Newbie needs help with script (undfined subroutine)

Newbie needs help with script (undfined subroutine)

am 11.04.2006 09:58:10 von Hans Poppe

Hi, I'm totally new to Perl, an I'm trying to make use of a firewall script
that was published in Linux Journal (March 2006 page 64). I believe I've
copied the script verbatim, but when I try to run it I get the following
error:
-------------------------------
3etage:~/firewall# ./firewall.pl
Setter IP forvard til 0.
Undefined subroutine &main::iptables called at ./firewall.pl line 54.
-------------------------------
The second line is in Norwegian and is just the script echoing "turning off
ip_forward".
The subroutine it is trying to call is iptables, and I thought it was
decleared.
Here's the script (some of the comments are in Norwegian, but should not be
important):
---------------------------------
#!/usr/bin/perl

#

$default_policy = "DROP";

$iptables = "/sbin/iptables";
$work_dir = "/root/firewall";

# Først skrur vi av IP_forward fordi maskinen ikke er sikret _mens_ scriptet
kjører.

set_ip_forwarding(0);

load_interfaces();

# Setter opp tillatte protokoller
$protocols{tcp}++; $protocols{udp}++; $protocols{icmp}++;

init();

set_default_policy();

add_goodhosts();
add_badhosts();

build_chains();
add_rules();

set_default_action();

#Nå er de grunnleggende reglene satt opp, og vi kan skru på ip_forward

set_ip_forwarding(1);

exit;
############################################################ #####
#Her kommer subdeklarasjoner for tidligere kall
#
sub load_interfaces {
my($int, $name);
local(*FILE);

open FILE, "$work_dir/interfaces.conf";
while () {
chomp($_);
if ($_ eq "") {next; }

($name, $int) = split(/\s*=\s*/, $_);
$interface{$name} = $int;
}
}

sub init {
iptables("-F"); #Nullstiller alle aktive brannveggsregler.
iptables("-t nat -F"); #Tillater nat/pat/ip-masq og forwarder natet
oppkobling
iptables("-X"); #Sletter alle kjeder
iptables("-Z"); #Nullstiller pakketellere

iptables("-t nat -A POSTROUTING -j MASQUERADE");
iptables("-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT");
#Tillater innkommende som originerer i forespørsel fra innsiden f.eks HTTP
GET
}

sub set_default_policy {
iptables("-P INPUT $default_policy");

iptables("-P OUTPUT ACCEPT");
iptables("-P FORWARD ACCEPT");
return;
}

sub build_chains {
my($interface, $protocol, $chain);

foreach $interface (keys %interface) {
foreach $protocol (keys %protocols) {
$chain = "$interface-$protocol";

iptables("-N $chain");
iptables("-A INPUT -i $interface{$interface} -p $protocol -j $chain");
}
}
}

sub add_rules {
local(*FILE);

open FILE, "$work_dir/ports.conf";
while () {
chomp($_);
$_=~ s/#.?//;
if ($_ = "") { next; }

($int, $proto, $port) = split(/\t/, $_);

$i = $interface{$int};
$chain = "$int-$proto";

if ($proto eq "all") {
foreach $proto (keys %protocols) {
$chain = "$int-$proto";
iptables("-A $chain -i $i -p $proto -j ACCEPT");
}
next;
}


if ($proto eq "udp") {
iptables("-A $chain -i $i -p udp --dport $port -j ACCEPT");
iptables("-A $chain -i $i -p udp --sport $port -j ACCEPT");
}

if ($proto eq "tcp") {
iptables("-A $chain -i $i -p tcp --dport $port --syn -j ACCEPT");
iptables("-A $chain -i $i -p tcp --dport $port -j ACCEPT");
}
}
}

sub set_default_action {
my($interface, $protocol, $chain);

foreach $interface (keys %interface) {
foreach $protocol (keys %protocols) {
$chain = "$interface-$protocol";
iptables("-A $chain -j LOG --log-prefix
DEFAULT_$default_policy-$chain-");
iptables("-A $chain -j $default_policy");
}
}
}

sub ip_tables {
my($line) = @_;
print "$iptables $line > /dev/null\n" if ($debug);
$result = system("$iptables $line > /dev/null");
if ($result !=0) {
print "X: ($result) iptables $line\n";
}
}

sub set_ip_forwarding {
my($value) = @_;
local(*FILE);

print"Setter IP forvard til $value.\n";
open FILE, ">/proc/sys/net/ipv4/ip_forward";
print FILE $value;
close FILE;
}

sub add_good_hosts {
my($host, $comment);
local(*FILE);

open FILE, "$work_dir/good_hosts.conf";
while() {
($host, $comment) = split(/\t/, $_);

iptables("-A INPUT -s $host -j ACCEPT");
iptables("-A OUTPUT -d $host -j ACCEPT");
}
}

sub add_bad_hosts {
my($host, $comment);
local(*FILE);
open FILE, "$work_dir/bad_hosts.conf";
while () {
chomp($_);
($hosts, $comment) = split(/\t/, $_);

iptables("-A INPUT -s $host -j LOG --log-prefix $comment");
iptables("-A OUTPUT -d $host -j LOG --log-prefix $comment");

iptables("-A INPUT -s $host -j DROP");
iptables("-A OUTPUT -d $host -j DROP");
}
}


______________________________________-

Any help is appreciated, thanks in advance.
Regards
Hans Poppe, Oslo, Norway
--
There are 10 kinds of people, those who understand binary numbers, and those
who don't.

Re: Newbie needs help with script (undfined subroutine)

am 11.04.2006 10:35:58 von Joe Smith

Hans Poppe wrote:
> -------------------------------
> 3etage:~/firewall# ./firewall.pl
> Undefined subroutine &main::iptables called at ./firewall.pl line 54.
> -------------------------------
> The subroutine it is trying to call is iptables, and I thought it was
> decleared.
>
> sub init {
> iptables("-F"); #Nullstiller alle aktive brannveggsregler.
> }
>
> sub ip_tables { ... }

You are attempting to call iptables(), but the name of the routine you've
defined is ip_tables(). I believe that the latter is in error.
-Joe