Changeset c446502a4ee40c22d4500431adfafa754be78122

Show
Ignore:
Timestamp:
01/04/12 15:07:03 (2 years ago)
Author:
Theo Schlossnagle <jesus@omniti.com>
git-committer:
Theo Schlossnagle <jesus@omniti.com> 1325689623 -0500
git-parent:

[234ba83977cffc9b82b6d018fea7ea65e6ab42ab]

git-author:
Theo Schlossnagle <jesus@omniti.com> 1325689623 -0500
Message:

An ip_acl module allowing for the restriction of check execution
against specified IP addresses (both IPv4 and IPv6).

There is an ordering problem with this inherited ACL rulesets
(in that ordering is non-deterministic if multiple ACLs are
applied. With a default allow, this means that ACLs should
only use deny rules (until ordering issues are fixed) to
ensure expected behavior.

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved
  • src/modules/Makefile.in

    rbb10f44 rc446502  
    2828        lua.@MODULEEXT@ dns.@MODULEEXT@ selfcheck.@MODULEEXT@ \ 
    2929        external.@MODULEEXT@ collectd.@MODULEEXT@ httptrap.@MODULEEXT@ \ 
     30        ip_acl.@MODULEEXT@ \ 
    3031        @BUILD_MODULES@ 
    3132 
     
    4142 
    4243check_test.lo:  check_test.xmlh 
     44 
     45ip_acl.lo:      ip_acl.xmlh 
    4346 
    4447lua.@MODULEEXT@:        lua.lo lua_noit.lo lua_lpack.lo lua_dns.lo 
  • src/noit.conf.in

    r68aa702 rc446502  
    7777    </jezebel> 
    7878    <generic image="check_test" name="check_test"/> 
     79    <generic image="ip_acl" name="ip_acl"/> 
    7980  </modules> 
    8081  <listeners> 
     
    112113          resolve_rtype="prefer-ipv4" 
    113114          transient_min_period="1000" transient_period_granularity="500"> 
     115    <config xmlns:ip_acl="noit://module/ip_acl"> 
     116      <ip_acl:global/> 
     117    </config> 
    114118    <check uuid="f7cea020-f19d-11dd-85a6-cb6d3a2207dc" module="selfcheck" target="10.80.117.90" period="5000" timeout="4000"/> 
    115119    <check uuid="1b4e28ba-2fa1-11d2-883f-b9b761bde3fb" module="ping_icmp" target="10.80.116.4" period="15000" timeout="14000"/> 
     
    119123      </icmp> 
    120124      <web module="http"> 
     125        <config xmlns:ip_acl="noit://module/ip_acl"> 
     126          <ip_acl:sample/> 
     127        </config> 
    121128        <check uuid="1b4e28ba-2fa1-11d2-883f-b9a761bde3fc" target="66.225.209.31"> 
    122129          <config> 
     
    166173    <include file="config_templates.conf"/> 
    167174  </config_templates> 
     175  <acls> 
     176    <acl name="global"> 
     177      <rule type="deny">8.8.38.0/24</rule> 
     178    </acl> 
     179    <acl name="sample"> 
     180      <rule type="deny">66.225.209.0/24</rule> 
     181    </acl> 
     182  </acls> 
    168183</noit>