Main Page | Namespace List | Class Hierarchy | Alphabetical List | Class List | File List | Namespace Members | Class Members | File Members | Related Pages

wvipfirewall.cc

Go to the documentation of this file.
00001 /* 00002 * Worldvisions Weaver Software: 00003 * Copyright (C) 1997-2002 Net Integration Technologies, Inc. 00004 * 00005 * WvIPFirewall is an extremely simple hackish class that handles the Linux 00006 * 2.4 "iptables" firewall. See wvipfirewall.h. 00007 */ 00008 #include "wvipfirewall.h" 00009 #include "wvinterface.h" 00010 #include <unistd.h> 00011 00012 00013 bool WvIPFirewall::enable = false, WvIPFirewall::ignore_errors = true; 00014 00015 00016 WvIPFirewall::WvIPFirewall() 00017 { 00018 // don't change any firewall rules here! Remember that there may be 00019 // more than one instance of the firewall object. 00020 } 00021 00022 00023 WvIPFirewall::~WvIPFirewall() 00024 { 00025 zap(); 00026 } 00027 00028 00029 WvString WvIPFirewall::port_command(const char *cmd, const char *proto, 00030 const WvIPPortAddr &addr) 00031 { 00032 WvIPAddr ad(addr), none; 00033 00034 return WvString("iptables %s Services -j ACCEPT -p %s " 00035 "%s --dport %s " 00036 "%s", 00037 cmd, proto, 00038 ad == none ? WvString("") : WvString("-d %s", ad), 00039 addr.port, 00040 shutup()); 00041 } 00042 00043 00044 WvString WvIPFirewall::redir_command(const char *cmd, const WvIPPortAddr &src, 00045 int dstport) 00046 { 00047 WvIPAddr ad(src), none; 00048 00049 return WvString("iptables -t nat %s TProxy " 00050 "-p tcp %s --dport %s " 00051 "-j REDIRECT --to-ports %s " 00052 "%s", 00053 cmd, 00054 ad == none ? WvString("") : WvString("-d %s", ad), 00055 src.port, dstport, 00056 shutup()); 00057 } 00058 00059 00060 WvString WvIPFirewall::proto_command(const char *cmd, const char *proto) 00061 { 00062 return WvString("iptables %s Services -p %s -j ACCEPT " 00063 "%s", 00064 cmd, proto, shutup()); 00065 } 00066 00067 00068 void WvIPFirewall::add_port(const WvIPPortAddr &addr) 00069 { 00070 addrs.append(new WvIPPortAddr(addr), true); 00071 WvString s(port_command("-A", "tcp", addr)), 00072 s2(port_command("-A", "udp", addr)); 00073 if (enable) 00074 { 00075 system(s); 00076 system(s2); 00077 } 00078 } 00079 00080 00081 // note! This does not remove the address from the list, only the kernel! 00082 void WvIPFirewall::del_port(const WvIPPortAddr &addr) 00083 { 00084 WvIPPortAddrList::Iter i(addrs); 00085 for (i.rewind(); i.next(); ) 00086 { 00087 if (*i == addr) 00088 { 00089 WvString s(port_command("-D", "tcp", addr)), 00090 s2(port_command("-D", "udp", addr)); 00091 if (enable) 00092 { 00093 system(s); 00094 system(s2); 00095 } 00096 return; 00097 } 00098 } 00099 } 00100 00101 00102 void WvIPFirewall::add_redir(const WvIPPortAddr &src, int dstport) 00103 { 00104 redirs.append(new Redir(src, dstport), true); 00105 WvString s(redir_command("-A", src, dstport)); 00106 if (enable) system(s); 00107 } 00108 00109 00110 void WvIPFirewall::del_redir(const WvIPPortAddr &src, int dstport) 00111 { 00112 RedirList::Iter i(redirs); 00113 for (i.rewind(); i.next(); ) 00114 { 00115 if (i->src == src && i->dstport == dstport) 00116 { 00117 WvString s(redir_command("-D", src, dstport)); 00118 if (enable) system(s); 00119 return; 00120 } 00121 } 00122 } 00123 00124 00125 void WvIPFirewall::add_proto(WvStringParm proto) 00126 { 00127 protos.append(new WvString(proto), true); 00128 WvString s(proto_command("-A", proto)); 00129 if (enable) system(s); 00130 } 00131 00132 00133 void WvIPFirewall::del_proto(WvStringParm proto) 00134 { 00135 WvStringList::Iter i(protos); 00136 for (i.rewind(); i.next(); ) 00137 { 00138 if (*i == proto) 00139 { 00140 WvString s(proto_command("-D", proto)); 00141 if (enable) system(s); 00142 return; 00143 } 00144 } 00145 } 00146 00147 00148 // clear out our portion of the firewall 00149 void WvIPFirewall::zap() 00150 { 00151 WvIPPortAddrList::Iter i(addrs); 00152 for (i.rewind(); i.next(); ) 00153 { 00154 del_port(*i); 00155 i.xunlink(); 00156 } 00157 00158 RedirList::Iter i2(redirs); 00159 for (i2.rewind(); i2.next(); ) 00160 { 00161 del_redir(i2->src, i2->dstport); 00162 i2.xunlink(); 00163 } 00164 00165 WvStringList::Iter i3(protos); 00166 for (i3.rewind(); i3.next(); ) 00167 { 00168 del_proto(*i3); 00169 i3.xunlink(); 00170 } 00171 }

Generated on Tue Oct 5 01:09:20 2004 for WvStreams by doxygen 1.3.7