def init_network(args):
for chain in CUSTOM_CHAINS:
helpers.create_chain(chain)
helpers.set_chain_policy(chain, 'DROP')
for s in SETS:
helpers.create_set(s)
helpers.parse_arguments_teams(args)
helpers.add_rules(INIT_RULES)
helpers.add_rules(ALLOW_SSH_RULES)
helpers.set_chain_policy('INPUT', 'DROP')
helpers.set_chain_policy('FORWARD', 'DROP')
for team in args.teams:
team_subnet = helpers.get_team_subnet(team)
vulnbox_ip = helpers.get_vuln_ip(team)
helpers.add_to_set('same-team', team_subnet, team_subnet)
helpers.add_to_set('team-vulnbox', team_subnet, vulnbox_ip)
helpers.add_rules(get_team2vuln_rules())
helpers.add_rules(get_in_team_rules())
# just add the rules to the chain
helpers.add_rules(OPEN_NETWORK_RULES)
close_network(args)
helpers.logger.info('Enabling ip forwarding')
if not helpers.DRY_RUN:
with open('/proc/sys/net/ipv4/ip_forward', 'w') as f:
f.write('1')
def init_network(*, teams: List[int], **_kwargs):
if teams is None:
logger.error('Specify all required parameters: teams')
exit(1)
rules = INIT_RULES + get_team2vuln_rules(teams)
add_rules(rules)
add_drop_rules()
logger.info('Enabling ip forwarding')
if not DRY_RUN:
with open('/proc/sys/net/ipv4/ip_forward', 'w') as f:
f.write('1')
def init_network(**_kwargs):
rules = INIT_RULES
add_rules(rules)
add_drop_rules()
needs_forwarding = False
with open('/proc/sys/net/ipv4/ip_forward', 'r') as f:
if f.read().strip() != 1:
needs_forwarding = True
if needs_forwarding:
logger.info('Enabling ip forwarding')
if not DRY_RUN:
with open('/proc/sys/net/ipv4/ip_forward', 'w') as f:
f.write('1')
def open_network(*_args, **_kwargs):
remove_drop_rules()
add_rules(OPEN_NETWORK_RULES)
add_drop_rules()
def add_drop_rules(*_args, **_kwargs):
add_rules(ALLOW_SSH_RULES)
add_rules(DROP_RULES)
def close_network(_args):
helpers.remove_rules(OPEN_NETWORK_FORWARDING)
helpers.add_rules(CLOSED_NETWORK_FORWARDING)