コード例 #1
0
ファイル: ruletranslator.py プロジェクト: catmanjan/fireman
def stop_service(service):
    """
    (Service) -> None
    """
    chain="fm_"+service.name
    jump_rule = services_conf.Rule()
    jump_rule.action=chain
    my_cond = {}
    my_cond["type"]=u"Portequals"
    my_cond["value"]=service.port
    jump_rule.condition=services_conf.Condition(my_cond)
    delete_rule(jump_rule,"iptables")
    iptables.delete_chain(chain)
コード例 #2
0
ファイル: ruletranslator.py プロジェクト: catmanjan/fireman
def start_service(service):
    """
    (Service) -> None
    """
    chain=u"fm_"+service.name
    iptables.delete_chain(chain)
    iptables.add_chain(chain)
    jump_rule = services_conf.Rule()
    jump_rule.action=chain
    my_cond = {}
    my_cond["type"]=u"Portequals"
    my_cond["value"]=service.port
    jump_rule.condition=services_conf.Condition(my_cond)
    # TODO: if service is called init or final, add at start or end
    add_rule(jump_rule, "iptables", "INPUT", service.transport)

    # A service doesn't really need rules.
    if hasattr(service,'rules'):    
        for rule in service.rules:
            add_rule(rule, "iptables", chain, service.transport)
コード例 #3
0
ファイル: tcp_service.py プロジェクト: GD-HBX/fqrouter
def delete_iptables_rules():
    iptables.delete_nfqueue_rules(2)
    iptables.delete_rules(RULES)
    iptables.delete_chain('fq_INPUT')
    iptables.delete_chain('fq_OUTPUT')
    iptables.delete_chain('fq_FORWARD')
コード例 #4
0
ファイル: endpoint.py プロジェクト: grycap/ipfloater
    def iptables_apply(self):
        """
        This method executes the needed funtions to create the iptables rules that will make possible the redirection stated by the endpoint.
          The method is able to detect wether the names of the rules are already occupied or not. If the names needed for the rules are occuppied,
          depending on the configuration, the method will delete the existing rules or not.
          
        # solucion de nat loopback: en postrouting, si el source es la LAN y el destino es     
        # iptables -t nat -A ipfl-rule-0-POSTROUTING -s 10.3.0.5/24 -d 10.3.0.5/32 -p tcp --dport 22 -j SNAT --to-source 10.0.0.69
        """
        result, msg = True, ""
        table = iptc.Table(iptc.Table.NAT)
        table.refresh()
        table.autocommit = False
        rule_return = iptc.Rule()
        rule_return.target = iptc.Target(rule_return, "RETURN")

        try:
            # OUTPUT Rules
            if iptables.chain_exists(table, "ipfl-rule-%s-OUTPUT" % self.id):
                if OVERWRITE_RULES:
                    iptables.unlink_chains(table, "ipfloater-OUTPUT", "ipfl-rule-%s-OUTPUT" % self.id)
                    iptables.delete_chain(table, "ipfl-rule-%s-OUTPUT" % self.id)
                else:
                    msg = _LOGGER.log("chain ipfl-rule-%s-OUTPUT already exists" % self.id, logging.WARNING)
                    raise Exception(msg)
            if iptables.chain_exists(table, "ipfl-rule-%s-PREROUTING" % self.id):
                if OVERWRITE_RULES:
                    iptables.unlink_chains(table, "ipfloater-PREROUTING", "ipfl-rule-%s-PREROUTING" % self.id)
                    iptables.delete_chain(table, "ipfl-rule-%s-PREROUTING" % self.id)
                else:
                    msg = _LOGGER.log("chain ipfl-rule-%s-PREROUTING already exists" % self.id, logging.WARNING)
                    raise Exception(msg)
            if iptables.chain_exists(table, "ipfl-rule-%s-POSTROUTING" % self.id):
                if OVERWRITE_RULES:
                    iptables.unlink_chains(table, "ipfloater-POSTROUTING", "ipfl-rule-%s-POSTROUTING" % self.id)
                    iptables.delete_chain(table, "ipfl-rule-%s-POSTROUTING" % self.id)
                else:
                    msg = _LOGGER.log("chain ipfl-rule-%s-POSTROUTING already exists" % self.id, logging.WARNING)
                    raise Exception(msg)

            chain_out = table.create_chain("ipfl-rule-%s-OUTPUT" % self.id)
            rule_out = iptc.Rule()

            if self.private_port != 0:
                rule_out.protocol = "tcp"
                match = iptc.Match(rule_out, "tcp")
                match.dport = str(self.public_port)
                rule_out.add_match(match)

            rule_out.dst = "%s/32" % self.public_ip
            rule_out.target = rule_out.create_target("DNAT")
            if self.public_port == 0:
                rule_out.target.to_destination = self.private_ip
            else:
                rule_out.target.to_destination = "%s:%d" % (self.private_ip, self.private_port)

            chain_out.append_rule(rule_out)
            # chain_out.append_rule(rule_return)
            iptables.link_chains(table, "ipfloater-OUTPUT", "ipfl-rule-%s-OUTPUT" % self.id)

            # PREROUTING RULES
            chain_pre = table.create_chain("ipfl-rule-%s-PREROUTING" % self.id)
            chain_pre.append_rule(rule_out)
            # chain_pre.append_rule(rule_return)
            iptables.link_chains(table, "ipfloater-PREROUTING", "ipfl-rule-%s-PREROUTING" % self.id)

            # POSTROUTING RULES
            chain_post = table.create_chain("ipfl-rule-%s-POSTROUTING" % self.id)
            rule_post = iptc.Rule()

            if self.public_port != 0:
                rule_post.protocol = "tcp"
                match = iptc.Match(rule_post, "tcp")
                match.dport = str(self.private_port)
                rule_post.add_match(match)

            rule_post.src = "%s/32" % self.private_ip
            rule_post.target = rule_post.create_target("SNAT")

            if self.public_port == 0:
                rule_post.target.to_source = self.public_ip
            else:
                rule_post.target.to_source = "%s:%d" % (self.public_ip, self.public_port)
            chain_post.append_rule(rule_post)
            # chain_post.append_rule(rule_return)
            iptables.link_chains(table, "ipfloater-POSTROUTING", "ipfl-rule-%s-POSTROUTING" % self.id)

            table.commit()
            table.autocommit = True
        except:
            result = False

        return result, msg
コード例 #5
0
def delete_iptables_rules():
    iptables.delete_rules(RULES)
    iptables.delete_nfqueue_rules(2)
    iptables.delete_chain('scramble_INPUT')
    iptables.delete_chain('scramble_OUTPUT')
    iptables.delete_chain('scramble_FORWARD')
コード例 #6
0
def delete_iptables_rules():
    iptables.delete_rules(RULES)
    iptables.delete_chain('fp_PREROUTING')
    iptables.delete_chain('fp_OUTPUT')
コード例 #7
0
ファイル: full_proxy_service.py プロジェクト: jieah/fqrouter
def delete_iptables_rules():
    iptables.delete_rules(RULES)
    iptables.delete_chain('fp_PREROUTING')
    iptables.delete_chain('fp_OUTPUT')