def main(daemon_enable, pid_file, settings_file=SETTINGS_FILE):
# begin!
config = ConfigParserPlus(DEFAULT_SETTINGS)
print "Loading configuration: %s" % settings_file
if not config.read(settings_file):
print "Failure reading configuration file!"
exit(1)
print "Setting configuration values..."
iptables.IPTABLES = config.get('tollgate', 'iptables')
iptables.INTERN_IFACE = config.get('tollgate', 'internal_iface')
iptables.EXTERN_IFACE = config.get('tollgate', 'external_iface')
iptables.CAPTIVE_RULE = config.get('tollgate', 'captive_rule')
iptables.ALLOWED_RULE = config.get('tollgate', 'allowed_rule')
iptables.UNMETERED_RULE = config.get('tollgate', 'unmetered_rule')
iptables.BLACKLIST_RULE = config.get('tollgate', 'blacklist_rule')
iptables.IP4PF_RULE = config.get('tollgate', 'ip4pf_rule')
iptables.USER_RULE_PREFIX = config.get('tollgate', 'user_rule_prefix')
iptables.LIMIT_RULE_PREFIX = config.get('tollgate', 'limit_rule_prefix')
iptables.REJECT_MODE = config.get('tollgate', 'reject_mode')
iptables.REJECT_TCP_RESET = config.getboolean('tollgate', 'reject_reset_tcp')
iptables.DEBUG = config.getboolean('tollgate', 'debug')
iptables.CAPTIVE_ENABLED = config.getboolean('captive', 'enable')
iptables.CAPTIVE_PORT = config.getint('captive', 'port')
if config.has_option('tollgate', 'arp_table_size'):
iptables.GC_THRESH = config.getint('tollgate', 'arp_table_size')
if iptables.USER_RULE_PREFIX == iptables.LIMIT_RULE_PREFIX:
raise Exception, "user rule prefix must be different to the limit rule prefix"
# get unmetered firewall rules
unmetered_hosts = None
if config.has_section('unmetered'):
unmetered_hosts = config.items('unmetered')
# get blacklist
blacklist_hosts = None
if config.has_section('blacklist'):
blacklist_hosts = config.items('blacklist')
print "Creating DBUS API..."
b = iptables.setup_dbus()
print "Creating NAT..."
iptables.create_nat()
if unmetered_hosts != None:
print "Setting unmetered hosts..."
parse_hostlist(unmetered_hosts, iptables.add_unmetered)
if blacklist_hosts != None:
print "Setting blacklist hosts..."
parse_hostlist(blacklist_hosts, iptables.add_blacklist)
print "Starting DBUS Server (only debug messages will appear now)"
try:
iptables.boot_dbus(daemon_enable, b, pid_file)
except KeyboardInterrupt:
print "Got Control-C!"
exit(0)
# get unmetered firewall rules
unmetered_hosts = None
if config.has_section('unmetered'):
unmetered_hosts = config.items('unmetered')
# get blacklist
blacklist_hosts = None
if config.has_section('blacklist'):
blacklist_hosts = config.items('blacklist')
print "Creating DBUS API..."
iptables.setup_dbus()
print "Creating NAT..."
iptables.create_nat()
if unmetered_hosts != None:
print "Setting unmetered hosts..."
parse_hostlist(unmetered_hosts, iptables.add_unmetered)
if blacklist_hosts != None:
print "Setting blacklist hosts..."
parse_hostlist(blacklist_hosts, iptables.add_blacklist)
print "Starting DBUS Server (only debug messages will appear now)"
try:
iptables.boot_dbus()
except KeyboardInterrupt:
print "Got Control-C!"
exit(0)
def main(daemon_enable, pid_file, settings_file=SETTINGS_FILE):
# begin!
config = ConfigParser()
config.read_dict(DEFAULT_SETTINGS)
print "Loading configuration: %s" % settings_file
if not config.read([
settings_file,
]):
print "Failure reading configuration file!"
exit(1)
print "Setting configuration values..."
# FIXME: this should be done with proper classes instead of ugly global variables.
iptables.IPTABLES = config.get('tollgate', 'iptables')
iptables.IPSET = config.get('tollgate', 'ipset')
iptables.INTERN_IFACE = config.get('tollgate', 'internal_iface')
iptables.EXTERN_IFACE = config.get('tollgate', 'external_iface')
iptables.CAPTIVE_RULE = config.get('tollgate', 'captive_rule')
iptables.ALLOWED_RULE = config.get('tollgate', 'allowed_rule')
iptables.UNMETERED_RULE = config.get('tollgate', 'unmetered_rule')
iptables.BLACKLIST_RULE = config.get('tollgate', 'blacklist_rule')
iptables.IP4PF_RULE = config.get('tollgate', 'ip4pf_rule')
iptables.USER_RULE_PREFIX = config.get('tollgate', 'user_rule_prefix')
iptables.LIMIT_RULE_PREFIX = config.get('tollgate', 'limit_rule_prefix')
iptables.IPSET_PREFIX = config.get('tollgate', 'ipset_prefix')
iptables.IPMACSET_PREFIX = config.get('tollgate', 'ipmacset_prefix')
iptables.REJECT_MODE = config.get('tollgate', 'reject_mode')
iptables.REJECT_TCP_RESET = config.getboolean('tollgate',
'reject_reset_tcp')
iptables.DEBUG = config.getboolean('tollgate', 'debug')
iptables.CAPTIVE_ENABLED = config.getboolean('captive', 'enable')
iptables.CAPTIVE_PORT = config.getint('captive', 'port')
if config.has_option('tollgate', 'arp_table_size'):
iptables.GC_THRESH = config.getint('tollgate', 'arp_table_size')
if iptables.USER_RULE_PREFIX == iptables.LIMIT_RULE_PREFIX:
raise Exception, "user rule prefix must be different to the limit rule prefix"
# get unmetered firewall rules
unmetered_hosts = None
if config.has_section('unmetered'):
unmetered_hosts = config.items('unmetered')
# get blacklist
blacklist_hosts = None
if config.has_section('blacklist'):
blacklist_hosts = config.items('blacklist')
# get network interface configuration for LAN side
# TODO: replace this. This does some sanity checks
iface_info = iptables.run_capture_output('ip', '-4', 'addr', 'show', 'dev',
iptables.INTERN_IFACE).split('\n')
if len(iface_info) != 3:
print "Error: Interface %s (internal side) does not have exactly 1 IPv4 address defined." % iptables.INTERN_IFACE
exit(1)
ip_parts = iface_info[1].split()
assert ip_parts[0] == 'inet', 'Interface does not have inet address!?'
assert '/' in ip_parts[1], 'Does not appear to be a CIDR address?'
# This gives slightly funny address, but ipset doesn't care that the IP in
# here is not the network address (but the host address).
iptables.INTERN_SUBNET = ip_parts[1]
print "Creating DBUS API..."
b = iptables.setup_dbus()
print "Creating NAT..."
iptables.create_nat()
if unmetered_hosts != None:
print "Setting unmetered hosts..."
parse_hostlist(unmetered_hosts, iptables.add_unmetered)
if blacklist_hosts != None:
print "Setting blacklist hosts..."
parse_hostlist(blacklist_hosts, iptables.add_blacklist)
print "Starting DBUS Server (only debug messages will appear now)"
try:
iptables.boot_dbus(daemon_enable, b, pid_file)
except KeyboardInterrupt:
print "Got Control-C!"
exit(0)
def main(daemon_enable, pid_file, settings_file=SETTINGS_FILE):
# begin!
config = ConfigParser()
config.read_dict(DEFAULT_SETTINGS)
print "Loading configuration: %s" % settings_file
if not config.read([settings_file,]):
print "Failure reading configuration file!"
exit(1)
print "Setting configuration values..."
# FIXME: this should be done with proper classes instead of ugly global variables.
iptables.IPTABLES = config.get('tollgate', 'iptables')
iptables.IPSET = config.get('tollgate', 'ipset')
iptables.INTERN_IFACE = config.get('tollgate', 'internal_iface')
iptables.EXTERN_IFACE = config.get('tollgate', 'external_iface')
iptables.CAPTIVE_RULE = config.get('tollgate', 'captive_rule')
iptables.ALLOWED_RULE = config.get('tollgate', 'allowed_rule')
iptables.UNMETERED_RULE = config.get('tollgate', 'unmetered_rule')
iptables.BLACKLIST_RULE = config.get('tollgate', 'blacklist_rule')
iptables.IP4PF_RULE = config.get('tollgate', 'ip4pf_rule')
iptables.USER_RULE_PREFIX = config.get('tollgate', 'user_rule_prefix')
iptables.LIMIT_RULE_PREFIX = config.get('tollgate', 'limit_rule_prefix')
iptables.IPSET_PREFIX = config.get('tollgate', 'ipset_prefix')
iptables.IPMACSET_PREFIX = config.get('tollgate', 'ipmacset_prefix')
iptables.REJECT_MODE = config.get('tollgate', 'reject_mode')
iptables.REJECT_TCP_RESET = config.getboolean('tollgate', 'reject_reset_tcp')
iptables.DEBUG = config.getboolean('tollgate', 'debug')
iptables.CAPTIVE_ENABLED = config.getboolean('captive', 'enable')
iptables.CAPTIVE_PORT = config.getint('captive', 'port')
if config.has_option('tollgate', 'arp_table_size'):
iptables.GC_THRESH = config.getint('tollgate', 'arp_table_size')
if iptables.USER_RULE_PREFIX == iptables.LIMIT_RULE_PREFIX:
raise Exception, "user rule prefix must be different to the limit rule prefix"
# get unmetered firewall rules
unmetered_hosts = None
if config.has_section('unmetered'):
unmetered_hosts = config.items('unmetered')
# get blacklist
blacklist_hosts = None
if config.has_section('blacklist'):
blacklist_hosts = config.items('blacklist')
# get network interface configuration for LAN side
# TODO: replace this. This does some sanity checks
iface_info = iptables.run_capture_output('ip', '-4', 'addr', 'show', 'dev', iptables.INTERN_IFACE).split('\n')
if len(iface_info) != 3:
print "Error: Interface %s (internal side) does not have exactly 1 IPv4 address defined." % iptables.INTERN_IFACE
exit(1)
ip_parts = iface_info[1].split()
assert ip_parts[0] == 'inet', 'Interface does not have inet address!?'
assert '/' in ip_parts[1], 'Does not appear to be a CIDR address?'
# This gives slightly funny address, but ipset doesn't care that the IP in
# here is not the network address (but the host address).
iptables.INTERN_SUBNET = ip_parts[1]
print "Creating DBUS API..."
b = iptables.setup_dbus()
print "Creating NAT..."
iptables.create_nat()
if unmetered_hosts != None:
print "Setting unmetered hosts..."
parse_hostlist(unmetered_hosts, iptables.add_unmetered)
if blacklist_hosts != None:
print "Setting blacklist hosts..."
parse_hostlist(blacklist_hosts, iptables.add_blacklist)
print "Starting DBUS Server (only debug messages will appear now)"
try:
iptables.boot_dbus(daemon_enable, b, pid_file)
except KeyboardInterrupt:
print "Got Control-C!"
exit(0)
def main(daemon_enable, pid_file, settings_file=SETTINGS_FILE):
# begin!
config = ConfigParserPlus(DEFAULT_SETTINGS)
print "Loading configuration: %s" % settings_file
if not config.read(settings_file):
print "Failure reading configuration file!"
exit(1)
print "Setting configuration values..."
iptables.IPTABLES = config.get('tollgate', 'iptables')
iptables.INTERN_IFACE = config.get('tollgate', 'internal_iface')
iptables.EXTERN_IFACE = config.get('tollgate', 'external_iface')
iptables.CAPTIVE_RULE = config.get('tollgate', 'captive_rule')
iptables.ALLOWED_RULE = config.get('tollgate', 'allowed_rule')
iptables.UNMETERED_RULE = config.get('tollgate', 'unmetered_rule')
iptables.BLACKLIST_RULE = config.get('tollgate', 'blacklist_rule')
iptables.IP4PF_RULE = config.get('tollgate', 'ip4pf_rule')
iptables.USER_RULE_PREFIX = config.get('tollgate', 'user_rule_prefix')
iptables.LIMIT_RULE_PREFIX = config.get('tollgate', 'limit_rule_prefix')
iptables.REJECT_MODE = config.get('tollgate', 'reject_mode')
iptables.REJECT_TCP_RESET = config.getboolean('tollgate',
'reject_reset_tcp')
iptables.DEBUG = config.getboolean('tollgate', 'debug')
iptables.CAPTIVE_ENABLED = config.getboolean('captive', 'enable')
iptables.CAPTIVE_PORT = config.getint('captive', 'port')
if config.has_option('tollgate', 'arp_table_size'):
iptables.GC_THRESH = config.getint('tollgate', 'arp_table_size')
if iptables.USER_RULE_PREFIX == iptables.LIMIT_RULE_PREFIX:
raise Exception, "user rule prefix must be different to the limit rule prefix"
# get unmetered firewall rules
unmetered_hosts = None
if config.has_section('unmetered'):
unmetered_hosts = config.items('unmetered')
# get blacklist
blacklist_hosts = None
if config.has_section('blacklist'):
blacklist_hosts = config.items('blacklist')
print "Creating DBUS API..."
b = iptables.setup_dbus()
print "Creating NAT..."
iptables.create_nat()
if unmetered_hosts != None:
print "Setting unmetered hosts..."
parse_hostlist(unmetered_hosts, iptables.add_unmetered)
if blacklist_hosts != None:
print "Setting blacklist hosts..."
parse_hostlist(blacklist_hosts, iptables.add_blacklist)
print "Starting DBUS Server (only debug messages will appear now)"
try:
iptables.boot_dbus(daemon_enable, b, pid_file)
except KeyboardInterrupt:
print "Got Control-C!"
exit(0)
# get unmetered firewall rules
unmetered_hosts = None
if config.has_section('unmetered'):
unmetered_hosts = config.items('unmetered')
# get blacklist
blacklist_hosts = None
if config.has_section('blacklist'):
blacklist_hosts = config.items('blacklist')
print "Creating DBUS API..."
iptables.setup_dbus()
print "Creating NAT..."
iptables.create_nat()
if unmetered_hosts != None:
print "Setting unmetered hosts..."
parse_hostlist(unmetered_hosts, iptables.add_unmetered)
if blacklist_hosts != None:
print "Setting blacklist hosts..."
parse_hostlist(blacklist_hosts, iptables.add_blacklist)
print "Starting DBUS Server (only debug messages will appear now)"
try:
iptables.boot_dbus()
except KeyboardInterrupt:
print "Got Control-C!"
exit(0)
