Main Page | Namespace List | Class Hierarchy | Alphabetical List | Class List | Directories | File List | Namespace Members | Class Members | File Members | Related Pages

wvipfirewall.cc

Go to the documentation of this file.
00001 /*
00002  * Worldvisions Weaver Software:
00003  *   Copyright (C) 1997-2002 Net Integration Technologies, Inc.
00004  * 
00005  * WvIPFirewall is an extremely simple hackish class that handles the Linux
00006  * 2.4 "iptables" firewall.  See wvipfirewall.h.
00007  */
00008 #include "wvipfirewall.h"
00009 #include "wvinterface.h"
00010 #include <unistd.h>
00011 
00012 
00013 bool WvIPFirewall::enable = false, WvIPFirewall::ignore_errors = true;
00014 
00015 
00016 WvIPFirewall::WvIPFirewall()
00017 {
00018     // don't change any firewall rules here!  Remember that there may be
00019     // more than one instance of the firewall object.
00020 }
00021 
00022 
00023 WvIPFirewall::~WvIPFirewall()
00024 {
00025     zap();
00026 }
00027 
00028 
00029 WvString WvIPFirewall::port_command(const char *cmd, const char *proto,
00030                                     const WvIPPortAddr &addr)
00031 {
00032     WvIPAddr ad(addr), none;
00033     
00034     return WvString("iptables %s Services -j ACCEPT -p %s "
00035                     "%s --dport %s "
00036                     "%s",
00037                     cmd, proto,
00038                     ad == none ? WvString("") : WvString("-d %s", ad),
00039                     addr.port,
00040                     shutup());
00041 }
00042 
00043 
00044 WvString WvIPFirewall::redir_command(const char *cmd, const WvIPPortAddr &src,
00045                                      int dstport)
00046 {
00047     WvIPAddr ad(src), none;
00048     
00049     return WvString("iptables -t nat %s TProxy "
00050                     "-p tcp %s --dport %s "
00051                     "-j REDIRECT --to-ports %s "
00052                     "%s",
00053                     cmd,
00054                     ad == none ? WvString("") : WvString("-d %s", ad),
00055                     src.port, dstport,
00056                     shutup());
00057 }
00058 
00059 
00060 WvString WvIPFirewall::proto_command(const char *cmd, const char *proto)
00061 {
00062     return WvString("iptables %s Services -p %s -j ACCEPT "
00063                     "%s",
00064                     cmd, proto, shutup());
00065 }
00066 
00067 
00068 void WvIPFirewall::add_port(const WvIPPortAddr &addr)
00069 {
00070     addrs.append(new WvIPPortAddr(addr), true);
00071     WvString s(port_command("-A", "tcp", addr)),
00072             s2(port_command("-A", "udp", addr));
00073     if (enable)
00074     {
00075         system(s);
00076         system(s2);
00077     }
00078 }
00079 
00080 
00081 // note!  This does not remove the address from the list, only the kernel!
00082 void WvIPFirewall::del_port(const WvIPPortAddr &addr)
00083 {
00084     WvIPPortAddrList::Iter i(addrs);
00085     for (i.rewind(); i.next(); )
00086     {
00087         if (*i == addr)
00088         {
00089             WvString s(port_command("-D", "tcp", addr)),
00090                     s2(port_command("-D", "udp", addr));
00091             if (enable)
00092             {
00093                 system(s);
00094                 system(s2);
00095             }
00096             return;
00097         }
00098     }
00099 }
00100 
00101 
00102 void WvIPFirewall::add_redir(const WvIPPortAddr &src, int dstport)
00103 {
00104     redirs.append(new Redir(src, dstport), true);
00105     WvString s(redir_command("-A", src, dstport));
00106     if (enable) system(s);
00107 }
00108 
00109 
00110 void WvIPFirewall::del_redir(const WvIPPortAddr &src, int dstport)
00111 {
00112     RedirList::Iter i(redirs);
00113     for (i.rewind(); i.next(); )
00114     {
00115         if (i->src == src && i->dstport == dstport)
00116         {
00117             WvString s(redir_command("-D", src, dstport));
00118             if (enable) system(s);
00119             return;
00120         }
00121     }
00122 }
00123 
00124 
00125 void WvIPFirewall::add_proto(WvStringParm proto)
00126 {
00127     protos.append(new WvString(proto), true);
00128     WvString s(proto_command("-A", proto));
00129     if (enable) system(s);
00130 }
00131 
00132 
00133 void WvIPFirewall::del_proto(WvStringParm proto)
00134 {
00135     WvStringList::Iter i(protos);
00136     for (i.rewind(); i.next(); )
00137     {
00138         if (*i == proto)
00139         {
00140             WvString s(proto_command("-D", proto));
00141             if (enable) system(s);
00142             return;
00143         }
00144     }
00145 }
00146 
00147 
00148 // clear out our portion of the firewall
00149 void WvIPFirewall::zap()
00150 {
00151     WvIPPortAddrList::Iter i(addrs);
00152     for (i.rewind(); i.next(); )
00153     {
00154         del_port(*i);
00155         i.xunlink();
00156     }
00157     
00158     RedirList::Iter i2(redirs);
00159     for (i2.rewind(); i2.next(); )
00160     {
00161         del_redir(i2->src, i2->dstport);
00162         i2.xunlink();
00163     }
00164     
00165     WvStringList::Iter i3(protos);
00166     for (i3.rewind(); i3.next(); )
00167     {
00168         del_proto(*i3);
00169         i3.xunlink();
00170     }
00171 }

Generated on Wed Dec 15 15:08:11 2004 for WvStreams by  doxygen 1.3.9.1