@Discipulus Please see what i did with the code and it works fine now but the problem is that it is executing one address at a time so it takes more time then it should take so is there a way i can make my new code more effiecient?
See my new code below
sub addRules {
my %args = @_;
my $protocol = $args{protocol};
my $ports = $args{ports};
my $addresses = $args{addresses};
my $domain = $args{domain};
my $appendCmd = "iptablesAdm append";
$appendCmd .= " --type=rule";
$appendCmd .= " --table=filter";
$appendCmd .= " --chain=INPUT";
$appendCmd .= " --protocol=${protocol}";
$appendCmd .= " --domain=${domain}";
$appendCmd .= " --persist=yes";
Dbug->debug("Base Insert CMD: ${appendCmd}");
#
# Loop over the ports and create a rule for each of the addresses
+with each port:
foreach my $port (@$ports) {
my $portNum = $port->port();
my $transport = $port->transportStr();
Dbug->log("Inserting rules for ${portNum} addresses @{$address
+es}");
#
# Build up the match string portion of the iptables command:
foreach my $addr (@$addresses) {
my $matchString = "-m state";
$matchString .= " --state NEW";
$matchString .= " -m ${transport}";
$matchString .= " --protocol ${transport}";
$matchString .= " --dport ${portNum}";
$matchString .= " -s $addr";
$matchString .= " -j ACCEPT";
#
# Build the full command:
my $cmd = "${appendCmd} --match=\"${matchString}\"";
#
# Run the command:
Dbug->log("\tCMD: ${cmd}\n");
system($cmd) && do {
Dbug->error("Rule insert failed!");
Dbug->error("CMD: ${cmd}");
return 0;
};
}
}
#
# As a side effect of getting the rules we will display what they
+are right
# now, and we would like to see what things look like after adding
+ this
# rule:
printRules('protocol' => $protocol, 'domain' => $domain);
return 1;
}
