use of org.eclipse.kura.linux.net.iptables.LocalRule in project kura by eclipse.
the class FirewallConfigurationServiceImpl method setFirewallOpenPortConfiguration.
@Override
public void setFirewallOpenPortConfiguration(List<FirewallOpenPortConfigIP<? extends IPAddress>> firewallConfiguration) throws KuraException {
s_logger.debug("setFirewallOpenPortConfiguration() :: Deleting local rules");
LinuxFirewall firewall = LinuxFirewall.getInstance();
firewall.deleteAllLocalRules();
ArrayList<LocalRule> localRules = new ArrayList<LocalRule>();
for (FirewallOpenPortConfigIP<? extends IPAddress> openPortEntry : firewallConfiguration) {
if (openPortEntry.getPermittedNetwork() == null || openPortEntry.getPermittedNetwork().getIpAddress() == null) {
try {
openPortEntry.setPermittedNetwork(new NetworkPair(IPAddress.parseHostAddress("0.0.0.0"), (short) 0));
} catch (UnknownHostException e) {
e.printStackTrace();
}
}
try {
LocalRule localRule = null;
if (openPortEntry.getPortRange() != null) {
s_logger.debug("setFirewallOpenPortConfiguration() :: Adding local rule for: {}", openPortEntry.getPortRange());
localRule = new LocalRule(openPortEntry.getPortRange(), openPortEntry.getProtocol().name(), new NetworkPair(IPAddress.parseHostAddress(openPortEntry.getPermittedNetwork().getIpAddress().getHostAddress()), openPortEntry.getPermittedNetwork().getPrefix()), openPortEntry.getPermittedInterfaceName(), openPortEntry.getUnpermittedInterfaceName(), openPortEntry.getPermittedMac(), openPortEntry.getSourcePortRange());
} else {
s_logger.debug("setFirewallOpenPortConfiguration() :: Adding local rule for: {}", openPortEntry.getPort());
localRule = new LocalRule(openPortEntry.getPort(), openPortEntry.getProtocol().name(), new NetworkPair(IPAddress.parseHostAddress(openPortEntry.getPermittedNetwork().getIpAddress().getHostAddress()), openPortEntry.getPermittedNetwork().getPrefix()), openPortEntry.getPermittedInterfaceName(), openPortEntry.getUnpermittedInterfaceName(), openPortEntry.getPermittedMac(), openPortEntry.getSourcePortRange());
}
localRules.add(localRule);
} catch (Exception e) {
s_logger.error("setFirewallOpenPortConfiguration() :: Failed to add local rule for: {} - {}", openPortEntry.getPort(), e);
}
}
firewall.addLocalRules(localRules);
}
use of org.eclipse.kura.linux.net.iptables.LocalRule in project kura by eclipse.
the class FirewallConfigurationServiceImpl method getFirewallConfiguration.
@Override
public FirewallConfiguration getFirewallConfiguration() throws KuraException {
s_logger.debug("getting the firewall configuration");
FirewallConfiguration firewallConfiguration = new FirewallConfiguration();
LinuxFirewall firewall = LinuxFirewall.getInstance();
Iterator<LocalRule> localRules = firewall.getLocalRules().iterator();
while (localRules.hasNext()) {
LocalRule localRule = localRules.next();
if (localRule.getPortRange() != null) {
s_logger.debug("getFirewallConfiguration() :: Adding local rule for {}", localRule.getPortRange());
firewallConfiguration.addConfig(new FirewallOpenPortConfigIP4(localRule.getPortRange(), NetProtocol.valueOf(localRule.getProtocol()), localRule.getPermittedNetwork(), localRule.getPermittedInterfaceName(), localRule.getUnpermittedInterfaceName(), localRule.getPermittedMAC(), localRule.getSourcePortRange()));
} else {
s_logger.debug("getFirewallConfiguration() :: Adding local rule for {}", localRule.getPort());
firewallConfiguration.addConfig(new FirewallOpenPortConfigIP4(localRule.getPort(), NetProtocol.valueOf(localRule.getProtocol()), localRule.getPermittedNetwork(), localRule.getPermittedInterfaceName(), localRule.getUnpermittedInterfaceName(), localRule.getPermittedMAC(), localRule.getSourcePortRange()));
}
}
Iterator<PortForwardRule> portForwardRules = firewall.getPortForwardRules().iterator();
while (portForwardRules.hasNext()) {
PortForwardRule portForwardRule = portForwardRules.next();
try {
s_logger.debug("getFirewallConfiguration() :: Adding port forwarding - inbound iface is {}", portForwardRule.getInboundIface());
firewallConfiguration.addConfig(new FirewallPortForwardConfigIP4(portForwardRule.getInboundIface(), portForwardRule.getOutboundIface(), (IP4Address) IPAddress.parseHostAddress(portForwardRule.getAddress()), NetProtocol.valueOf(portForwardRule.getProtocol()), portForwardRule.getInPort(), portForwardRule.getOutPort(), portForwardRule.isMasquerade(), new NetworkPair<IP4Address>((IP4Address) IPAddress.parseHostAddress(portForwardRule.getPermittedNetwork()), (short) portForwardRule.getPermittedNetworkMask()), portForwardRule.getPermittedMAC(), portForwardRule.getSourcePortRange()));
} catch (UnknownHostException e) {
e.printStackTrace();
throw new KuraException(KuraErrorCode.INTERNAL_ERROR, e);
}
}
Iterator<NATRule> autoNatRules = firewall.getAutoNatRules().iterator();
while (autoNatRules.hasNext()) {
NATRule autoNatRule = autoNatRules.next();
s_logger.debug("getFirewallConfiguration() :: Adding auto NAT rules {}", autoNatRule.getSourceInterface());
firewallConfiguration.addConfig(new FirewallAutoNatConfig(autoNatRule.getSourceInterface(), autoNatRule.getDestinationInterface(), autoNatRule.isMasquerade()));
}
Iterator<NATRule> natRules = firewall.getNatRules().iterator();
while (natRules.hasNext()) {
NATRule natRule = natRules.next();
s_logger.debug("getFirewallConfiguration() :: Adding NAT rules {}", natRule.getSourceInterface());
firewallConfiguration.addConfig(new FirewallNatConfig(natRule.getSourceInterface(), natRule.getDestinationInterface(), natRule.getProtocol(), natRule.getSource(), natRule.getDestination(), natRule.isMasquerade()));
}
return firewallConfiguration;
}
Aggregations