def test_rules(): redir = Redirector() redir.localaddr = "1.2.3.4" assert "-j DNAT -p tcp -m multiport --destination-ports 123 --to-destination 1.2.3.4:555" == \ redir._create_nat_rule("tcp", [123], 555) assert "-j DNAT -p tcp -m multiport --destination-ports 123,456 --to-destination 1.2.3.4:555" == \ redir._create_nat_rule("tcp", [123, 456], 555) assert "-j DNAT -p tcp -m multiport --destination-ports 123,456 --to-destination 1.2.3.4" == \ redir._create_nat_rule("tcp", [123, 456], None) assert "-j DNAT -p tcp --to-destination 1.2.3.4:555" == redir._create_nat_rule( "tcp", [], outport=555) assert "-j DNAT --to-destination 1.2.3.4" == redir._create_nat_rule( None, [], None)
def test_rules(): redir = Redirector() redir.localaddr = "1.2.3.4" assert "-j DNAT -p tcp -m multiport --destination-ports 123 --to-destination 1.2.3.4:555" == \ redir._create_nat_rule("tcp", [123], 555) assert "-j DNAT -p tcp -m multiport --destination-ports 123,456 --to-destination 1.2.3.4:555" == \ redir._create_nat_rule("tcp", [123, 456], 555) assert "-j DNAT -p tcp -m multiport --destination-ports 123,456 --to-destination 1.2.3.4" == \ redir._create_nat_rule("tcp", [123, 456], None) assert "-j DNAT -p tcp --to-destination 1.2.3.4:555" == redir._create_nat_rule("tcp", [], outport=555) assert "-j DNAT --to-destination 1.2.3.4" == redir._create_nat_rule(None, [], None)
def redirection(config, listeners): """Setup port forwarding and redirection for the given listeners/config. """ if not Redirector.available(): log.warn("Connection redirection enabled but not available. " "Ensure 'iptables' is installed and current user has sufficient privileges.") return if Redirector.existing_rules(): log.warn("Existing rules found in iptables. Not enabling connection redirection in case of conflict.") return redir = Redirector() # pass through all listener ports for listener in [ x for x in listeners if x.socktype in ['SSL', 'TCP'] ]: redir.add_forwarding("tcp", listener.ports) # pass through any explicitly excluded ports exclusions = list(parseints(config.cfg.get("redirection", "port_exclusions"))) if exclusions: redir.add_forwarding("tcp", exclusions) # forward all other ports to generic listener generic = config.cfg.get("redirection", "port_forwarding") if generic: redir.add_forwarding("tcp", outport=generic) # forward all protocols to local address redir.add_forwarding()
def redirection(config, listeners): """Setup port forwarding and redirection for the given listeners/config. """ if not Redirector.available(): log.warn( "Connection redirection enabled but not available. " "Ensure 'iptables' is installed and current user has sufficient privileges." ) return if Redirector.existing_rules(): log.warn( "Existing rules found in iptables. Not enabling connection redirection in case of conflict." ) return redir = Redirector() # pass through all listener ports for listener in [x for x in listeners if x.socktype in ['SSL', 'TCP']]: redir.add_forwarding("tcp", listener.ports) # pass through any explicitly excluded ports exclusions = list( parseints(config.cfg.get("redirection", "port_exclusions"))) if exclusions: redir.add_forwarding("tcp", exclusions) # forward all other ports to generic listener generic = config.cfg.get("redirection", "port_forwarding") if generic: redir.add_forwarding("tcp", outport=generic) # forward all protocols to local address redir.add_forwarding()