Search in sources :

Example 1 with LocalRule

use of org.eclipse.kura.linux.net.iptables.LocalRule in project kura by eclipse.

the class FirewallConfigurationServiceImpl method setFirewallOpenPortConfiguration.

@Override
public void setFirewallOpenPortConfiguration(List<FirewallOpenPortConfigIP<? extends IPAddress>> firewallConfiguration) throws KuraException {
    s_logger.debug("setFirewallOpenPortConfiguration() :: Deleting local rules");
    LinuxFirewall firewall = LinuxFirewall.getInstance();
    firewall.deleteAllLocalRules();
    ArrayList<LocalRule> localRules = new ArrayList<LocalRule>();
    for (FirewallOpenPortConfigIP<? extends IPAddress> openPortEntry : firewallConfiguration) {
        if (openPortEntry.getPermittedNetwork() == null || openPortEntry.getPermittedNetwork().getIpAddress() == null) {
            try {
                openPortEntry.setPermittedNetwork(new NetworkPair(IPAddress.parseHostAddress("0.0.0.0"), (short) 0));
            } catch (UnknownHostException e) {
                e.printStackTrace();
            }
        }
        try {
            LocalRule localRule = null;
            if (openPortEntry.getPortRange() != null) {
                s_logger.debug("setFirewallOpenPortConfiguration() :: Adding local rule for: {}", openPortEntry.getPortRange());
                localRule = new LocalRule(openPortEntry.getPortRange(), openPortEntry.getProtocol().name(), new NetworkPair(IPAddress.parseHostAddress(openPortEntry.getPermittedNetwork().getIpAddress().getHostAddress()), openPortEntry.getPermittedNetwork().getPrefix()), openPortEntry.getPermittedInterfaceName(), openPortEntry.getUnpermittedInterfaceName(), openPortEntry.getPermittedMac(), openPortEntry.getSourcePortRange());
            } else {
                s_logger.debug("setFirewallOpenPortConfiguration() :: Adding local rule for: {}", openPortEntry.getPort());
                localRule = new LocalRule(openPortEntry.getPort(), openPortEntry.getProtocol().name(), new NetworkPair(IPAddress.parseHostAddress(openPortEntry.getPermittedNetwork().getIpAddress().getHostAddress()), openPortEntry.getPermittedNetwork().getPrefix()), openPortEntry.getPermittedInterfaceName(), openPortEntry.getUnpermittedInterfaceName(), openPortEntry.getPermittedMac(), openPortEntry.getSourcePortRange());
            }
            localRules.add(localRule);
        } catch (Exception e) {
            s_logger.error("setFirewallOpenPortConfiguration() :: Failed to add local rule for: {} - {}", openPortEntry.getPort(), e);
        }
    }
    firewall.addLocalRules(localRules);
}
Also used : NetworkPair(org.eclipse.kura.net.NetworkPair) UnknownHostException(java.net.UnknownHostException) LinuxFirewall(org.eclipse.kura.linux.net.iptables.LinuxFirewall) ArrayList(java.util.ArrayList) LocalRule(org.eclipse.kura.linux.net.iptables.LocalRule) KuraException(org.eclipse.kura.KuraException) UnknownHostException(java.net.UnknownHostException)

Example 2 with LocalRule

use of org.eclipse.kura.linux.net.iptables.LocalRule in project kura by eclipse.

the class FirewallConfigurationServiceImpl method getFirewallConfiguration.

@Override
public FirewallConfiguration getFirewallConfiguration() throws KuraException {
    s_logger.debug("getting the firewall configuration");
    FirewallConfiguration firewallConfiguration = new FirewallConfiguration();
    LinuxFirewall firewall = LinuxFirewall.getInstance();
    Iterator<LocalRule> localRules = firewall.getLocalRules().iterator();
    while (localRules.hasNext()) {
        LocalRule localRule = localRules.next();
        if (localRule.getPortRange() != null) {
            s_logger.debug("getFirewallConfiguration() :: Adding local rule for {}", localRule.getPortRange());
            firewallConfiguration.addConfig(new FirewallOpenPortConfigIP4(localRule.getPortRange(), NetProtocol.valueOf(localRule.getProtocol()), localRule.getPermittedNetwork(), localRule.getPermittedInterfaceName(), localRule.getUnpermittedInterfaceName(), localRule.getPermittedMAC(), localRule.getSourcePortRange()));
        } else {
            s_logger.debug("getFirewallConfiguration() :: Adding local rule for {}", localRule.getPort());
            firewallConfiguration.addConfig(new FirewallOpenPortConfigIP4(localRule.getPort(), NetProtocol.valueOf(localRule.getProtocol()), localRule.getPermittedNetwork(), localRule.getPermittedInterfaceName(), localRule.getUnpermittedInterfaceName(), localRule.getPermittedMAC(), localRule.getSourcePortRange()));
        }
    }
    Iterator<PortForwardRule> portForwardRules = firewall.getPortForwardRules().iterator();
    while (portForwardRules.hasNext()) {
        PortForwardRule portForwardRule = portForwardRules.next();
        try {
            s_logger.debug("getFirewallConfiguration() :: Adding port forwarding - inbound iface is {}", portForwardRule.getInboundIface());
            firewallConfiguration.addConfig(new FirewallPortForwardConfigIP4(portForwardRule.getInboundIface(), portForwardRule.getOutboundIface(), (IP4Address) IPAddress.parseHostAddress(portForwardRule.getAddress()), NetProtocol.valueOf(portForwardRule.getProtocol()), portForwardRule.getInPort(), portForwardRule.getOutPort(), portForwardRule.isMasquerade(), new NetworkPair<IP4Address>((IP4Address) IPAddress.parseHostAddress(portForwardRule.getPermittedNetwork()), (short) portForwardRule.getPermittedNetworkMask()), portForwardRule.getPermittedMAC(), portForwardRule.getSourcePortRange()));
        } catch (UnknownHostException e) {
            e.printStackTrace();
            throw new KuraException(KuraErrorCode.INTERNAL_ERROR, e);
        }
    }
    Iterator<NATRule> autoNatRules = firewall.getAutoNatRules().iterator();
    while (autoNatRules.hasNext()) {
        NATRule autoNatRule = autoNatRules.next();
        s_logger.debug("getFirewallConfiguration() :: Adding auto NAT rules {}", autoNatRule.getSourceInterface());
        firewallConfiguration.addConfig(new FirewallAutoNatConfig(autoNatRule.getSourceInterface(), autoNatRule.getDestinationInterface(), autoNatRule.isMasquerade()));
    }
    Iterator<NATRule> natRules = firewall.getNatRules().iterator();
    while (natRules.hasNext()) {
        NATRule natRule = natRules.next();
        s_logger.debug("getFirewallConfiguration() :: Adding NAT rules {}", natRule.getSourceInterface());
        firewallConfiguration.addConfig(new FirewallNatConfig(natRule.getSourceInterface(), natRule.getDestinationInterface(), natRule.getProtocol(), natRule.getSource(), natRule.getDestination(), natRule.isMasquerade()));
    }
    return firewallConfiguration;
}
Also used : UnknownHostException(java.net.UnknownHostException) FirewallAutoNatConfig(org.eclipse.kura.net.firewall.FirewallAutoNatConfig) PortForwardRule(org.eclipse.kura.linux.net.iptables.PortForwardRule) IP4Address(org.eclipse.kura.net.IP4Address) FirewallConfiguration(org.eclipse.kura.core.net.FirewallConfiguration) LinuxFirewall(org.eclipse.kura.linux.net.iptables.LinuxFirewall) NATRule(org.eclipse.kura.linux.net.iptables.NATRule) FirewallNatConfig(org.eclipse.kura.net.firewall.FirewallNatConfig) NetworkPair(org.eclipse.kura.net.NetworkPair) KuraException(org.eclipse.kura.KuraException) FirewallPortForwardConfigIP4(org.eclipse.kura.net.firewall.FirewallPortForwardConfigIP4) FirewallOpenPortConfigIP4(org.eclipse.kura.net.firewall.FirewallOpenPortConfigIP4) LocalRule(org.eclipse.kura.linux.net.iptables.LocalRule)

Aggregations

UnknownHostException (java.net.UnknownHostException)2 KuraException (org.eclipse.kura.KuraException)2 LinuxFirewall (org.eclipse.kura.linux.net.iptables.LinuxFirewall)2 LocalRule (org.eclipse.kura.linux.net.iptables.LocalRule)2 NetworkPair (org.eclipse.kura.net.NetworkPair)2 ArrayList (java.util.ArrayList)1 FirewallConfiguration (org.eclipse.kura.core.net.FirewallConfiguration)1 NATRule (org.eclipse.kura.linux.net.iptables.NATRule)1 PortForwardRule (org.eclipse.kura.linux.net.iptables.PortForwardRule)1 IP4Address (org.eclipse.kura.net.IP4Address)1 FirewallAutoNatConfig (org.eclipse.kura.net.firewall.FirewallAutoNatConfig)1 FirewallNatConfig (org.eclipse.kura.net.firewall.FirewallNatConfig)1 FirewallOpenPortConfigIP4 (org.eclipse.kura.net.firewall.FirewallOpenPortConfigIP4)1 FirewallPortForwardConfigIP4 (org.eclipse.kura.net.firewall.FirewallPortForwardConfigIP4)1