
  id inside other databases and return an hash containg port grouped by
  protocol.
  Example: { tcp => 1234 udp => 1234,456:500 }
getZone(value)
  Return the given value prefixed with its own zone. Value can be an ip
  address, an host group or a CIDR subnet. This function is used to create
  Shorewall rules file.
  Example: $v = $fw->getZone('192.168.1.2'); $v will be "loc:192.168.1.2"
outMangleRule
  Return the mangle rule(s) in Shorewall format.
outRule
  Return the rule(s) in Shorewall format.
  Fields:
  1. ACTION 2. SOURCE 3. DEST 4. PROTO 5. DPORT 6. SPORT (unused) 7.
  ORIGDEST (unused) 8. RATE (unused) 9. USER (unused) 10. MARK (unused) 11.
  CONNLIMIT (unused) 12. TIME
listZones
  Return an hash of zones with the following format: zone_name =>
  shorewall_name
isNdpiEnabled
  Return 1 if the current xt_ndpi module is loaded, 0 otherwise
isNdpiService
  Return 1 if the current service is a nDPI target, 0 otherwise
getNdpiMark
  Return ndpi mark shifted by 8
isZone
  Return 1 if the given key is a zone, 0 otherwise
getProviders
  Return the provider list ordered by weight (descending order). Each record
  has all database properties plus mask, number and name fields. The mask
  field is ready to be used inside Shorewall configuration.
  Each entry is a reference to hash of properties.
getRules
  Return the rule list ordered by Position property (ascending order). Each
  record has all database properties.
getTcRules
  Return the tc rule list ordered by Position property (ascending order).
  Each record has all database properties.
getBypassRules
  Return the list of proxy bypasses by source or destination. Each record
  has all database properties.
getPortForwards
  Return the list of port forward. Each record has all database properties.
getInterfaceFromIP
  Return the name of the interfa connected to the given ip, or undef if no
  interface can be found.
countReferences(db, key)
  Returns the number of references of the given <DB, key>. The object is
  searched inside one of following lists: * firewall rules * proxy bypasses
  * traffic shaping rules * port forwards

The last documentation

perldoc NethServer::Firewall