Создаю правила брандмауэра - Запускать скрипт при создании/изменении пользователя.
Скрипт PHP параметр запуска /usr/bin/php - /server/script/add_group.php?login=LOGIN
Не происходит запуск скрипт... Какие дополнительные настройки необходимо сделать, кроме того как запустить rfw ?
Правила брандмауэра - запуск скрипта
В мануале в строке параметрах прописывается скрипт + параметры...rudf писал(а):utm5_rfw выполняет так:
внешний скрипт (значение параметра firewall_path в rfw5.cfg) + параметры (строка из правил фаервола)
В вашем случае думаете сами, как лучше разбить скрипт и его параметры.
Пробовал в firewall_path=/usr/bin/php + правило (/netup/utm5/script/user_dhcp.php LOGIN)
не работает...
Напиши скрипт с командой, пропиши его в firewall_path="путь к скрипту" и указывай в правилах firewall только LOGINsolomon писал(а):В мануале в строке параметрах прописывается скрипт + параметры...rudf писал(а):utm5_rfw выполняет так:
внешний скрипт (значение параметра firewall_path в rfw5.cfg) + параметры (строка из правил фаервола)
В вашем случае думаете сами, как лучше разбить скрипт и его параметры.
Пробовал в firewall_path=/usr/bin/php + правило (/netup/utm5/script/user_dhcp.php LOGIN)
не работает...
Создай скрипт допустим /netup/utm5/script/adduser.shsolomon писал(а):Из командной строки я запускаю вот так
/usr/bin/php /netup/utm5/script/user_dhcp.php new_user
Без привлечения rfw
Как запустить с rfw?
Код: Выделить всё
#!/bin/sh
/usr/bin/php /netup/utm5/script/user_dhcp.php $1
пропиши
Код: Выделить всё
firewall_path=/netup/utm5/script/adduser.sh
Код: Выделить всё
Info : Jun 07 14:31:38 UTM5 Logger: New `?Debug : ' stream: /netup/utm5/log/rfw.log
Info : Jun 07 14:31:38 StreamManager: Registering message handlers..
Info : Jun 07 14:31:38 StreamManager: ID <0x4003> handler <0x09d9dda8>
Info : Jun 07 14:31:38 StreamManager: ID <0x4000> handler <0x09d9dda8>
Info : Jun 07 14:31:38 StreamManager: ID <0x4001> handler <0x09d9dda8>
Info : Jun 07 14:31:38 StreamManager: ID <0x4004> handler <0x09d9dda8>
Info : Jun 07 14:31:38 StreamManager: ID <0x4002> handler <0x09d9dda8>
Info : Jun 07 14:31:38 StreamConnection: Connection thread started. Peer 127.0.0.1:12758
?Debug : Jun 07 14:31:38 StreamConnection: Connection using TCP socket
?Debug : Jun 07 14:31:38 StreamConnection: System message recived
?Debug : Jun 07 14:31:38 StreamConnection: Challenge response sent
?Debug : Jun 07 14:31:38 StreamConnection: System message recived
Info : Jun 07 14:31:38 StreamConnection: Connection successfully authorized, user id <-4>
?Debug : Jun 07 14:31:39 StreamFirewall: Sending name: 127.0.0.1
ERROR : Jun 07 14:31:39 StreamFirewall: Error occured: Exception in handle method (check firewall name)
ERROR : Jun 07 14:31:39 StreamFirewall: Error occured: Exception in handle method (check firewall name)
Info : Jun 07 14:31:44 RFW Config: Terminating firewall: Exception in handle method (check firewall name)
-Stats : Jun 07 14:31:44 StreamManager: Stats: Uptime: 00:00:06. Events: 0; Errors: 0
Notice: Jun 07 14:31:44 RFW Config: Pid file found: /var/run/utm5_rfw.pid; Overwriting
Info : Jun 07 14:32:28 UTM5 Logger: New `?Debug : ' stream: /netup/utm5/log/rfw.log
Info : Jun 07 14:32:28 StreamManager: Registering message handlers..
Info : Jun 07 14:32:28 StreamManager: ID <0x4003> handler <0x09b2cda8>
Info : Jun 07 14:32:28 StreamManager: ID <0x4000> handler <0x09b2cda8>
Info : Jun 07 14:32:28 StreamManager: ID <0x4001> handler <0x09b2cda8>
Info : Jun 07 14:32:28 StreamManager: ID <0x4004> handler <0x09b2cda8>
Info : Jun 07 14:32:28 StreamManager: ID <0x4002> handler <0x09b2cda8>
Info : Jun 07 14:32:28 StreamConnection: Connection thread started. Peer 127.0.0.1:12758
?Debug : Jun 07 14:32:28 StreamConnection: Connection using TCP socket
?Debug : Jun 07 14:32:28 StreamConnection: System message recived
?Debug : Jun 07 14:32:28 StreamConnection: Challenge response sent
?Debug : Jun 07 14:32:28 StreamConnection: System message recived
Info : Jun 07 14:32:28 StreamConnection: Connection successfully authorized, user id <-4>
?Debug : Jun 07 14:32:28 StreamFirewall: Sending name: 127.0.0.1
ERROR : Jun 07 14:32:28 StreamFirewall: Error occured: Exception in handle method (check firewall name)
ERROR : Jun 07 14:32:28 StreamFirewall: Error occured: Exception in handle method (check firewall name)
Info : Jun 07 14:32:33 RFW Config: Terminating firewall: Exception in handle method (check firewall name)
-Stats : Jun 07 14:32:33 StreamManager: Stats: Uptime: 00:00:05. Events: 0; Errors: 0
Notice: Jun 07 14:32:33 RFW Config: Pid file found: /var/run/utm5_rfw.pid; Overwriting
Код: Выделить всё
[root@solomon utm5]# ps xa | grep utm5_rfw
18090 pts/2 S+ 0:00 grep utm5_rfw
Код: Выделить всё
##
## /netup/utm5/rfw5.cfg
## UTM5 RFW configuration file
##
## =============================================================================
## MAIN PARAMETERS
## =============================================================================
## rfw_name
## Description: Name of UTM5 rfw by which it is identified when connecting to
## the UTM5 core. The same value must be set in the 'Name' field in the list
## of firewalls in UTM_Admin.
## Possible values: <string>
## Required field
rfw_name=127.0.0.1
## core_host
## Description: IP address of the host running UTM5 core.
## Possible values: <IP address>
## Required field
core_host=127.0.0.1
## core_port
## Description: Port where UTM5 core is listening to Stream.
## Possible values: an integer from 1 to 65534
## Required field
core_port=12758
## rfw_login
## Description: Login used to access to the UTM5 core.
## Required field.
rfw_login=rfw
## rfw_password
## Description: Password used to access to the UTM5 core.
## Required field.
rfw_password=rfw
## firewall_type
## Description: Firewall type. Must conform with the 'Type' parameter of the
## firewall with the corresponding name.
## Possible values: local, cisco
## Default value: local
firewall_type=local
## rfw_ssl_type
## Description: SSL connection type. If 'none' is set, the connection is
## unencrypted.
## Possible values: tls1, ssl3, none
## Default value: none
#rfw_ssl_type=none
## sync_flags
## Description: Startup synchronization options. Specified actions will be executed at startup.
## Possible value: enable:disable:shaping:dialup:iptraffic:blocks:users
## E.g.:
## enable - Execute 'Internet ON' rules of startup
## disable - Execute 'Internet OFF' rules of startup
## users - Execute 'User Added' rules of startup
## iptraffic - Execute 'IP-traffic link added' rules of startup
## dialup - Execute 'Dialup link added' rules of startup
## blocks - Execute 'Modified block type' rules of startup
## shaping - Execute 'Setup dynamic shaping' rules of startup
sync_flags=enable
## =============================================================================
## PARAMETERS THAT ARE VALID WHEN firewall_type=local
## =============================================================================
### firewall_path
## Description: Path to the executable file that performs firewall management.
## Possible values: <name of an executable file>
## Required field
firewall_path=/netup/utm5/script/user_dhcp.sh
# sudo_path
## Description: Sudo program path.
## Possible values: <path to an executable file>
## Default value: <unset>
#sudo_path=/usr/bin/sudo
## dont_fork
## Description: If set, firewall rules are applied one-by-one. Recommended when
## using iptables.
## Possible values: yes, enable, true
## Default value: <commands are executed serially>
#dont_fork=yes
## =============================================================================
## PARAMETERS THAT ARE VALID WHEN firewall_type=cisco
## =============================================================================
## cisco_ip
## Description: IP address the commands are sent to via rsh protocol.
## Possible values: <IP address>
## Required field
#cisco_ip=10.0.0.1
## =============================================================================
## LOGGING
## =============================================================================
## log_level
## Description: Logging level.
## Possible values: 0, 1, 2, 3
## Default value: 1
log_level=1
## log_file_main
## Description: Main logfile path.
## Possible values: <filename>
## Default value: STDERR
log_file_main=/netup/utm5/log/rfw.log
## log_file_debug
## Description: Debug logfile path.
## Possible values: <filename>
## Default value: STDERR
log_file_debug=/netup/utm5/log/rfw.log
## log_file_critical
## Description: Critical logfile path.
## Possible values: <filename>
## Default value: STDERR
log_file_critical=/netup/utm5/log/rfw.log
## rotate_logs
## Description: Enables logfile rotation.
## Possible values: yes, on, enable
## Default value: disabled
## max_logfile_count
## Description: Maximum number of logfiles to retain. Valid if logfile rotation
## is on.
## Possible values: a positive integer
## Default value: not limited
## max_logfile_size
## Description: Maximum logfile size. When logfile size reaches this limit, a
## rotation is performed. Valid if logfile rotation is on.
## Possible values: <size in bytes>
## Default value: 10485760
## pid_file
## Description: PID file path.
## Possible values: <filename>
## Default value: /var/run/utm5_rfw.pid
## =============================================================================
## MISCELLANEOUS
## =============================================================================
## firewall_flush_cmd
## Possible values: <filename>
#firewall_flush_cmd=/usr/sbin/iptables -F
## OBSOLETE. NOT RECOMMENDED TO USE
## Description and default values for these parameters are not provided.
## core_timeout
## Possible values: 5