No Description

graphicsfw 2.1KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273
  1. #!/bin/bash
  2. SELF_DIR="$(dirname $(readlink -e ${0}))"
  3. BASE_DIR="$(dirname $(dirname ${SELF_DIR}))"
  4. SCRIPTCOMMON="${BASE_DIR}/scripts_common.sh"
  5. . ${SCRIPTCOMMON}
  6. IPTABLES="sudo iptables"
  7. XPATH="${BASE_DIR}/datastore/xpath.rb --stdin --base64"
  8. RULES_FILE="/run/one/one_graphics_rules"
  9. function one_get_port()
  10. {
  11. ${XPATH} ${1} '/VM/TEMPLATE/GRAPHICS/PORT'
  12. }
  13. function open_port()
  14. {
  15. declare -a authorized_ip
  16. declare -a authorized_netmask
  17. vm_port=$(one_get_port ${1})
  18. [[ -z "${vm_port}" ]] && return 2
  19. authorized_ip=( $(CreoleGet ip_ssh_eth0) )
  20. [[ -z "${authorized_ip}" ]] && return 2
  21. authorized_netmask=( $(CreoleGet netmask_ssh_eth0) )
  22. [[ -z "${authorized_netmask}" ]] && return 2
  23. for ((i = 0; i < ${#authorized_ip[*]}; i +=1))
  24. do
  25. ${IPTABLES} -I eth0-root -s ${authorized_ip[$i]}/${authorized_netmask[$i]} -p tcp -m tcp --dport ${vm_port} --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
  26. [[ ${?} -eq 0 ]] && echo "/sbin/iptables -I eth0-root -s ${authorized_ip[$i]}/${authorized_netmask[$i]} -p tcp -m tcp --dport ${vm_port} --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT" >> "${RULES_FILE}"
  27. ${IPTABLES} -I eth0-root -s $(CreoleGet one_master_ip) -p tcp -m tcp --dport ${vm_port} --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
  28. [[ ${?} -eq 0 ]] && echo "/sbin/iptables -I eth0-root -s $(CreoleGet one_master_ip) -p tcp -m tcp --dport ${vm_port} --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT" >> "${RULES_FILE}"
  29. done
  30. }
  31. function close_port()
  32. {
  33. vm_port=$(one_get_port ${1})
  34. [[ -n "${vm_port}" ]] || return 2
  35. rule_ids=$(${IPTABLES} -n --line-numbers -L eth0-root | awk "/dpt:${vm_port}/ {print \$1}")
  36. for rule_id in ${rule_ids}
  37. do
  38. ${IPTABLES} -D eth0-root ${rule_id}
  39. if [[ $? -eq 0 ]]
  40. then
  41. sed -i "/--dport ${vm_port}/d" "${RULES_FILE}"
  42. fi
  43. done
  44. }
  45. action=${1}
  46. template=${2}
  47. case $action in
  48. open)
  49. open_port ${template}
  50. exit $?
  51. ;;
  52. close)
  53. close_port ${template}
  54. exit $?
  55. ;;
  56. *)
  57. echo "Unknown action '$action'" >&2
  58. exit 127
  59. ;;
  60. esac