use of org.eclipse.kura.linux.net.iptables.LinuxFirewall in project kura by eclipse.
the class NetworkAdminServiceImpl method manageFirewall.
@Override
public void manageFirewall(String gatewayIface) throws KuraException {
// get desired NAT rules interfaces
LinkedHashSet<NATRule> desiredNatRules = null;
ComponentConfiguration networkComponentConfiguration = ((SelfConfiguringComponent) this.m_networkConfigurationService).getConfiguration();
if (gatewayIface != null && networkComponentConfiguration != null) {
try {
NetworkConfiguration netConfiguration = new NetworkConfiguration(networkComponentConfiguration.getConfigurationProperties());
List<NetInterfaceConfig<? extends NetInterfaceAddressConfig>> netInterfaceConfigs = netConfiguration.getNetInterfaceConfigs();
for (NetInterfaceConfig<? extends NetInterfaceAddressConfig> netInterfaceConfig : netInterfaceConfigs) {
String ifaceName = netInterfaceConfig.getName();
List<? extends NetInterfaceAddressConfig> netInterfaceAddressConfigs = netInterfaceConfig.getNetInterfaceAddresses();
if (netInterfaceAddressConfigs != null && !netInterfaceAddressConfigs.isEmpty()) {
for (NetInterfaceAddressConfig netInterfaceAddressConfig : netInterfaceAddressConfigs) {
List<NetConfig> existingNetConfigs = netInterfaceAddressConfig.getConfigs();
if (existingNetConfigs != null && !existingNetConfigs.isEmpty()) {
for (NetConfig netConfig : existingNetConfigs) {
if (netConfig instanceof FirewallAutoNatConfig) {
if (desiredNatRules == null) {
desiredNatRules = new LinkedHashSet<NATRule>();
}
desiredNatRules.add(new NATRule(ifaceName, gatewayIface, true));
}
}
}
}
}
}
} catch (UnknownHostException e) {
s_logger.warn("Exception while updating firewall configuration", e);
}
}
LinuxFirewall firewall = LinuxFirewall.getInstance();
if (desiredNatRules != null) {
firewall.replaceAllNatRules(desiredNatRules);
} else {
firewall.deleteAllAutoNatRules();
}
firewall.enable();
}
use of org.eclipse.kura.linux.net.iptables.LinuxFirewall in project kura by eclipse.
the class FirewallConfigurationServiceImpl method setFirewallOpenPortConfiguration.
@Override
public void setFirewallOpenPortConfiguration(List<FirewallOpenPortConfigIP<? extends IPAddress>> firewallConfiguration) throws KuraException {
s_logger.debug("setFirewallOpenPortConfiguration() :: Deleting local rules");
LinuxFirewall firewall = LinuxFirewall.getInstance();
firewall.deleteAllLocalRules();
ArrayList<LocalRule> localRules = new ArrayList<LocalRule>();
for (FirewallOpenPortConfigIP<? extends IPAddress> openPortEntry : firewallConfiguration) {
if (openPortEntry.getPermittedNetwork() == null || openPortEntry.getPermittedNetwork().getIpAddress() == null) {
try {
openPortEntry.setPermittedNetwork(new NetworkPair(IPAddress.parseHostAddress("0.0.0.0"), (short) 0));
} catch (UnknownHostException e) {
e.printStackTrace();
}
}
try {
LocalRule localRule = null;
if (openPortEntry.getPortRange() != null) {
s_logger.debug("setFirewallOpenPortConfiguration() :: Adding local rule for: {}", openPortEntry.getPortRange());
localRule = new LocalRule(openPortEntry.getPortRange(), openPortEntry.getProtocol().name(), new NetworkPair(IPAddress.parseHostAddress(openPortEntry.getPermittedNetwork().getIpAddress().getHostAddress()), openPortEntry.getPermittedNetwork().getPrefix()), openPortEntry.getPermittedInterfaceName(), openPortEntry.getUnpermittedInterfaceName(), openPortEntry.getPermittedMac(), openPortEntry.getSourcePortRange());
} else {
s_logger.debug("setFirewallOpenPortConfiguration() :: Adding local rule for: {}", openPortEntry.getPort());
localRule = new LocalRule(openPortEntry.getPort(), openPortEntry.getProtocol().name(), new NetworkPair(IPAddress.parseHostAddress(openPortEntry.getPermittedNetwork().getIpAddress().getHostAddress()), openPortEntry.getPermittedNetwork().getPrefix()), openPortEntry.getPermittedInterfaceName(), openPortEntry.getUnpermittedInterfaceName(), openPortEntry.getPermittedMac(), openPortEntry.getSourcePortRange());
}
localRules.add(localRule);
} catch (Exception e) {
s_logger.error("setFirewallOpenPortConfiguration() :: Failed to add local rule for: {} - {}", openPortEntry.getPort(), e);
}
}
firewall.addLocalRules(localRules);
}
use of org.eclipse.kura.linux.net.iptables.LinuxFirewall in project kura by eclipse.
the class FirewallAutoNatConfigReader method getConfig.
private void getConfig(NetInterfaceConfig<? extends NetInterfaceAddressConfig> netInterfaceConfig, Properties kuraProps) throws KuraException {
String interfaceName = netInterfaceConfig.getName();
NetInterfaceType type = netInterfaceConfig.getType();
if (type == NetInterfaceType.ETHERNET || type == NetInterfaceType.WIFI) {
s_logger.debug("Getting NAT config for {}", interfaceName);
if (kuraProps != null) {
s_logger.debug("Getting NAT config from kuraProps");
boolean natEnabled = false;
boolean useMasquerade = false;
String prop = null;
String srcIface = null;
String dstIface = null;
StringBuilder sb = new StringBuilder().append("net.interface.").append(interfaceName).append(".config.nat.enabled");
if ((prop = kuraProps.getProperty(sb.toString())) != null) {
natEnabled = Boolean.parseBoolean(prop);
}
sb = new StringBuilder().append("net.interface.").append(interfaceName).append(".config.nat.masquerade");
if ((prop = kuraProps.getProperty(sb.toString())) != null) {
useMasquerade = Boolean.parseBoolean(prop);
}
sb = new StringBuilder().append("net.interface.").append(interfaceName).append(".config.nat.src.interface");
if ((prop = kuraProps.getProperty(sb.toString())) != null) {
srcIface = prop;
}
sb = new StringBuilder().append("net.interface.").append(interfaceName).append(".config.nat.dst.interface");
if ((prop = kuraProps.getProperty(sb.toString())) != null) {
dstIface = prop;
}
if (natEnabled) {
FirewallAutoNatConfig natConfig = new FirewallAutoNatConfig(srcIface, dstIface, useMasquerade);
List<? extends NetInterfaceAddressConfig> netInterfaceAddressConfigs = netInterfaceConfig.getNetInterfaceAddresses();
if (netInterfaceAddressConfigs == null) {
throw KuraException.internalError("NetInterfaceAddress list is null for interface " + interfaceName);
} else if (netInterfaceAddressConfigs.size() == 0) {
throw KuraException.internalError("NetInterfaceAddress list is empty for interface " + interfaceName);
}
for (NetInterfaceAddressConfig netInterfaceAddressConfig : netInterfaceAddressConfigs) {
List<NetConfig> netConfigs = netInterfaceAddressConfig.getConfigs();
if (netConfigs == null) {
netConfigs = new ArrayList<NetConfig>();
if (netInterfaceAddressConfig instanceof NetInterfaceAddressConfigImpl) {
((NetInterfaceAddressConfigImpl) netInterfaceAddressConfig).setNetConfigs(netConfigs);
} else if (netInterfaceAddressConfig instanceof WifiInterfaceAddressConfigImpl) {
((WifiInterfaceAddressConfigImpl) netInterfaceAddressConfig).setNetConfigs(netConfigs);
}
}
netConfigs.add(natConfig);
}
}
} else {
// get it from the firewall file if possible
LinuxFirewall firewall = LinuxFirewall.getInstance();
Set<NATRule> natRules = firewall.getAutoNatRules();
if (natRules != null && !natRules.isEmpty()) {
Iterator<NATRule> it = natRules.iterator();
while (it.hasNext()) {
NATRule rule = it.next();
if (rule.getSourceInterface().equals(interfaceName)) {
s_logger.debug("found NAT rule: {}", rule);
// this is the one we care about
FirewallAutoNatConfig natConfig = new FirewallAutoNatConfig(rule.getSourceInterface(), rule.getDestinationInterface(), rule.isMasquerade());
List<? extends NetInterfaceAddressConfig> netInterfaceAddressConfigs = netInterfaceConfig.getNetInterfaceAddresses();
if (netInterfaceAddressConfigs == null) {
throw KuraException.internalError("NetInterfaceAddress list is null for interface " + interfaceName);
} else if (netInterfaceAddressConfigs.size() == 0) {
throw KuraException.internalError("NetInterfaceAddress list is empty for interface " + interfaceName);
}
for (NetInterfaceAddressConfig netInterfaceAddressConfig : netInterfaceAddressConfigs) {
List<NetConfig> netConfigs = netInterfaceAddressConfig.getConfigs();
if (netConfigs == null) {
netConfigs = new ArrayList<NetConfig>();
if (netInterfaceAddressConfig instanceof NetInterfaceAddressConfigImpl) {
((NetInterfaceAddressConfigImpl) netInterfaceAddressConfig).setNetConfigs(netConfigs);
} else if (netInterfaceAddressConfig instanceof WifiInterfaceAddressConfigImpl) {
((WifiInterfaceAddressConfigImpl) netInterfaceAddressConfig).setNetConfigs(netConfigs);
}
}
netConfigs.add(natConfig);
}
}
}
}
}
}
}
use of org.eclipse.kura.linux.net.iptables.LinuxFirewall in project kura by eclipse.
the class FirewallAutoNatConfigWriter method applyNatConfig.
private void applyNatConfig(NetworkConfiguration networkConfig) throws KuraException {
LinuxFirewall firewall = LinuxFirewall.getInstance();
firewall.replaceAllNatRules(getNatConfigs(networkConfig));
firewall.enable();
}
use of org.eclipse.kura.linux.net.iptables.LinuxFirewall in project kura by eclipse.
the class FirewallConfigurationServiceImpl method setFirewallPortForwardingConfiguration.
@Override
public void setFirewallPortForwardingConfiguration(List<FirewallPortForwardConfigIP<? extends IPAddress>> firewallConfiguration) throws KuraException {
s_logger.debug("setFirewallPortForwardingConfiguration() :: Deleting port forward rules");
LinuxFirewall firewall = LinuxFirewall.getInstance();
firewall.deleteAllPortForwardRules();
ArrayList<PortForwardRule> portForwardRules = new ArrayList<PortForwardRule>();
for (FirewallPortForwardConfigIP<? extends IPAddress> portForwardEntry : firewallConfiguration) {
s_logger.debug("setFirewallPortForwardingConfiguration() :: Adding port forward rule for: {}", portForwardEntry.getInPort());
if (portForwardEntry.getPermittedNetwork() == null || portForwardEntry.getPermittedNetwork().getIpAddress() == null) {
try {
portForwardEntry.setPermittedNetwork(new NetworkPair(IPAddress.parseHostAddress("0.0.0.0"), (short) 0));
} catch (UnknownHostException e) {
e.printStackTrace();
}
}
PortForwardRule portForwardRule = new PortForwardRule(portForwardEntry.getInboundInterface(), portForwardEntry.getOutboundInterface(), portForwardEntry.getAddress().getHostAddress(), portForwardEntry.getProtocol().name(), portForwardEntry.getInPort(), portForwardEntry.getOutPort(), portForwardEntry.isMasquerade(), portForwardEntry.getPermittedNetwork().getIpAddress().getHostAddress(), portForwardEntry.getPermittedNetwork().getPrefix(), portForwardEntry.getPermittedMac(), portForwardEntry.getSourcePortRange());
portForwardRules.add(portForwardRule);
}
firewall.addPortForwardRules(portForwardRules);
}
Aggregations