def __init__(self, cred, debug=False):
"""Initialize FirewallEngine."""
self.cred = cred
self.logger = logger.SecureTeaLogger(__name__, debug)
# Parse and setup rules and actions
(self.ip_inbound,
self.action_inbound_IPRule) = self.parse_inbound_IPRule()
(self.ip_outbound,
self.action_outbound_IPRule) = self.parse_outbound_IPRule()
(self.protocols, self.action_protocolRule) = self.parse_protocolRule()
(self.sports,
self.action_source_portRule) = self.parse_source_portRule()
(self.dports, self.action_dest_portRule) = self.parse_dest_portRule()
(self.dns, self.action_DNSRule) = self.parse_DNSRule()
(self.extensions, self.action_scanLoad) = self.parse_scanLoad()
self.action_HTTPRequest = self.parse_HTTPRequest()
self.action_HTTPResponse = self.parse_HTTPResponse()
# Interface
self.interface = str(self.cred['interface'])
if self.interface == "":
self.interface = utils.get_interface()
# Setup PacketFilter object
self.packetFilterObj = PacketFilter(
interface=self.interface,
debug=debug,
ip_inbound=self.ip_inbound,
ip_outbound=self.ip_outbound,
protocols=self.protocols,
dns=self.dns,
dports=self.dports,
sports=self.sports,
extensions=self.extensions,
action_inbound_IPRule=self.action_inbound_IPRule,
action_outbound_IPRule=self.action_outbound_IPRule,
action_DNSRule=self.action_DNSRule,
action_source_portRule=self.action_source_portRule,
action_dest_portRule=self.action_dest_portRule,
action_HTTPResponse=self.action_HTTPResponse,
action_HTTPRequest=self.action_HTTPRequest,
action_protocolRule=self.action_protocolRule,
action_scanLoad=self.action_scanLoad)
# Setup Montior object
self.monitorObj = FirewallMonitor(interface=self.interface,
debug=debug)
# Integrations
self.integrations = ['Firewall', 'Monitor']
def setUp(self):
"""
Set-up PacketFilter object.
"""
payload = b"""E\x00\x004Q\xc8@\x00@\x06Z\x87\xc0\xa8\x89\x7fh\
x82\xdb\xca\x94\xc0\x01\xbb=L\xd3\x97\x14\t\xc9q\
x80\x10\x00\xf5\xe7B\x00\x00\x01\x01\x08\n\xeb7\xc9\
xa6bjc\xed"""
self.pf1 = PacketFilter()
self.scapy_pkt = scapy.IP(payload)
class TestPacket_Filter(unittest.TestCase):
"""Test class for PacketFilter module."""
def setUp(self):
"""
Set-up PacketFilter object.
"""
payload = b"""E\x00\x004Q\xc8@\x00@\x06Z\x87\xc0\xa8\x89\x7fh\
x82\xdb\xca\x94\xc0\x01\xbb=L\xd3\x97\x14\t\xc9q\
x80\x10\x00\xf5\xe7B\x00\x00\x01\x01\x08\n\xeb7\xc9\
xa6bjc\xed"""
self.pf1 = PacketFilter()
self.scapy_pkt = scapy.IP(payload)
def test_inbound_IPRule(self):
"""
Test inbound_IPRule.
"""
self.pf1._action_inbound_IPRule = 0
result = self.pf1.inbound_IPRule(self.scapy_pkt)
self.assertEqual(result, 1)
self.pf1._action_inbound_IPRule = 1
result = self.pf1.inbound_IPRule(self.scapy_pkt)
self.assertEqual(result, 0)
self.pf1._IP_INBOUND = ['104.32.32.32']
self.pf1._action_inbound_IPRule = 1
result = self.pf1.inbound_IPRule(self.scapy_pkt)
self.assertEqual(result, 0)
self.pf1._IP_INBOUND = ['104.32.32.32']
self.pf1._action_inbound_IPRule = 0
result = self.pf1.inbound_IPRule(self.scapy_pkt)
self.assertEqual(result, 1)
self.pf1._IP_INBOUND = ['192.168.137.127']
self.pf1._action_inbound_IPRule = 0
result = self.pf1.inbound_IPRule(self.scapy_pkt)
self.assertEqual(result, 0)
self.pf1._IP_INBOUND = ['192.168.137.127']
self.pf1._action_inbound_IPRule = 1
result = self.pf1.inbound_IPRule(self.scapy_pkt)
self.assertEqual(result, 1)
def test_outbound_IPRule(self):
"""
Test outbound IPRule.
"""
self.pf1._action_outbound_IPRule = 0
result = self.pf1.outbound_IPRule(self.scapy_pkt)
self.assertEqual(result, 1)
self.pf1._action_outbound_IPRule = 1
result = self.pf1.outbound_IPRule(self.scapy_pkt)
self.assertEqual(result, 0)
self.pf1._IP_OUTBOUND = ['192.168.137.127']
self.pf1._action_outbound_IPRule = 1
result = self.pf1.outbound_IPRule(self.scapy_pkt)
self.assertEqual(result, 0)
self.pf1._IP_OUTBOUND = ['192.168.137.127']
self.pf1._action_outbound_IPRule = 0
result = self.pf1.outbound_IPRule(self.scapy_pkt)
self.assertEqual(result, 1)
self.pf1._IP_OUTBOUND = ['104.32.32.32']
self.pf1._action_outbound_IPRule = 0
result = self.pf1.outbound_IPRule(self.scapy_pkt)
self.assertEqual(result, 0)
self.pf1._IP_OUTBOUND = ['104.32.32.32']
self.pf1._action_outbound_IPRule = 1
result = self.pf1.outbound_IPRule(self.scapy_pkt)
self.assertEqual(result, 1)
def test_protocolRule(self):
"""
Test protocolRule.
"""
result = self.pf1.protocolRule(self.scapy_pkt)
self.assertEqual(result, 1)
self.pf1._action_protocolRule = 1
result = self.pf1.protocolRule(self.scapy_pkt)
self.assertEqual(result, 0)
self.pf1._PROTCOLS = ['6']
self.pf1._action_protocolRule = 1
result = self.pf1.protocolRule(self.scapy_pkt)
self.assertEqual(result, 1)
self.pf1._action_protocolRule = 0
result = self.pf1.protocolRule(self.scapy_pkt)
self.assertEqual(result, 0)
self.pf1._PROTCOLS = ['1']
self.pf1._action_protocolRule = 1
result = self.pf1.protocolRule(self.scapy_pkt)
self.assertEqual(result, 0)
self.pf1._PROTCOLS = ['1']
self.pf1._action_protocolRule = 0
result = self.pf1.protocolRule(self.scapy_pkt)
self.assertEqual(result, 1)
def test_DNSRule(self):
"""
Test DNSRule.
"""
result = self.pf1.DNSRule(self.scapy_pkt)
self.assertEqual(result, 1)
def test_source_portRule(self):
"""
Test source_portRule.
"""
result = self.pf1.source_portRule(self.scapy_pkt)
self.assertEqual(result, 1)
self.pf1._action_source_portRule = 1
result = self.pf1.source_portRule(self.scapy_pkt)
self.assertEqual(result, 0)
self.pf1._SPORTS = ['8224']
result = self.pf1.source_portRule(self.scapy_pkt)
self.assertEqual(result, 1)
self.pf1._action_source_portRule = 0
result = self.pf1.source_portRule(self.scapy_pkt)
self.assertEqual(result, 0)
def test_dest_portRule(self):
"""
Test dest_portRule.
"""
result = self.pf1.dest_portRule(self.scapy_pkt)
self.assertEqual(result, 1)
self.pf1._action_dest_portRule = 1
result = self.pf1.dest_portRule(self.scapy_pkt)
self.assertEqual(result, 0)
self.pf1._DPORTS = ['8224']
result = self.pf1.dest_portRule(self.scapy_pkt)
self.assertEqual(result, 1)
self.pf1._action_dest_portRule = 0
result = self.pf1.dest_portRule(self.scapy_pkt)
self.assertEqual(result, 0)
def test_HTTPRequest(self):
"""
Test HTTPRequest.
"""
result = self.pf1.HTTPRequest(self.scapy_pkt)
self.assertEqual(result, 1)
def test_HTTPResponse(self):
"""
Test HTTPResponse.
"""
result = self.pf1.HTTPResponse(self.scapy_pkt)
self.assertEqual(result, 1)
def test_scanLoad(self):
"""
Test scanLoad.
"""
result = self.pf1.scanLoad(self.scapy_pkt)
self.assertEqual(result, 1)
self.pf1._action_scanLoad = 1
result = self.pf1.scanLoad(self.scapy_pkt)
self.assertEqual(result, 0)
self.pf1._action_scanLoad = 0
self.pf1._EXTENSIONS = [".exe"]
result = self.pf1.scanLoad(self.scapy_pkt)
self.assertEqual(result, 1)
self.pf1._action_scanLoad = 1
result = self.pf1.scanLoad(self.scapy_pkt)
self.assertEqual(result, 0)
def test_check_first_fragment(self):
"""
Test check_first_fragment.
"""
pkt = scapy.IP(flags="MF",
frag=0,
len=100)
result = self.pf1.check_first_fragment(pkt)
self.assertEqual(result, 0)
pkt = scapy.IP(flags="MF",
frag=0,
len=160)
result = self.pf1.check_first_fragment(pkt)
self.assertEqual(result, 1)
def test_check_ip_version(self):
"""
Test check_ip_version.
"""
pkt = scapy.IP(version=8)
result = self.pf1.check_ip_version(pkt)
self.assertEqual(result, 0)
pkt = scapy.IP(version=4)
result = self.pf1.check_ip_version(pkt)
self.assertEqual(result, 1)
pkt = scapy.IP(version=6)
result = self.pf1.check_ip_version(pkt)
self.assertEqual(result, 1)
def test_check_ip_fragment_boundary(self):
"""
Test check_ip_fragment_boundary.
"""
pkt = scapy.IP(len=60000, frag=7000)
result = self.pf1.check_ip_fragment_boundary(pkt)
self.assertEqual(result, 0)
pkt = scapy.IP(len=60000, frag=1000)
result = self.pf1.check_ip_fragment_boundary(pkt)
self.assertEqual(result, 1)
def test_check_ip_fragment_offset(self):
"""
Test check_ip_fragment_offset.
"""
pkt = scapy.IP(frag=50)
result = self.pf1.check_ip_fragment_offset(pkt)
self.assertEqual(result, 0)
pkt = scapy.IP(frag=70)
result = self.pf1.check_ip_fragment_offset(pkt)
self.assertEqual(result, 1)
pkt = scapy.IP(frag=0)
result = self.pf1.check_ip_fragment_offset(pkt)
self.assertEqual(result, 1)
def test_check_invalid_ip(self):
"""
Test check_invalid_ip.
"""
pkt = scapy.IP(src="1.1.1.1")
result = self.pf1.check_invalid_ip(pkt)
self.assertEqual(result, 1)
def test_check_ip_header_length(self):
"""
Test check_ip_header_length.
"""
pkt = scapy.IP(len=10)
result = self.pf1.check_ip_header_length(pkt)
self.assertEqual(result, 0)
pkt = scapy.IP(len=30)
result = self.pf1.check_ip_header_length(pkt)
self.assertEqual(result, 1)
def test_check_tcp_flag(self):
"""
Test check_tcp_flag.
"""
pkt = scapy.TCP(flags=None)
result = self.pf1.check_tcp_flag(pkt)
self.assertEqual(result, 0)
pkt = scapy.TCP(flags="S")
result = self.pf1.check_tcp_flag(pkt)
self.assertEqual(result, 1)
def test_check_network_congestion(self):
"""
Test check_network_congestion.
"""
pkt = scapy.TCP(flags="EC")
result = self.pf1.check_network_congestion(pkt)
self.assertEqual(result, 0)
pkt = scapy.TCP(flags="S")
result = self.pf1.check_network_congestion(pkt)
self.assertEqual(result, 1)
def test_check_fin_ack(self):
"""
Test check_fin_ack.
"""
pkt = scapy.TCP(flags="FA")
result = self.pf1.check_fin_ack(pkt)
self.assertEqual(result, 1)
pkt = scapy.TCP(flags="F")
result = self.pf1.check_fin_ack(pkt)
self.assertEqual(result, 0)
def test_syn_fragmentation_attack(self):
"""
Test syn_fragmentation_attack.
"""
pkt = scapy.IP(flags="MF",
frag=10) \
/ scapy.TCP(flags="S")
result = self.pf1.syn_fragmentation_attack(pkt)
self.assertEqual(result, 0)
pkt = scapy.IP(flags="MF",
frag=0) \
/ scapy.TCP(flags="S")
result = self.pf1.syn_fragmentation_attack(pkt)
self.assertEqual(result, 0)
pkt = scapy.IP(flags="MF",
frag=0) \
/ scapy.TCP(flags="F")
result = self.pf1.syn_fragmentation_attack(pkt)
self.assertEqual(result, 1)
def test_check_large_icmp(self):
"""
Test check_large_icmp.
"""
pkt = scapy.IP(proto=1,
len=2048)
result = self.pf1.check_large_icmp(pkt)
self.assertEqual(result, 0)
pkt = scapy.IP(proto=1,
len=512)
result = self.pf1.check_large_icmp(pkt)
self.assertEqual(result, 1)
def test_icmp_fragmentation_attack(self):
"""
Test icmp_fragmentation_attack.
"""
pkt = scapy.IP(proto=1,
flags="MF",
frag=20)
result = self.pf1.icmp_fragmentation_attack(pkt)
self.assertEqual(result, 0)
pkt = scapy.IP(proto=1,
flags="MF",
frag=0)
result = self.pf1.icmp_fragmentation_attack(pkt)
self.assertEqual(result, 0)
pkt = scapy.IP(proto=2,
flags="MF",
frag=20)
result = self.pf1.icmp_fragmentation_attack(pkt)
self.assertEqual(result, 1)
class TestPacket_Filter(unittest.TestCase):
"""Test class for PacketFilter module."""
def setUp(self):
"""
Set-up PacketFilter object.
"""
payload = b"""E\x00\x004Q\xc8@\x00@\x06Z\x87\xc0\xa8\x89\x7fh\
x82\xdb\xca\x94\xc0\x01\xbb=L\xd3\x97\x14\t\xc9q\
x80\x10\x00\xf5\xe7B\x00\x00\x01\x01\x08\n\xeb7\xc9\
xa6bjc\xed"""
self.pf1 = PacketFilter()
self.scapy_pkt = scapy.IP(payload)
def test_inbound_IPRule(self):
"""
Test inbound_IPRule.
"""
self.pf1._action_inbound_IPRule = 0
result = self.pf1.inbound_IPRule(self.scapy_pkt)
self.assertEqual(result, 1)
self.pf1._action_inbound_IPRule = 1
result = self.pf1.inbound_IPRule(self.scapy_pkt)
self.assertEqual(result, 0)
self.pf1._IP_INBOUND = ['104.32.32.32']
self.pf1._action_inbound_IPRule = 1
result = self.pf1.inbound_IPRule(self.scapy_pkt)
self.assertEqual(result, 0)
self.pf1._IP_INBOUND = ['104.32.32.32']
self.pf1._action_inbound_IPRule = 0
result = self.pf1.inbound_IPRule(self.scapy_pkt)
self.assertEqual(result, 1)
self.pf1._IP_INBOUND = ['192.168.137.127']
self.pf1._action_inbound_IPRule = 0
result = self.pf1.inbound_IPRule(self.scapy_pkt)
self.assertEqual(result, 0)
self.pf1._IP_INBOUND = ['192.168.137.127']
self.pf1._action_inbound_IPRule = 1
result = self.pf1.inbound_IPRule(self.scapy_pkt)
self.assertEqual(result, 1)
def test_outbound_IPRule(self):
"""
Test outbound IPRule.
"""
self.pf1._action_outbound_IPRule = 0
result = self.pf1.outbound_IPRule(self.scapy_pkt)
self.assertEqual(result, 1)
self.pf1._action_outbound_IPRule = 1
result = self.pf1.outbound_IPRule(self.scapy_pkt)
self.assertEqual(result, 0)
self.pf1._IP_OUTBOUND = ['192.168.137.127']
self.pf1._action_outbound_IPRule = 1
result = self.pf1.outbound_IPRule(self.scapy_pkt)
self.assertEqual(result, 0)
self.pf1._IP_OUTBOUND = ['192.168.137.127']
self.pf1._action_outbound_IPRule = 0
result = self.pf1.outbound_IPRule(self.scapy_pkt)
self.assertEqual(result, 1)
self.pf1._IP_OUTBOUND = ['104.32.32.32']
self.pf1._action_outbound_IPRule = 0
result = self.pf1.outbound_IPRule(self.scapy_pkt)
self.assertEqual(result, 0)
self.pf1._IP_OUTBOUND = ['104.32.32.32']
self.pf1._action_outbound_IPRule = 1
result = self.pf1.outbound_IPRule(self.scapy_pkt)
self.assertEqual(result, 1)
def test_protocolRule(self):
"""
Test protocolRule.
"""
result = self.pf1.protocolRule(self.scapy_pkt)
self.assertEqual(result, 1)
self.pf1._action_protocolRule = 1
result = self.pf1.protocolRule(self.scapy_pkt)
self.assertEqual(result, 0)
self.pf1._PROTCOLS = ['6']
self.pf1._action_protocolRule = 1
result = self.pf1.protocolRule(self.scapy_pkt)
self.assertEqual(result, 1)
self.pf1._action_protocolRule = 0
result = self.pf1.protocolRule(self.scapy_pkt)
self.assertEqual(result, 0)
self.pf1._PROTCOLS = ['1']
self.pf1._action_protocolRule = 1
result = self.pf1.protocolRule(self.scapy_pkt)
self.assertEqual(result, 0)
self.pf1._PROTCOLS = ['1']
self.pf1._action_protocolRule = 0
result = self.pf1.protocolRule(self.scapy_pkt)
self.assertEqual(result, 1)
def test_DNSRule(self):
"""
Test DNSRule.
"""
result = self.pf1.DNSRule(self.scapy_pkt)
self.assertEqual(result, 1)
def test_source_portRule(self):
"""
Test source_portRule.
"""
result = self.pf1.source_portRule(self.scapy_pkt)
self.assertEqual(result, 1)
self.pf1._action_source_portRule = 1
result = self.pf1.source_portRule(self.scapy_pkt)
self.assertEqual(result, 0)
self.pf1._SPORTS = ['8224']
result = self.pf1.source_portRule(self.scapy_pkt)
self.assertEqual(result, 1)
self.pf1._action_source_portRule = 0
result = self.pf1.source_portRule(self.scapy_pkt)
self.assertEqual(result, 0)
def test_dest_portRule(self):
"""
Test dest_portRule.
"""
result = self.pf1.dest_portRule(self.scapy_pkt)
self.assertEqual(result, 1)
self.pf1._action_dest_portRule = 1
result = self.pf1.dest_portRule(self.scapy_pkt)
self.assertEqual(result, 0)
self.pf1._DPORTS = ['8224']
result = self.pf1.dest_portRule(self.scapy_pkt)
self.assertEqual(result, 1)
self.pf1._action_dest_portRule = 0
result = self.pf1.dest_portRule(self.scapy_pkt)
self.assertEqual(result, 0)
def test_HTTPRequest(self):
"""
Test HTTPRequest.
"""
result = self.pf1.HTTPRequest(self.scapy_pkt)
self.assertEqual(result, 1)
def test_HTTPResponse(self):
"""
Test HTTPResponse.
"""
result = self.pf1.HTTPResponse(self.scapy_pkt)
self.assertEqual(result, 1)
def test_scanLoad(self):
"""
Test scanLoad.
"""
result = self.pf1.scanLoad(self.scapy_pkt)
self.assertEqual(result, 1)
self.pf1._action_scanLoad = 1
result = self.pf1.scanLoad(self.scapy_pkt)
self.assertEqual(result, 0)
self.pf1._action_scanLoad = 0
self.pf1._EXTENSIONS = [".exe"]
result = self.pf1.scanLoad(self.scapy_pkt)
self.assertEqual(result, 1)
self.pf1._action_scanLoad = 1
result = self.pf1.scanLoad(self.scapy_pkt)
self.assertEqual(result, 0)
class FirewallEngine(object):
"""Class for FirewallEngine.
Working:
Perform all the heavy lifting and parsing.
Call PacketFilter and Monitor.
"""
def __init__(self, cred, debug=False, test=False):
"""Initialize FirewallEngine."""
self.cred = cred
self.logger = logger.SecureTeaLogger(__name__, debug)
# Parse and setup rules and actions
(self.ip_inbound,
self.action_inbound_IPRule) = self.parse_inbound_IPRule()
(self.ip_outbound,
self.action_outbound_IPRule) = self.parse_outbound_IPRule()
(self.protocols, self.action_protocolRule) = self.parse_protocolRule()
(self.sports,
self.action_source_portRule) = self.parse_source_portRule()
(self.dports, self.action_dest_portRule) = self.parse_dest_portRule()
(self.dns, self.action_DNSRule) = self.parse_DNSRule()
(self.extensions, self.action_scanLoad) = self.parse_scanLoad()
self.action_HTTPRequest = self.parse_HTTPRequest()
self.action_HTTPResponse = self.parse_HTTPResponse()
# Interface
self.interface = str(self.cred['interface'])
if self.interface == "":
self.interface = utils.get_interface()
# Setup PacketFilter object
self.packetFilterObj = PacketFilter(
interface=self.interface,
debug=debug,
ip_inbound=self.ip_inbound,
ip_outbound=self.ip_outbound,
protocols=self.protocols,
dns=self.dns,
dports=self.dports,
sports=self.sports,
extensions=self.extensions,
action_inbound_IPRule=self.action_inbound_IPRule,
action_outbound_IPRule=self.action_outbound_IPRule,
action_DNSRule=self.action_DNSRule,
action_source_portRule=self.action_source_portRule,
action_dest_portRule=self.action_dest_portRule,
action_HTTPResponse=self.action_HTTPResponse,
action_HTTPRequest=self.action_HTTPRequest,
action_protocolRule=self.action_protocolRule,
action_scanLoad=self.action_scanLoad,
test=test)
# Setup Montior object
self.monitorObj = FirewallMonitor(interface=self.interface,
debug=debug)
# Integrations
self.integrations = ['Firewall', 'Monitor']
@staticmethod
def restore_state():
"""
Restore the iptables state.
Args:
None
Raises:
None
Returns:
None
"""
resp = utils.excecute_command('iptables --flush')
if resp[1]:
self.logger.log(resp[1], logtype="error")
def parse_inbound_IPRule(self):
"""
Parse the inbound IP rules and
generate ip_inbound list.
Args:
None
Raises:
None
Returns:
temp_ip_inbound (list): Parsed IP inbound list
action (int): 0 or 1
"""
try:
return self._extracted_from_parse_outbound_IPRule_4(
'inbound_IPRule', 'ip_inbound')
except Exception as e:
self.logger.log("Error: " + str(e), logtype="error")
# Return empty list and block action
return [], 0
def parse_outbound_IPRule(self):
"""
Parse the outbound IP rules and
generate ip_outbound list.
Args:
None
Raises:
None
Returns:
temp_ip_outbound (list): Parsed IP outbound list
action (int): 0 or 1
"""
try:
return self._extracted_from_parse_outbound_IPRule_4(
'outbound_IPRule', 'ip_outbound')
except Exception as e:
self.logger.log("Error: " + str(e), logtype="error")
# Return empty list and block action
return [], 0
def _extracted_from_parse_outbound_IPRule_4(self, arg0, arg1):
action = int(self.cred[arg0]['action'])
temp_ip_inbound = []
if len(self.cred[arg0][arg1]):
list_of_IPs = str(self.cred[arg0][arg1])
list_of_IPs = list_of_IPs.split(',')
for IP in list_of_IPs:
if '-' in IP:
for new_ip in utils.generate_IPs(IP):
if new_ip not in temp_ip_inbound and utils.check_ip(
new_ip):
temp_ip_inbound.append(str(new_ip).strip())
elif utils.check_ip(IP):
if IP not in temp_ip_inbound:
temp_ip_inbound.append(str(IP).strip())
return temp_ip_inbound, action
def parse_protocolRule(self):
"""
Parse the protocol configurations passed.
Args:
None
Raises:
None
Returns:
temp_protocol (list): Parsed protocol list
action (int): 0 or 1
"""
try:
temp_protocol = []
action = int(self.cred['protocolRule']['action'])
if len(self.cred['protocolRule']['protocols']):
protocols = str(self.cred['protocolRule']['protocols'])
protocols = protocols.split(',')
protocols = map(utils.map_protocol, protocols)
protocols = list(protocols)
for protocol in protocols:
if (protocol and protocol not in temp_protocol):
temp_protocol.append(protocol)
return temp_protocol, action
except Exception as e:
self.logger.log("Error: " + str(e), logtype="error")
# Return empty list and block action
return [], 0
def parse_DNSRule(self):
"""
Parse the DNS configurations passed.
Args:
None
Raises:
None
Returns:
temp_DNS (list): Parsed DNS list
action (int): 0 or 1
"""
try:
temp_DNS = []
action = int(self.cred['DNSRule']['action'])
if len(self.cred['DNSRule']['dns']):
dns = str(self.cred['DNSRule']['dns'])
dns = dns.split(',')
for single_dns in dns:
if single_dns not in temp_DNS:
temp_DNS.append(str(single_dns).strip())
return temp_DNS, action
except Exception as e:
self.logger.log("Error: " + str(e), logtype="error")
# Return empty list and block action
return [], 0
def parse_source_portRule(self):
"""
Parse the source port rules passed and
generate source ports list.
Args:
None
Raises:
None
Returns:
temp_sports (list): Parsed list of source ports
action (int): 0 or 1
"""
try:
temp_sports = []
action = int(self.cred['source_portRule']['action'])
if len(self.cred['source_portRule']['sports']):
sports = str(self.cred['source_portRule']['sports'])
sports = sports.split(',')
for port in sports:
if '-' in port:
for new_port in utils.generate_ports(port):
if (new_port not in temp_sports
and utils.check_port(new_port)):
temp_sports.append(str(new_port).strip())
elif utils.check_port(port):
if port not in temp_sports:
temp_sports.append(str(port).strip())
return temp_sports, action
except Exception as e:
self.logger.log("Error: " + str(e), logtype="error")
# Return empty list and block action
return [], 0
def parse_dest_portRule(self):
"""
Parse the destination port rules passed and
generate destination ports list.
Args:
None
Raises:
None
Returns:
temp_dports (list): Parsed list of destination ports
action (int): 0 or 1
"""
try:
temp_dports = []
action = int(self.cred['dest_portRule']['action'])
if len(self.cred['dest_portRule']['dports']):
dports = str(self.cred['dest_portRule']['dports'])
dports = dports.split(',')
for port in dports:
if '-' in port:
for new_port in utils.generate_ports(port):
if (new_port not in temp_dports
and utils.check_port(new_port)):
temp_dports.append(str(new_port).strip())
elif utils.check_port(port):
if port not in temp_dports:
temp_dports.append(str(port).strip())
return temp_dports, action
except Exception as e:
self.logger.log("Error: " + str(e), logtype="error")
# Return empty list and block action
return [], 0
def parse_HTTPResponse(self):
"""
Parse HTTPResponse configurations.
Args:
None
Raises:
None
Returns:
action (int): 0 or 1
"""
try:
return int(self.cred['HTTPResponse']['action'])
except Exception as e:
self.logger.log('Error: ' + str(e), logtype='error')
return 1
def parse_HTTPRequest(self):
"""
Parse HTTPRequest configurations.
Args:
None
Raises:
None
Returns:
action (int): 0 or 1
"""
try:
return int(self.cred['HTTPRequest']['action'])
except Exception as e:
self.logger.log('Error: ' + str(e), logtype='error')
return 1
def parse_scanLoad(self):
"""
Parse scan load configurations.
Args:
None
Raises:
None
Returns:
temp_extension (list): Parsed extension list
action (int): 0 or 1
"""
try:
temp_extension = []
action = int(self.cred['scanLoad']['action'])
if len(self.cred['scanLoad']['extensions']):
extensions = str(self.cred['scanLoad']['extensions'])
extensions = extensions.split(',')
for extension in extensions:
if extension not in temp_extension:
temp_extension.append(str(extension).strip())
return temp_extension, action
except Exception as e:
self.logger.log("Error: " + str(e), logtype="error")
# Return empty list and block action
return [], 0
def parse_time(self):
"""
Parses the time passed and checks
with the current time.
Args:
None
Raises:
None
Returns:
bool
"""
try:
current_time = datetime.datetime.now()
time_lb = self.cred['time']['time_lb']
time_ub = self.cred['time']['time_ub']
datetime_lb = current_time.replace(hour=int(
(time_lb).split(':')[0]),
minute=int(
(time_lb).split(':')[1]))
datetime_ub = current_time.replace(hour=int(
(time_ub).split(':')[0]),
minute=int(
(time_ub).split(':')[1]))
return (current_time > datetime_lb and current_time < datetime_ub)
except Exception as e:
self.logger.log('Error: ' + str(e), logtype='error')
def process_packet(self, pkt):
"""
Process the packet passed to the PacketFilter.
If the current CPU time matches the time rule and
the packet satisfies the packet filter rules,
allow the packet, else drop the packet.
Args:
None
Raises:
None
Returns:
None
"""
if (self.packetFilterObj.process(pkt) and self.parse_time):
pkt.accept()
else:
pkt.drop()
def startFirewall(self):
"""
Setup netfilterqueue and start
processing packets in the queue.
Args:
None
Raises:
None
Returns:
None
"""
input_command = 'iptables -I INPUT -j NFQUEUE --queue-num 0'
output_command = 'iptables -I OUTPUT -j NFQUEUE --queue-num 0'
resp = utils.excecute_command(input_command)
if resp[1]:
self.logger.log(resp[1], logtype="error")
resp = utils.excecute_command(output_command)
if resp[1]:
self.logger.log(resp[1], logtype="error")
try:
queue = netfilterqueue.NetfilterQueue()
queue.bind(0, self.process_packet)
queue.run()
except KeyboardInterrupt:
# Restore iptables state
self.restore_state()
def startMonitor(self):
"""
Start the montior engine.
Args:
None
Raises:
None
Returns:
None
"""
self.monitorObj.startMonitoring()
def startEngine(self):
"""
Start the FirewallEngine.
Working:
Spin two process, one for core firewall engine
and other for monitoring services.
Args:
None
Raises:
None
Returns:
None
"""
processes = []
firewallProcess = multiprocessing.Process(target=self.startFirewall)
monitorProcess = multiprocessing.Process(target=self.startMonitor)
firewallProcess.start()
monitorProcess.start()
processes.append(firewallProcess)
processes.append(monitorProcess)
self.logger.log("Integrations: " + str(self.integrations),
logtype="info")
for process in processes:
process.join()