Search in sources :

Example 1 with LinuxFirewall

use of org.eclipse.kura.linux.net.iptables.LinuxFirewall in project kura by eclipse.

the class NetworkAdminServiceImpl method manageFirewall.

@Override
public void manageFirewall(String gatewayIface) throws KuraException {
    // get desired NAT rules interfaces
    LinkedHashSet<NATRule> desiredNatRules = null;
    ComponentConfiguration networkComponentConfiguration = ((SelfConfiguringComponent) this.m_networkConfigurationService).getConfiguration();
    if (gatewayIface != null && networkComponentConfiguration != null) {
        try {
            NetworkConfiguration netConfiguration = new NetworkConfiguration(networkComponentConfiguration.getConfigurationProperties());
            List<NetInterfaceConfig<? extends NetInterfaceAddressConfig>> netInterfaceConfigs = netConfiguration.getNetInterfaceConfigs();
            for (NetInterfaceConfig<? extends NetInterfaceAddressConfig> netInterfaceConfig : netInterfaceConfigs) {
                String ifaceName = netInterfaceConfig.getName();
                List<? extends NetInterfaceAddressConfig> netInterfaceAddressConfigs = netInterfaceConfig.getNetInterfaceAddresses();
                if (netInterfaceAddressConfigs != null && !netInterfaceAddressConfigs.isEmpty()) {
                    for (NetInterfaceAddressConfig netInterfaceAddressConfig : netInterfaceAddressConfigs) {
                        List<NetConfig> existingNetConfigs = netInterfaceAddressConfig.getConfigs();
                        if (existingNetConfigs != null && !existingNetConfigs.isEmpty()) {
                            for (NetConfig netConfig : existingNetConfigs) {
                                if (netConfig instanceof FirewallAutoNatConfig) {
                                    if (desiredNatRules == null) {
                                        desiredNatRules = new LinkedHashSet<NATRule>();
                                    }
                                    desiredNatRules.add(new NATRule(ifaceName, gatewayIface, true));
                                }
                            }
                        }
                    }
                }
            }
        } catch (UnknownHostException e) {
            s_logger.warn("Exception while updating firewall configuration", e);
        }
    }
    LinuxFirewall firewall = LinuxFirewall.getInstance();
    if (desiredNatRules != null) {
        firewall.replaceAllNatRules(desiredNatRules);
    } else {
        firewall.deleteAllAutoNatRules();
    }
    firewall.enable();
}
Also used : NetInterfaceConfig(org.eclipse.kura.net.NetInterfaceConfig) FirewallAutoNatConfig(org.eclipse.kura.net.firewall.FirewallAutoNatConfig) UnknownHostException(java.net.UnknownHostException) LinuxFirewall(org.eclipse.kura.linux.net.iptables.LinuxFirewall) NATRule(org.eclipse.kura.linux.net.iptables.NATRule) SelfConfiguringComponent(org.eclipse.kura.configuration.SelfConfiguringComponent) ComponentConfiguration(org.eclipse.kura.configuration.ComponentConfiguration) NetConfig(org.eclipse.kura.net.NetConfig) NetworkConfiguration(org.eclipse.kura.core.net.NetworkConfiguration) NetInterfaceAddressConfig(org.eclipse.kura.net.NetInterfaceAddressConfig)

Example 2 with LinuxFirewall

use of org.eclipse.kura.linux.net.iptables.LinuxFirewall in project kura by eclipse.

the class FirewallConfigurationServiceImpl method setFirewallOpenPortConfiguration.

@Override
public void setFirewallOpenPortConfiguration(List<FirewallOpenPortConfigIP<? extends IPAddress>> firewallConfiguration) throws KuraException {
    s_logger.debug("setFirewallOpenPortConfiguration() :: Deleting local rules");
    LinuxFirewall firewall = LinuxFirewall.getInstance();
    firewall.deleteAllLocalRules();
    ArrayList<LocalRule> localRules = new ArrayList<LocalRule>();
    for (FirewallOpenPortConfigIP<? extends IPAddress> openPortEntry : firewallConfiguration) {
        if (openPortEntry.getPermittedNetwork() == null || openPortEntry.getPermittedNetwork().getIpAddress() == null) {
            try {
                openPortEntry.setPermittedNetwork(new NetworkPair(IPAddress.parseHostAddress("0.0.0.0"), (short) 0));
            } catch (UnknownHostException e) {
                e.printStackTrace();
            }
        }
        try {
            LocalRule localRule = null;
            if (openPortEntry.getPortRange() != null) {
                s_logger.debug("setFirewallOpenPortConfiguration() :: Adding local rule for: {}", openPortEntry.getPortRange());
                localRule = new LocalRule(openPortEntry.getPortRange(), openPortEntry.getProtocol().name(), new NetworkPair(IPAddress.parseHostAddress(openPortEntry.getPermittedNetwork().getIpAddress().getHostAddress()), openPortEntry.getPermittedNetwork().getPrefix()), openPortEntry.getPermittedInterfaceName(), openPortEntry.getUnpermittedInterfaceName(), openPortEntry.getPermittedMac(), openPortEntry.getSourcePortRange());
            } else {
                s_logger.debug("setFirewallOpenPortConfiguration() :: Adding local rule for: {}", openPortEntry.getPort());
                localRule = new LocalRule(openPortEntry.getPort(), openPortEntry.getProtocol().name(), new NetworkPair(IPAddress.parseHostAddress(openPortEntry.getPermittedNetwork().getIpAddress().getHostAddress()), openPortEntry.getPermittedNetwork().getPrefix()), openPortEntry.getPermittedInterfaceName(), openPortEntry.getUnpermittedInterfaceName(), openPortEntry.getPermittedMac(), openPortEntry.getSourcePortRange());
            }
            localRules.add(localRule);
        } catch (Exception e) {
            s_logger.error("setFirewallOpenPortConfiguration() :: Failed to add local rule for: {} - {}", openPortEntry.getPort(), e);
        }
    }
    firewall.addLocalRules(localRules);
}
Also used : NetworkPair(org.eclipse.kura.net.NetworkPair) UnknownHostException(java.net.UnknownHostException) LinuxFirewall(org.eclipse.kura.linux.net.iptables.LinuxFirewall) ArrayList(java.util.ArrayList) LocalRule(org.eclipse.kura.linux.net.iptables.LocalRule) KuraException(org.eclipse.kura.KuraException) UnknownHostException(java.net.UnknownHostException)

Example 3 with LinuxFirewall

use of org.eclipse.kura.linux.net.iptables.LinuxFirewall in project kura by eclipse.

the class FirewallAutoNatConfigReader method getConfig.

private void getConfig(NetInterfaceConfig<? extends NetInterfaceAddressConfig> netInterfaceConfig, Properties kuraProps) throws KuraException {
    String interfaceName = netInterfaceConfig.getName();
    NetInterfaceType type = netInterfaceConfig.getType();
    if (type == NetInterfaceType.ETHERNET || type == NetInterfaceType.WIFI) {
        s_logger.debug("Getting NAT config for {}", interfaceName);
        if (kuraProps != null) {
            s_logger.debug("Getting NAT config from kuraProps");
            boolean natEnabled = false;
            boolean useMasquerade = false;
            String prop = null;
            String srcIface = null;
            String dstIface = null;
            StringBuilder sb = new StringBuilder().append("net.interface.").append(interfaceName).append(".config.nat.enabled");
            if ((prop = kuraProps.getProperty(sb.toString())) != null) {
                natEnabled = Boolean.parseBoolean(prop);
            }
            sb = new StringBuilder().append("net.interface.").append(interfaceName).append(".config.nat.masquerade");
            if ((prop = kuraProps.getProperty(sb.toString())) != null) {
                useMasquerade = Boolean.parseBoolean(prop);
            }
            sb = new StringBuilder().append("net.interface.").append(interfaceName).append(".config.nat.src.interface");
            if ((prop = kuraProps.getProperty(sb.toString())) != null) {
                srcIface = prop;
            }
            sb = new StringBuilder().append("net.interface.").append(interfaceName).append(".config.nat.dst.interface");
            if ((prop = kuraProps.getProperty(sb.toString())) != null) {
                dstIface = prop;
            }
            if (natEnabled) {
                FirewallAutoNatConfig natConfig = new FirewallAutoNatConfig(srcIface, dstIface, useMasquerade);
                List<? extends NetInterfaceAddressConfig> netInterfaceAddressConfigs = netInterfaceConfig.getNetInterfaceAddresses();
                if (netInterfaceAddressConfigs == null) {
                    throw KuraException.internalError("NetInterfaceAddress list is null for interface " + interfaceName);
                } else if (netInterfaceAddressConfigs.size() == 0) {
                    throw KuraException.internalError("NetInterfaceAddress list is empty for interface " + interfaceName);
                }
                for (NetInterfaceAddressConfig netInterfaceAddressConfig : netInterfaceAddressConfigs) {
                    List<NetConfig> netConfigs = netInterfaceAddressConfig.getConfigs();
                    if (netConfigs == null) {
                        netConfigs = new ArrayList<NetConfig>();
                        if (netInterfaceAddressConfig instanceof NetInterfaceAddressConfigImpl) {
                            ((NetInterfaceAddressConfigImpl) netInterfaceAddressConfig).setNetConfigs(netConfigs);
                        } else if (netInterfaceAddressConfig instanceof WifiInterfaceAddressConfigImpl) {
                            ((WifiInterfaceAddressConfigImpl) netInterfaceAddressConfig).setNetConfigs(netConfigs);
                        }
                    }
                    netConfigs.add(natConfig);
                }
            }
        } else {
            // get it from the firewall file if possible
            LinuxFirewall firewall = LinuxFirewall.getInstance();
            Set<NATRule> natRules = firewall.getAutoNatRules();
            if (natRules != null && !natRules.isEmpty()) {
                Iterator<NATRule> it = natRules.iterator();
                while (it.hasNext()) {
                    NATRule rule = it.next();
                    if (rule.getSourceInterface().equals(interfaceName)) {
                        s_logger.debug("found NAT rule: {}", rule);
                        // this is the one we care about
                        FirewallAutoNatConfig natConfig = new FirewallAutoNatConfig(rule.getSourceInterface(), rule.getDestinationInterface(), rule.isMasquerade());
                        List<? extends NetInterfaceAddressConfig> netInterfaceAddressConfigs = netInterfaceConfig.getNetInterfaceAddresses();
                        if (netInterfaceAddressConfigs == null) {
                            throw KuraException.internalError("NetInterfaceAddress list is null for interface " + interfaceName);
                        } else if (netInterfaceAddressConfigs.size() == 0) {
                            throw KuraException.internalError("NetInterfaceAddress list is empty for interface " + interfaceName);
                        }
                        for (NetInterfaceAddressConfig netInterfaceAddressConfig : netInterfaceAddressConfigs) {
                            List<NetConfig> netConfigs = netInterfaceAddressConfig.getConfigs();
                            if (netConfigs == null) {
                                netConfigs = new ArrayList<NetConfig>();
                                if (netInterfaceAddressConfig instanceof NetInterfaceAddressConfigImpl) {
                                    ((NetInterfaceAddressConfigImpl) netInterfaceAddressConfig).setNetConfigs(netConfigs);
                                } else if (netInterfaceAddressConfig instanceof WifiInterfaceAddressConfigImpl) {
                                    ((WifiInterfaceAddressConfigImpl) netInterfaceAddressConfig).setNetConfigs(netConfigs);
                                }
                            }
                            netConfigs.add(natConfig);
                        }
                    }
                }
            }
        }
    }
}
Also used : NetInterfaceAddressConfigImpl(org.eclipse.kura.core.net.NetInterfaceAddressConfigImpl) FirewallAutoNatConfig(org.eclipse.kura.net.firewall.FirewallAutoNatConfig) LinuxFirewall(org.eclipse.kura.linux.net.iptables.LinuxFirewall) NATRule(org.eclipse.kura.linux.net.iptables.NATRule) NetInterfaceType(org.eclipse.kura.net.NetInterfaceType) NetConfig(org.eclipse.kura.net.NetConfig) NetInterfaceAddressConfig(org.eclipse.kura.net.NetInterfaceAddressConfig) WifiInterfaceAddressConfigImpl(org.eclipse.kura.core.net.WifiInterfaceAddressConfigImpl)

Example 4 with LinuxFirewall

use of org.eclipse.kura.linux.net.iptables.LinuxFirewall in project kura by eclipse.

the class FirewallAutoNatConfigWriter method applyNatConfig.

private void applyNatConfig(NetworkConfiguration networkConfig) throws KuraException {
    LinuxFirewall firewall = LinuxFirewall.getInstance();
    firewall.replaceAllNatRules(getNatConfigs(networkConfig));
    firewall.enable();
}
Also used : LinuxFirewall(org.eclipse.kura.linux.net.iptables.LinuxFirewall)

Example 5 with LinuxFirewall

use of org.eclipse.kura.linux.net.iptables.LinuxFirewall in project kura by eclipse.

the class FirewallConfigurationServiceImpl method setFirewallPortForwardingConfiguration.

@Override
public void setFirewallPortForwardingConfiguration(List<FirewallPortForwardConfigIP<? extends IPAddress>> firewallConfiguration) throws KuraException {
    s_logger.debug("setFirewallPortForwardingConfiguration() :: Deleting port forward rules");
    LinuxFirewall firewall = LinuxFirewall.getInstance();
    firewall.deleteAllPortForwardRules();
    ArrayList<PortForwardRule> portForwardRules = new ArrayList<PortForwardRule>();
    for (FirewallPortForwardConfigIP<? extends IPAddress> portForwardEntry : firewallConfiguration) {
        s_logger.debug("setFirewallPortForwardingConfiguration() :: Adding port forward rule for: {}", portForwardEntry.getInPort());
        if (portForwardEntry.getPermittedNetwork() == null || portForwardEntry.getPermittedNetwork().getIpAddress() == null) {
            try {
                portForwardEntry.setPermittedNetwork(new NetworkPair(IPAddress.parseHostAddress("0.0.0.0"), (short) 0));
            } catch (UnknownHostException e) {
                e.printStackTrace();
            }
        }
        PortForwardRule portForwardRule = new PortForwardRule(portForwardEntry.getInboundInterface(), portForwardEntry.getOutboundInterface(), portForwardEntry.getAddress().getHostAddress(), portForwardEntry.getProtocol().name(), portForwardEntry.getInPort(), portForwardEntry.getOutPort(), portForwardEntry.isMasquerade(), portForwardEntry.getPermittedNetwork().getIpAddress().getHostAddress(), portForwardEntry.getPermittedNetwork().getPrefix(), portForwardEntry.getPermittedMac(), portForwardEntry.getSourcePortRange());
        portForwardRules.add(portForwardRule);
    }
    firewall.addPortForwardRules(portForwardRules);
}
Also used : NetworkPair(org.eclipse.kura.net.NetworkPair) UnknownHostException(java.net.UnknownHostException) PortForwardRule(org.eclipse.kura.linux.net.iptables.PortForwardRule) LinuxFirewall(org.eclipse.kura.linux.net.iptables.LinuxFirewall) ArrayList(java.util.ArrayList)

Aggregations

LinuxFirewall (org.eclipse.kura.linux.net.iptables.LinuxFirewall)7 UnknownHostException (java.net.UnknownHostException)4 NATRule (org.eclipse.kura.linux.net.iptables.NATRule)4 ArrayList (java.util.ArrayList)3 NetworkPair (org.eclipse.kura.net.NetworkPair)3 FirewallAutoNatConfig (org.eclipse.kura.net.firewall.FirewallAutoNatConfig)3 KuraException (org.eclipse.kura.KuraException)2 LocalRule (org.eclipse.kura.linux.net.iptables.LocalRule)2 PortForwardRule (org.eclipse.kura.linux.net.iptables.PortForwardRule)2 NetConfig (org.eclipse.kura.net.NetConfig)2 NetInterfaceAddressConfig (org.eclipse.kura.net.NetInterfaceAddressConfig)2 FirewallNatConfig (org.eclipse.kura.net.firewall.FirewallNatConfig)2 ComponentConfiguration (org.eclipse.kura.configuration.ComponentConfiguration)1 SelfConfiguringComponent (org.eclipse.kura.configuration.SelfConfiguringComponent)1 FirewallConfiguration (org.eclipse.kura.core.net.FirewallConfiguration)1 NetInterfaceAddressConfigImpl (org.eclipse.kura.core.net.NetInterfaceAddressConfigImpl)1 NetworkConfiguration (org.eclipse.kura.core.net.NetworkConfiguration)1 WifiInterfaceAddressConfigImpl (org.eclipse.kura.core.net.WifiInterfaceAddressConfigImpl)1 IP4Address (org.eclipse.kura.net.IP4Address)1 NetInterfaceConfig (org.eclipse.kura.net.NetInterfaceConfig)1