line |
true |
false |
branch |
53
|
0 |
0 |
if ($self->{'_skip_ipt_exec_check'}) { } |
54
|
0 |
0 |
unless ($self->{'_firewall_cmd'} or $self->{'_iptables'}) |
59
|
0 |
0 |
if ($self->{'_firewall_cmd'}) { } |
|
0 |
0 |
elsif ($self->{'_iptables'}) { } |
61
|
0 |
0 |
unless -e $self->{'_firewall_cmd'} |
63
|
0 |
0 |
unless -x $self->{'_firewall_cmd'} |
66
|
0 |
0 |
unless -e $self->{'_iptables'} |
68
|
0 |
0 |
unless -x $self->{'_iptables'} |
73
|
0 |
0 |
if (-e $fwc_bin and -x $fwc_bin) { } |
|
0 |
0 |
elsif (-e $ipt_bin and -x $ipt_bin) { } |
|
0 |
0 |
elsif (-e $ipt6_bin and -x $ipt6_bin) { } |
86
|
0 |
0 |
if ($self->{'_ipv6'} and $self->{'_iptables'} eq $ipt_bin) |
87
|
0 |
0 |
if (-e $ipt6_bin and -x $ipt6_bin) { } |
97
|
0 |
0 |
if ($self->{'_firewall_cmd'}) { } |
98
|
0 |
0 |
if $self->{'_firewall_cmd'} =~ m[.*/(\S+)] |
100
|
0 |
0 |
if $self->{'_iptables'} =~ m[.*/(\S+)] |
104
|
0 |
0 |
if ($self->{'_ipv6'}) |
105
|
0 |
0 |
if ($self->{'_firewall_cmd'}) { } |
106
|
0 |
0 |
if ($self->{'_fwd_args'} =~ /ipv4/i) |
110
|
0 |
0 |
if ($self->{'_ipt_bin_name'} eq 'iptables') |
111
|
0 |
0 |
unless ($self->{'_skip_ipt_exec_check'}) |
119
|
0 |
0 |
if $self->{'_ipt_bin_name'} eq 'ip6tables' |
120
|
0 |
0 |
if ($self->{'_firewall_cmd'}) |
121
|
0 |
0 |
if $self->{'_fwd_args'} =~ /ipv6/ |
127
|
0 |
0 |
if ($self->{'_firewall_cmd'}) |
131
|
0 |
0 |
unless ($self->{'_skip_ipt_exec_check'}) |
132
|
0 |
0 |
unless ($self->{'_lockless_ipt_exec'}) |
137
|
0 |
0 |
if $rv |
150
|
0 |
0 |
unless ($self->{'_debug'}) |
270
|
0 |
0 |
if ($self->{'_ipt_rules_file'} and not $file) |
274
|
0 |
0 |
if ($file) { } |
277
|
0 |
0 |
unless open F, "< $file" |
287
|
0 |
0 |
if (/^\s*Chain\s(.*?)\s\(/) |
302
|
0 |
0 |
if ($self->{'_ipt_rules_file'} and not $file) |
306
|
0 |
0 |
if ($file) { } |
309
|
0 |
0 |
unless open F, "< $file" |
322
|
0 |
0 |
if ($line =~ /^\s*Chain\s+$chain\s+\(policy\s+(\w+)/) |
345
|
0 |
0 |
if $self->{'_verbose'} |
354
|
0 |
0 |
if ($self->{'_ipt_rules_file'} and not $file) |
358
|
0 |
0 |
if ($file) { } |
361
|
0 |
0 |
unless open F, "< $file" |
374
|
0 |
0 |
if ($line =~ /\spkts\s+bytes\s+target/) |
381
|
0 |
0 |
if ($line =~ /^num\s+pkts\s+bytes\s+target/) |
392
|
0 |
0 |
if $found_chain and $line =~ /^\s*Chain\s+/ |
394
|
0 |
0 |
if ($line =~ /^\s*Chain\s\Q$chain\E\s\(/i) |
398
|
0 |
0 |
if $line =~ /\starget\s{2,}prot/i |
399
|
0 |
0 |
unless $found_chain |
400
|
0 |
0 |
unless $line |
424
|
0 |
0 |
if ($ipt_verbose) { } |
425
|
0 |
0 |
if ($has_line_numbers) { } |
426
|
0 |
0 |
if ($line =~ /^\s*(\d+)\s+(\S+)\s+(\S+)\s+(.*)/) |
433
|
0 |
0 |
if ($line =~ /^\s*(\S+)\s+(\S+)\s+(.*)/) |
440
|
0 |
0 |
if ($has_line_numbers) { } |
441
|
0 |
0 |
if ($line =~ /^\s*(\d+)\s+(.*)/) |
452
|
0 |
0 |
if ($rnum and $rnum ne $rule_num) |
456
|
0 |
0 |
if ($ipt_verbose) { } |
472
|
0 |
0 |
if ($self->{'_ipt_bin_name'} eq 'ip6tables' or $self->{'_ipt_bin_name'} eq 'firewall-cmd' and $self->{'_fwd_args'} =~ /\sipv6/) |
479
|
0 |
0 |
if ($rule_body =~ /$match_re/) { } |
484
|
0 |
0 |
if $proto eq '0' |
494
|
0 |
0 |
if ($self->{'_debug'}) |
519
|
0 |
0 |
if ($self->{'_ipt_bin_name'} eq 'ip6tables' or $self->{'_ipt_bin_name'} eq 'firewall-cmd' and $self->{'_fwd_args'} =~ /\sipv6/) |
525
|
0 |
0 |
if ($rule_body =~ /$match_re/) { } |
528
|
0 |
0 |
if $proto eq '0' |
536
|
0 |
0 |
if ($self->{'_debug'}) |
550
|
0 |
0 |
if ($rule_hr->{'extended'} =~ /$ext_keys_hr->{$key}{'regex'}/) |
556
|
0 |
0 |
if ($rule_hr->{'protocol'} eq '0') { } |
|
0 |
0 |
elsif ($rule_hr->{'protocol'} eq 'tcp' or $rule_hr->{'protocol'} eq 'udp') { } |
562
|
0 |
0 |
if $rule_hr->{'s_port'} eq '' |
564
|
0 |
0 |
if $rule_hr->{'d_port'} eq '' |
578
|
0 |
0 |
if ($self->{'_ipt_rules_file'} and not $file) |
582
|
0 |
0 |
if ($file) { } |
585
|
0 |
0 |
unless open F, "< $file" |
595
|
0 |
0 |
unless @ipt_lines |
609
|
0 |
0 |
if $found_chain and $line =~ /^\s*Chain\s+/ |
613
|
0 |
0 |
if ($line =~ /^\s*Chain\s+$chain\s+\(policy\s+(\w+)\)/) |
617
|
0 |
0 |
if $line =~ /^\s*target\s/i |
618
|
0 |
0 |
unless $found_chain |
626
|
0 |
0 |
if ($self->{'_ipt_bin_name'} eq 'ip6tables' or $self->{'_ipt_bin_name'} eq 'firewall-cmd' and $self->{'_fwd_args'} =~ /ipv6/) |
636
|
0 |
0 |
if ($line =~ /$log_re/) { } |
|
0 |
0 |
elsif ($policy eq 'ACCEPT' and $line =~ /$drop_re/) { } |
643
|
0 |
0 |
if $proto eq '0' |
645
|
0 |
0 |
if ($p_tmp and $p_tmp =~ /LOG.*\s+prefix\s+
\`\s*(.+?)\s*\'/x) |
654
|
0 |
0 |
if $proto eq '0' |
664
|
0 |
0 |
if ($policy eq 'DROP') |
669
|
0 |
0 |
unless %protocols and $found_default_drop |
687
|
0 |
0 |
if ($self->{'_ipt_rules_file'} and not $file) |
695
|
0 |
0 |
if ($file) { } |
698
|
0 |
0 |
unless open F, "< $file" |
711
|
0 |
0 |
if ($line =~ /^\s*pkts\s+bytes\s+target/) |
717
|
0 |
0 |
unless @ipt_lines |
728
|
0 |
0 |
if ($line =~ /^\s*Chain\s+(.*?)\s+\(/ and not $line =~ /0\s+references/) |
732
|
0 |
0 |
unless $line =~ /\S/ |
733
|
0 |
0 |
unless $log_chain |
737
|
0 |
0 |
if ($ipt_verbose) { } |
738
|
0 |
0 |
if ($self->{'_ipt_bin_name'} eq 'ip6tables' or $self->{'_ipt_bin_name'} eq 'firewall-cmd' and $self->{'_fwd_args'} =~ /\sipv6/) { } |
741
|
0 |
0 |
if ($line =~ /^\s*\d+\s+\d+\s*U?LOG\s+(\w+)\s+
\S+\s+\S+\s+$any_ip_re
\s+$any_ip_re\s+.*U?LOG/x) |
748
|
0 |
0 |
if ($line =~ /^\s*\d+\s+\d+\s*U?LOG\s+(\w+)\s+\-\-\s+
\S+\s+\S+\s+$any_ip_re
\s+$any_ip_re\s+.*U?LOG/x) |
756
|
0 |
0 |
if ($self->{'_ipt_bin_name'} eq 'ip6tables' or $self->{'_ipt_bin_name'} eq 'firewall-cmd' and $self->{'_fwd_args'} =~ /\sipv6/) { } |
759
|
0 |
0 |
if ($line =~ /^\s*U?LOG\s+(\w+)\s+$any_ip_re
\s+$any_ip_re\s+.*U?LOG/x) |
765
|
0 |
0 |
if ($line =~ /^\s*U?LOG\s+(\w+)\s+\-\-\s+$any_ip_re
\s+$any_ip_re\s+.*U?LOG/x) |
773
|
0 |
0 |
if ($found) |
774
|
0 |
0 |
if $proto eq '0' |
777
|
0 |
0 |
if $log_chain eq $chain |
781
|
0 |
0 |
unless %log_chains |
792
|
0 |
0 |
if (defined $sub_chains{$log_chain}) |
810
|
0 |
0 |
if ($line =~ /^\s*Chain\s+\Q$start_chain\E\s+\(/ and not $line =~ /0\s+references/) |
815
|
0 |
0 |
unless $found |
816
|
0 |
0 |
if ($found and $line =~ /^\s*Chain\s/) |
819
|
0 |
0 |
if ($line =~ /^\s*(\S+)\s+\S+\s+/) |
821
|
0 |
0 |
if ($new_chain ne 'LOG' and $new_chain ne 'DROP' and $new_chain ne 'REJECT' and $new_chain ne 'ACCEPT' and $new_chain ne 'RETURN' and $new_chain ne 'QUEUE' and $new_chain ne 'SNAT' and $new_chain ne 'DNAT' and $new_chain ne 'MASQUERADE' and $new_chain ne 'pkts' and $new_chain ne 'Chain' and $new_chain ne 'target') |
854
|
0 |
0 |
unless $cmd =~ /^\s*iptables/ or $cmd =~ m[^\S+/iptables] or $cmd =~ /^\s*ip6tables/ or $cmd =~ m[^\S+/ip6tables] or $cmd =~ /^\s*firewall-cmd/ or $cmd =~ m[^\S+/firewall-cmd] |
870
|
0 |
0 |
if $verbose |
872
|
0 |
0 |
if ($debug or $verbose) |
875
|
0 |
0 |
if ($ipt_exec_sleep > 0) |
881
|
0 |
0 |
if ($ipt_exec_sleep > 0) |
882
|
0 |
0 |
if ($debug or $verbose) |
890
|
0 |
0 |
if ($ipt_exec_style eq 'system') { } |
|
0 |
0 |
elsif ($ipt_exec_style eq 'popen') { } |
893
|
0 |
0 |
unless open CMD, "$cmd 2> $ipterr |" |
896
|
0 |
0 |
unless open F, "> $iptout" |
902
|
0 |
0 |
if ($debug or $verbose) |
908
|
0 |
0 |
if ($ipt_pid = fork) { } |
919
|
0 |
0 |
if ($@) |
920
|
0 |
0 |
unless kill 15, $ipt_pid |
923
|
0 |
0 |
unless defined $ipt_pid |
931
|
0 |
0 |
if (-e $iptout) |
932
|
0 |
0 |
unless open F, "< $iptout" |
936
|
0 |
0 |
if (-e $ipterr) |
937
|
0 |
0 |
unless open F, "< $ipterr" |
941
|
0 |
0 |
if @stderr |
944
|
0 |
0 |
if (@stdout) |
945
|
0 |
0 |
if ($stdout[$#stdout] =~ /^success/) |
948
|
0 |
0 |
if ($self->{'_ipt_bin_name'} eq 'firewall-cmd') |
950
|
0 |
0 |
if (/COMMAND_FAILED/) |
958
|
0 |
0 |
if ($debug or $verbose) |
962
|
0 |
0 |
if ($line =~ /\n$/) { } |
971
|
0 |
0 |
if ($line =~ /\n$/) { } |
979
|
0 |
0 |
if ($debug or $verbose) |