Package: libnet-server-perl
Version: 0.87-2
Severity: wishlist
This is a patch to add cidr_allow and cidr_deny statements to the
configuration used by Net::Server. Originally made so I could use
CIDR access lists in munin-node, which is built around Net::Server.
--- orig/lib/Net/Server.pm
+++ mod/lib/Net/Server.pm
@@ -29,6 +29,7 @@
use IO::Select ();
use POSIX ();
use Fcntl ();
+use Net::CIDR;
use Net::Server::Proto ();
use Net::Server::Daemonize qw(check_pid_file create_pid_file
get_uid get_gid set_uid set_gid
@@ -272,6 +273,10 @@
### make sure that allow and deny look like array refs
$prop->{allow} = [] unless defined($prop->{allow}) && ref($prop->{allow});
$prop->{deny} = [] unless defined($prop->{deny}) && ref($prop->{deny} );
+ $prop->{cidr_allow} = [] unless
+ defined($prop->{cidr_allow}) && ref($prop->{cidr_allow});
+ $prop->{cidr_deny} = [] unless
+ defined($prop->{cidr_deny}) && ref($prop->{cidr_deny} );
}
@@ -717,15 +722,22 @@
}
### if no allow or deny parameters are set, allow all
- return 1 unless @{ $prop->{allow} } || @{ $prop->{deny} };
+ return 1 unless( @{ $prop->{cidr_allow} } || @{ $prop->{allow} } ||
+ @{ $prop->{cidr_deny} } || @{ $prop->{deny} } );
### if the addr or host matches a deny, reject it immediately
+ if( @{ $prop->{cidr_deny} }){
+ return 0 if Net::CIDR::cidrlookup($prop->{peeraddr},
@{$prop->{cidr_deny}});
+ }
foreach ( @{ $prop->{deny} } ){
return 0 if $prop->{peerhost} =~ /^$_$/ &&
defined($prop->{reverse_lookups});
return 0 if $prop->{peeraddr} =~ /^$_$/;
}
### if the addr or host isn't blocked yet, allow it if it is allowed
+ if( @{ $prop->{cidr_allow} }){
+ return 1 if Net::CIDR::cidrlookup($prop->{peeraddr},
@{$prop->{cidr_allow}});
+ }
foreach ( @{ $prop->{allow} } ){
return 1 if $prop->{peerhost} =~ /^$_$/ &&
defined($prop->{reverse_lookups});
return 1 if $prop->{peeraddr} =~ /^$_$/;
@@ -1092,7 +1104,7 @@
my $prop = $self->{server};
my $ref = shift;
- foreach ( qw(port allow deny) ){
+ foreach ( qw(port allow deny cidr_allow cidr_deny) ){
$prop->{$_} = [] unless exists $prop->{$_};
$ref->{$_} = $prop->{$_};
}
@@ -1548,6 +1560,8 @@
reverse_lookups 1 undef
allow /regex/ none
deny /regex/ none
+ cidr_allow CIDR none
+ cidr_deny CIDR none
## daemonization parameters
pid_file "filename" undef
@@ -1673,6 +1687,13 @@
the client connection will be closed. Defaults to empty
array refs.
+=item cidr_allow/cidr_deny
+
+May be specified multiple times. Contains a CIDR block to compare to
+incoming peeraddr. If cidr_allow or cidr_deny options are given, the
+incoming client must match a cidr_allow and not match a cidr_deny or
+the client connection will be closed. Defaults to empty array refs.
+
=item chroot
Directory to chroot to after bind process has taken place
@@ -1787,6 +1808,9 @@
allow .+\.(net|com)
allow domain\.com
deny a.+
+ cidr_allow 127.0.0.0/8
+ cidr_allow 192.0.2.0/24
+ cidr_deny 192.0.2.4/30
### background the process?
background 1
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (900, 'testing'), (800, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.8-evo-n610c-2
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Versions of packages libnet-server-perl depends on:
ii libio-multiplex-perl 1.08-1 object-oriented interface to selec
ii perl 5.8.4-5 Larry Wall's Practical Extraction
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
