Main Page   Class Hierarchy   Compound List   File List   Compound Members   File Members  

wvipfirewall.cc

Go to the documentation of this file.
00001 /*
00002  * Worldvisions Weaver Software:
00003  *   Copyright (C) 1997-2002 Net Integration Technologies, Inc.
00004  * 
00005  * WvIPFirewall is an extremely simple hackish class that handles the Linux
00006  * 2.1/2.2 "ipchains" firewall.  It's okay to create more than one instance
00007  * of this class; they'll co-operate.
00008  * 
00009  * They need you to have created WvDynam and WvRedir chains already,
00010  * however, and call them from the right places in the Input and/or Forward
00011  * firewalls.
00012  */
00013 #include "wvipfirewall.h"
00014 #include "wvinterface.h"
00015 #include <unistd.h>
00016 
00017 
00018 bool WvIPFirewall::enable = false;
00019 
00020 
00021 WvIPFirewall::WvIPFirewall()
00022 {
00023 }
00024 
00025 
00026 WvIPFirewall::~WvIPFirewall()
00027 {
00028     zap();
00029 }
00030 
00031 
00032 WvString WvIPFirewall::port_command(const char *cmd, const char *proto,
00033                                     const WvIPPortAddr &addr)
00034 {
00035     WvIPAddr ad(addr), none;
00036     
00037     return WvString("iptables %s Services -j ACCEPT -p %s "
00038                     "%s --dport %s",
00039                     cmd, proto,
00040                     ad == none ? WvString("") : WvString("-d %s", ad),
00041                     addr.port);
00042 }
00043 
00044 
00045 WvString WvIPFirewall::redir_command(const char *cmd, const WvIPPortAddr &src,
00046                                      int dstport)
00047 {
00048     WvIPAddr ad(src), none;
00049     
00050     return WvString("iptables -t nat %s TProxy "
00051                     "-p tcp %s --dport %s "
00052                     "-j REDIRECT --to-ports %s",
00053                     cmd,
00054                     ad == none ? WvString("") : WvString("-d %s", ad),
00055                     src.port, dstport);
00056 }
00057 
00058 
00059 void WvIPFirewall::add_port(const WvIPPortAddr &addr)
00060 {
00061     addrs.append(new WvIPPortAddr(addr), true);
00062     WvString s(port_command("-A", "tcp", addr)),
00063             s2(port_command("-A", "udp", addr));
00064     if (enable)
00065     {
00066         system(s);
00067         system(s2);
00068     }
00069 }
00070 
00071 
00072 // note!  This does not remove the address from the list, only the kernel!
00073 void WvIPFirewall::del_port(const WvIPPortAddr &addr)
00074 {
00075     WvIPPortAddrList::Iter i(addrs);
00076     for (i.rewind(); i.next(); )
00077     {
00078         if (*i == addr)
00079         {
00080             WvString s(port_command("-D", "tcp", addr)),
00081                     s2(port_command("-D", "udp", addr));
00082             if (enable)
00083             {
00084                 system(s);
00085                 system(s2);
00086             }
00087             return;
00088         }
00089     }
00090 }
00091 
00092 
00093 void WvIPFirewall::add_redir(const WvIPPortAddr &src, int dstport)
00094 {
00095     redirs.append(new Redir(src, dstport), true);
00096     WvString s(redir_command("-A", src, dstport));
00097     if (enable) system(s);
00098 }
00099 
00100 
00101 void WvIPFirewall::del_redir(const WvIPPortAddr &src, int dstport)
00102 {
00103     RedirList::Iter i(redirs);
00104     for (i.rewind(); i.next(); )
00105     {
00106         if (i->src == src && i->dstport == dstport)
00107         {
00108             WvString s(redir_command("-D", src, dstport));
00109             if (enable) system(s);
00110             return;
00111         }
00112     }
00113 }
00114 
00115 
00116 void WvIPFirewall::add_proto(const WvString proto)
00117 {
00118     system(WvString("iptables -A Services -p %s -j ACCEPT", proto));
00119 }
00120 
00121 
00122 void WvIPFirewall::zap()
00123 {
00124     WvIPPortAddrList::Iter i(addrs);
00125     for (i.rewind(); i.next(); )
00126     {
00127         del_port(*i);
00128         i.xunlink();
00129     }
00130     
00131     RedirList::Iter i2(redirs);
00132     for (i2.rewind(); i2.next(); )
00133     {
00134         del_redir(i2->src, i2->dstport);
00135         i2.xunlink();
00136     }
00137 }

Generated on Sat Aug 24 21:37:00 2002 for WvStreams by doxygen1.2.15