cross module change

[nodeconfig.git] / PlanetLabConf / blacklist.php

diff --git a/PlanetLabConf/blacklist.php b/PlanetLabConf/blacklist.php
new file mode 100755 (executable)
index 0000000..8966f6d
--- /dev/null
+++ b/PlanetLabConf/blacklist.php
@@ -0,0 +1,52 @@
+#
+# /etc/planetlab/blacklist
+#
+# post: iptables-restore --noflush < /etc/planetlab/blacklist
+#
+# PlanetLab per-node outbound blacklist
+# 
+# Aaron Klingaman <alk@cs.princeton.edu>
+# Mark Huang <mlhuang@cs.princeton.edu>
+# Copyright (C) 2004 The Trustees of Princeton University
+#
+# $Id$
+#
+
+*filter
+-F BLACKLIST
+
+<?php
+
+// Get admin API handle
+require_once 'plc_api.php';
+global $adm;
+
+// Look up the node
+$nodenetworks = $adm->GetNodeNetworks(array('ip' => $_SERVER['REMOTE_ADDR']));
+if (!empty($nodenetworks)) {
+  $nodes = $adm->GetNodes(array($nodenetworks[0]['node_id']));
+  if (!empty($nodes)) {
+    $node = $nodes[0];
+  }
+}
+
+if (isset($node)) {
+  // XXX Implement generic "networks" table
+  // $networks = $adm->GetNetworks();
+  $networks = array();
+  foreach ($networks as $network) {
+    if ($network['blacklisted']) {
+      $dest = $network['ip'];
+      if ($network['netmask']) {
+       $dest .= "/" . $network['netmask'];
+      }
+      print "-A BLACKLIST -d $dest -j LOGDROP\n";
+    }
+  }
+}
+
+print "\n";
+
+?>
+
+COMMIT