def main(daemon_enable, pid_file, settings_file=SETTINGS_FILE): # begin! config = ConfigParserPlus(DEFAULT_SETTINGS) print "Loading configuration: %s" % settings_file if not config.read(settings_file): print "Failure reading configuration file!" exit(1) print "Setting configuration values..." iptables.IPTABLES = config.get('tollgate', 'iptables') iptables.INTERN_IFACE = config.get('tollgate', 'internal_iface') iptables.EXTERN_IFACE = config.get('tollgate', 'external_iface') iptables.CAPTIVE_RULE = config.get('tollgate', 'captive_rule') iptables.ALLOWED_RULE = config.get('tollgate', 'allowed_rule') iptables.UNMETERED_RULE = config.get('tollgate', 'unmetered_rule') iptables.BLACKLIST_RULE = config.get('tollgate', 'blacklist_rule') iptables.IP4PF_RULE = config.get('tollgate', 'ip4pf_rule') iptables.USER_RULE_PREFIX = config.get('tollgate', 'user_rule_prefix') iptables.LIMIT_RULE_PREFIX = config.get('tollgate', 'limit_rule_prefix') iptables.REJECT_MODE = config.get('tollgate', 'reject_mode') iptables.REJECT_TCP_RESET = config.getboolean('tollgate', 'reject_reset_tcp') iptables.DEBUG = config.getboolean('tollgate', 'debug') iptables.CAPTIVE_ENABLED = config.getboolean('captive', 'enable') iptables.CAPTIVE_PORT = config.getint('captive', 'port') if config.has_option('tollgate', 'arp_table_size'): iptables.GC_THRESH = config.getint('tollgate', 'arp_table_size') if iptables.USER_RULE_PREFIX == iptables.LIMIT_RULE_PREFIX: raise Exception, "user rule prefix must be different to the limit rule prefix" # get unmetered firewall rules unmetered_hosts = None if config.has_section('unmetered'): unmetered_hosts = config.items('unmetered') # get blacklist blacklist_hosts = None if config.has_section('blacklist'): blacklist_hosts = config.items('blacklist') print "Creating DBUS API..." b = iptables.setup_dbus() print "Creating NAT..." iptables.create_nat() if unmetered_hosts != None: print "Setting unmetered hosts..." parse_hostlist(unmetered_hosts, iptables.add_unmetered) if blacklist_hosts != None: print "Setting blacklist hosts..." parse_hostlist(blacklist_hosts, iptables.add_blacklist) print "Starting DBUS Server (only debug messages will appear now)" try: iptables.boot_dbus(daemon_enable, b, pid_file) except KeyboardInterrupt: print "Got Control-C!" exit(0)
if iptables.USER_RULE_PREFIX == iptables.LIMIT_RULE_PREFIX: raise Exception, "user rule prefix must be different to the limit rule prefix" # get unmetered firewall rules unmetered_hosts = None if config.has_section('unmetered'): unmetered_hosts = config.items('unmetered') # get blacklist blacklist_hosts = None if config.has_section('blacklist'): blacklist_hosts = config.items('blacklist') print "Creating DBUS API..." iptables.setup_dbus() print "Creating NAT..." iptables.create_nat() if unmetered_hosts != None: print "Setting unmetered hosts..." parse_hostlist(unmetered_hosts, iptables.add_unmetered) if blacklist_hosts != None: print "Setting blacklist hosts..." parse_hostlist(blacklist_hosts, iptables.add_blacklist) print "Starting DBUS Server (only debug messages will appear now)" try: iptables.boot_dbus() except KeyboardInterrupt:
def main(daemon_enable, pid_file, settings_file=SETTINGS_FILE): # begin! config = ConfigParser() config.read_dict(DEFAULT_SETTINGS) print "Loading configuration: %s" % settings_file if not config.read([ settings_file, ]): print "Failure reading configuration file!" exit(1) print "Setting configuration values..." # FIXME: this should be done with proper classes instead of ugly global variables. iptables.IPTABLES = config.get('tollgate', 'iptables') iptables.IPSET = config.get('tollgate', 'ipset') iptables.INTERN_IFACE = config.get('tollgate', 'internal_iface') iptables.EXTERN_IFACE = config.get('tollgate', 'external_iface') iptables.CAPTIVE_RULE = config.get('tollgate', 'captive_rule') iptables.ALLOWED_RULE = config.get('tollgate', 'allowed_rule') iptables.UNMETERED_RULE = config.get('tollgate', 'unmetered_rule') iptables.BLACKLIST_RULE = config.get('tollgate', 'blacklist_rule') iptables.IP4PF_RULE = config.get('tollgate', 'ip4pf_rule') iptables.USER_RULE_PREFIX = config.get('tollgate', 'user_rule_prefix') iptables.LIMIT_RULE_PREFIX = config.get('tollgate', 'limit_rule_prefix') iptables.IPSET_PREFIX = config.get('tollgate', 'ipset_prefix') iptables.IPMACSET_PREFIX = config.get('tollgate', 'ipmacset_prefix') iptables.REJECT_MODE = config.get('tollgate', 'reject_mode') iptables.REJECT_TCP_RESET = config.getboolean('tollgate', 'reject_reset_tcp') iptables.DEBUG = config.getboolean('tollgate', 'debug') iptables.CAPTIVE_ENABLED = config.getboolean('captive', 'enable') iptables.CAPTIVE_PORT = config.getint('captive', 'port') if config.has_option('tollgate', 'arp_table_size'): iptables.GC_THRESH = config.getint('tollgate', 'arp_table_size') if iptables.USER_RULE_PREFIX == iptables.LIMIT_RULE_PREFIX: raise Exception, "user rule prefix must be different to the limit rule prefix" # get unmetered firewall rules unmetered_hosts = None if config.has_section('unmetered'): unmetered_hosts = config.items('unmetered') # get blacklist blacklist_hosts = None if config.has_section('blacklist'): blacklist_hosts = config.items('blacklist') # get network interface configuration for LAN side # TODO: replace this. This does some sanity checks iface_info = iptables.run_capture_output('ip', '-4', 'addr', 'show', 'dev', iptables.INTERN_IFACE).split('\n') if len(iface_info) != 3: print "Error: Interface %s (internal side) does not have exactly 1 IPv4 address defined." % iptables.INTERN_IFACE exit(1) ip_parts = iface_info[1].split() assert ip_parts[0] == 'inet', 'Interface does not have inet address!?' assert '/' in ip_parts[1], 'Does not appear to be a CIDR address?' # This gives slightly funny address, but ipset doesn't care that the IP in # here is not the network address (but the host address). iptables.INTERN_SUBNET = ip_parts[1] print "Creating DBUS API..." b = iptables.setup_dbus() print "Creating NAT..." iptables.create_nat() if unmetered_hosts != None: print "Setting unmetered hosts..." parse_hostlist(unmetered_hosts, iptables.add_unmetered) if blacklist_hosts != None: print "Setting blacklist hosts..." parse_hostlist(blacklist_hosts, iptables.add_blacklist) print "Starting DBUS Server (only debug messages will appear now)" try: iptables.boot_dbus(daemon_enable, b, pid_file) except KeyboardInterrupt: print "Got Control-C!" exit(0)
def main(daemon_enable, pid_file, settings_file=SETTINGS_FILE): # begin! config = ConfigParser() config.read_dict(DEFAULT_SETTINGS) print "Loading configuration: %s" % settings_file if not config.read([settings_file,]): print "Failure reading configuration file!" exit(1) print "Setting configuration values..." # FIXME: this should be done with proper classes instead of ugly global variables. iptables.IPTABLES = config.get('tollgate', 'iptables') iptables.IPSET = config.get('tollgate', 'ipset') iptables.INTERN_IFACE = config.get('tollgate', 'internal_iface') iptables.EXTERN_IFACE = config.get('tollgate', 'external_iface') iptables.CAPTIVE_RULE = config.get('tollgate', 'captive_rule') iptables.ALLOWED_RULE = config.get('tollgate', 'allowed_rule') iptables.UNMETERED_RULE = config.get('tollgate', 'unmetered_rule') iptables.BLACKLIST_RULE = config.get('tollgate', 'blacklist_rule') iptables.IP4PF_RULE = config.get('tollgate', 'ip4pf_rule') iptables.USER_RULE_PREFIX = config.get('tollgate', 'user_rule_prefix') iptables.LIMIT_RULE_PREFIX = config.get('tollgate', 'limit_rule_prefix') iptables.IPSET_PREFIX = config.get('tollgate', 'ipset_prefix') iptables.IPMACSET_PREFIX = config.get('tollgate', 'ipmacset_prefix') iptables.REJECT_MODE = config.get('tollgate', 'reject_mode') iptables.REJECT_TCP_RESET = config.getboolean('tollgate', 'reject_reset_tcp') iptables.DEBUG = config.getboolean('tollgate', 'debug') iptables.CAPTIVE_ENABLED = config.getboolean('captive', 'enable') iptables.CAPTIVE_PORT = config.getint('captive', 'port') if config.has_option('tollgate', 'arp_table_size'): iptables.GC_THRESH = config.getint('tollgate', 'arp_table_size') if iptables.USER_RULE_PREFIX == iptables.LIMIT_RULE_PREFIX: raise Exception, "user rule prefix must be different to the limit rule prefix" # get unmetered firewall rules unmetered_hosts = None if config.has_section('unmetered'): unmetered_hosts = config.items('unmetered') # get blacklist blacklist_hosts = None if config.has_section('blacklist'): blacklist_hosts = config.items('blacklist') # get network interface configuration for LAN side # TODO: replace this. This does some sanity checks iface_info = iptables.run_capture_output('ip', '-4', 'addr', 'show', 'dev', iptables.INTERN_IFACE).split('\n') if len(iface_info) != 3: print "Error: Interface %s (internal side) does not have exactly 1 IPv4 address defined." % iptables.INTERN_IFACE exit(1) ip_parts = iface_info[1].split() assert ip_parts[0] == 'inet', 'Interface does not have inet address!?' assert '/' in ip_parts[1], 'Does not appear to be a CIDR address?' # This gives slightly funny address, but ipset doesn't care that the IP in # here is not the network address (but the host address). iptables.INTERN_SUBNET = ip_parts[1] print "Creating DBUS API..." b = iptables.setup_dbus() print "Creating NAT..." iptables.create_nat() if unmetered_hosts != None: print "Setting unmetered hosts..." parse_hostlist(unmetered_hosts, iptables.add_unmetered) if blacklist_hosts != None: print "Setting blacklist hosts..." parse_hostlist(blacklist_hosts, iptables.add_blacklist) print "Starting DBUS Server (only debug messages will appear now)" try: iptables.boot_dbus(daemon_enable, b, pid_file) except KeyboardInterrupt: print "Got Control-C!" exit(0)
if iptables.USER_RULE_PREFIX == iptables.LIMIT_RULE_PREFIX: raise Exception, "user rule prefix must be different to the limit rule prefix" # get unmetered firewall rules unmetered_hosts = None if config.has_section('unmetered'): unmetered_hosts = config.items('unmetered') # get blacklist blacklist_hosts = None if config.has_section('blacklist'): blacklist_hosts = config.items('blacklist') print "Creating DBUS API..." iptables.setup_dbus() print "Creating NAT..." iptables.create_nat() if unmetered_hosts != None: print "Setting unmetered hosts..." parse_hostlist(unmetered_hosts, iptables.add_unmetered) if blacklist_hosts != None: print "Setting blacklist hosts..." parse_hostlist(blacklist_hosts, iptables.add_blacklist) print "Starting DBUS Server (only debug messages will appear now)" try: iptables.boot_dbus()