use of org.eclipse.kura.linux.net.iptables.NATRule in project kura by eclipse.
the class NetworkAdminServiceImpl method manageFirewall.
@Override
public void manageFirewall(String gatewayIface) throws KuraException {
// get desired NAT rules interfaces
LinkedHashSet<NATRule> desiredNatRules = null;
ComponentConfiguration networkComponentConfiguration = ((SelfConfiguringComponent) this.m_networkConfigurationService).getConfiguration();
if (gatewayIface != null && networkComponentConfiguration != null) {
try {
NetworkConfiguration netConfiguration = new NetworkConfiguration(networkComponentConfiguration.getConfigurationProperties());
List<NetInterfaceConfig<? extends NetInterfaceAddressConfig>> netInterfaceConfigs = netConfiguration.getNetInterfaceConfigs();
for (NetInterfaceConfig<? extends NetInterfaceAddressConfig> netInterfaceConfig : netInterfaceConfigs) {
String ifaceName = netInterfaceConfig.getName();
List<? extends NetInterfaceAddressConfig> netInterfaceAddressConfigs = netInterfaceConfig.getNetInterfaceAddresses();
if (netInterfaceAddressConfigs != null && !netInterfaceAddressConfigs.isEmpty()) {
for (NetInterfaceAddressConfig netInterfaceAddressConfig : netInterfaceAddressConfigs) {
List<NetConfig> existingNetConfigs = netInterfaceAddressConfig.getConfigs();
if (existingNetConfigs != null && !existingNetConfigs.isEmpty()) {
for (NetConfig netConfig : existingNetConfigs) {
if (netConfig instanceof FirewallAutoNatConfig) {
if (desiredNatRules == null) {
desiredNatRules = new LinkedHashSet<NATRule>();
}
desiredNatRules.add(new NATRule(ifaceName, gatewayIface, true));
}
}
}
}
}
}
} catch (UnknownHostException e) {
s_logger.warn("Exception while updating firewall configuration", e);
}
}
LinuxFirewall firewall = LinuxFirewall.getInstance();
if (desiredNatRules != null) {
firewall.replaceAllNatRules(desiredNatRules);
} else {
firewall.deleteAllAutoNatRules();
}
firewall.enable();
}
use of org.eclipse.kura.linux.net.iptables.NATRule in project kura by eclipse.
the class FirewallAutoNatConfigReader method getConfig.
private void getConfig(NetInterfaceConfig<? extends NetInterfaceAddressConfig> netInterfaceConfig, Properties kuraProps) throws KuraException {
String interfaceName = netInterfaceConfig.getName();
NetInterfaceType type = netInterfaceConfig.getType();
if (type == NetInterfaceType.ETHERNET || type == NetInterfaceType.WIFI) {
s_logger.debug("Getting NAT config for {}", interfaceName);
if (kuraProps != null) {
s_logger.debug("Getting NAT config from kuraProps");
boolean natEnabled = false;
boolean useMasquerade = false;
String prop = null;
String srcIface = null;
String dstIface = null;
StringBuilder sb = new StringBuilder().append("net.interface.").append(interfaceName).append(".config.nat.enabled");
if ((prop = kuraProps.getProperty(sb.toString())) != null) {
natEnabled = Boolean.parseBoolean(prop);
}
sb = new StringBuilder().append("net.interface.").append(interfaceName).append(".config.nat.masquerade");
if ((prop = kuraProps.getProperty(sb.toString())) != null) {
useMasquerade = Boolean.parseBoolean(prop);
}
sb = new StringBuilder().append("net.interface.").append(interfaceName).append(".config.nat.src.interface");
if ((prop = kuraProps.getProperty(sb.toString())) != null) {
srcIface = prop;
}
sb = new StringBuilder().append("net.interface.").append(interfaceName).append(".config.nat.dst.interface");
if ((prop = kuraProps.getProperty(sb.toString())) != null) {
dstIface = prop;
}
if (natEnabled) {
FirewallAutoNatConfig natConfig = new FirewallAutoNatConfig(srcIface, dstIface, useMasquerade);
List<? extends NetInterfaceAddressConfig> netInterfaceAddressConfigs = netInterfaceConfig.getNetInterfaceAddresses();
if (netInterfaceAddressConfigs == null) {
throw KuraException.internalError("NetInterfaceAddress list is null for interface " + interfaceName);
} else if (netInterfaceAddressConfigs.size() == 0) {
throw KuraException.internalError("NetInterfaceAddress list is empty for interface " + interfaceName);
}
for (NetInterfaceAddressConfig netInterfaceAddressConfig : netInterfaceAddressConfigs) {
List<NetConfig> netConfigs = netInterfaceAddressConfig.getConfigs();
if (netConfigs == null) {
netConfigs = new ArrayList<NetConfig>();
if (netInterfaceAddressConfig instanceof NetInterfaceAddressConfigImpl) {
((NetInterfaceAddressConfigImpl) netInterfaceAddressConfig).setNetConfigs(netConfigs);
} else if (netInterfaceAddressConfig instanceof WifiInterfaceAddressConfigImpl) {
((WifiInterfaceAddressConfigImpl) netInterfaceAddressConfig).setNetConfigs(netConfigs);
}
}
netConfigs.add(natConfig);
}
}
} else {
// get it from the firewall file if possible
LinuxFirewall firewall = LinuxFirewall.getInstance();
Set<NATRule> natRules = firewall.getAutoNatRules();
if (natRules != null && !natRules.isEmpty()) {
Iterator<NATRule> it = natRules.iterator();
while (it.hasNext()) {
NATRule rule = it.next();
if (rule.getSourceInterface().equals(interfaceName)) {
s_logger.debug("found NAT rule: {}", rule);
// this is the one we care about
FirewallAutoNatConfig natConfig = new FirewallAutoNatConfig(rule.getSourceInterface(), rule.getDestinationInterface(), rule.isMasquerade());
List<? extends NetInterfaceAddressConfig> netInterfaceAddressConfigs = netInterfaceConfig.getNetInterfaceAddresses();
if (netInterfaceAddressConfigs == null) {
throw KuraException.internalError("NetInterfaceAddress list is null for interface " + interfaceName);
} else if (netInterfaceAddressConfigs.size() == 0) {
throw KuraException.internalError("NetInterfaceAddress list is empty for interface " + interfaceName);
}
for (NetInterfaceAddressConfig netInterfaceAddressConfig : netInterfaceAddressConfigs) {
List<NetConfig> netConfigs = netInterfaceAddressConfig.getConfigs();
if (netConfigs == null) {
netConfigs = new ArrayList<NetConfig>();
if (netInterfaceAddressConfig instanceof NetInterfaceAddressConfigImpl) {
((NetInterfaceAddressConfigImpl) netInterfaceAddressConfig).setNetConfigs(netConfigs);
} else if (netInterfaceAddressConfig instanceof WifiInterfaceAddressConfigImpl) {
((WifiInterfaceAddressConfigImpl) netInterfaceAddressConfig).setNetConfigs(netConfigs);
}
}
netConfigs.add(natConfig);
}
}
}
}
}
}
}
use of org.eclipse.kura.linux.net.iptables.NATRule in project kura by eclipse.
the class FirewallAutoNatConfigWriter method getNatConfigs.
private LinkedHashSet<NATRule> getNatConfigs(NetworkConfiguration networkConfig) {
LinkedHashSet<NATRule> natConfigs = new LinkedHashSet<NATRule>();
if (networkConfig != null) {
ArrayList<String> wanList = new ArrayList<String>();
ArrayList<String> natList = new ArrayList<String>();
// get relevant interfaces
for (NetInterfaceConfig<? extends NetInterfaceAddressConfig> netInterfaceConfig : networkConfig.getNetInterfaceConfigs()) {
String interfaceName = netInterfaceConfig.getName();
NetInterfaceStatus status = NetInterfaceStatus.netIPv4StatusUnknown;
boolean isNat = false;
for (NetInterfaceAddressConfig addressConfig : netInterfaceConfig.getNetInterfaceAddresses()) {
for (NetConfig netConfig : addressConfig.getConfigs()) {
if (netConfig instanceof NetConfigIP4) {
status = ((NetConfigIP4) netConfig).getStatus();
} else if (netConfig instanceof FirewallAutoNatConfig) {
s_logger.debug("getNatConfigs() :: FirewallAutoNatConfig: {}", ((FirewallAutoNatConfig) netConfig).toString());
isNat = true;
} else if (netConfig instanceof FirewallNatConfig) {
s_logger.debug("getNatConfigs() :: FirewallNatConfig: {}", ((FirewallNatConfig) netConfig).toString());
}
}
}
if (NetInterfaceStatus.netIPv4StatusEnabledWAN.equals(status)) {
wanList.add(interfaceName);
} else if (NetInterfaceStatus.netIPv4StatusEnabledLAN.equals(status) && isNat) {
natList.add(interfaceName);
}
}
// create a nat rule for each interface to all potential wan interfaces
for (String sourceInterface : natList) {
for (String destinationInterface : wanList) {
s_logger.debug("Got NAT rule for source: " + sourceInterface + ", destination: " + destinationInterface);
natConfigs.add(new NATRule(sourceInterface, destinationInterface, true));
}
}
}
return natConfigs;
}
use of org.eclipse.kura.linux.net.iptables.NATRule in project kura by eclipse.
the class FirewallConfigurationServiceImpl method setFirewallNatConfiguration.
@Override
public void setFirewallNatConfiguration(List<FirewallNatConfig> natConfigs) throws KuraException {
LinuxFirewall firewall = LinuxFirewall.getInstance();
firewall.deleteAllNatRules();
ArrayList<NATRule> natRules = new ArrayList<NATRule>();
for (FirewallNatConfig natConfig : natConfigs) {
NATRule natRule = new NATRule(natConfig.getSourceInterface(), natConfig.getDestinationInterface(), natConfig.getProtocol(), natConfig.getSource(), natConfig.getDestination(), natConfig.isMasquerade());
natRules.add(natRule);
}
firewall.addNatRules(natRules);
}
use of org.eclipse.kura.linux.net.iptables.NATRule in project kura by eclipse.
the class FirewallConfigurationServiceImpl method getFirewallConfiguration.
@Override
public FirewallConfiguration getFirewallConfiguration() throws KuraException {
s_logger.debug("getting the firewall configuration");
FirewallConfiguration firewallConfiguration = new FirewallConfiguration();
LinuxFirewall firewall = LinuxFirewall.getInstance();
Iterator<LocalRule> localRules = firewall.getLocalRules().iterator();
while (localRules.hasNext()) {
LocalRule localRule = localRules.next();
if (localRule.getPortRange() != null) {
s_logger.debug("getFirewallConfiguration() :: Adding local rule for {}", localRule.getPortRange());
firewallConfiguration.addConfig(new FirewallOpenPortConfigIP4(localRule.getPortRange(), NetProtocol.valueOf(localRule.getProtocol()), localRule.getPermittedNetwork(), localRule.getPermittedInterfaceName(), localRule.getUnpermittedInterfaceName(), localRule.getPermittedMAC(), localRule.getSourcePortRange()));
} else {
s_logger.debug("getFirewallConfiguration() :: Adding local rule for {}", localRule.getPort());
firewallConfiguration.addConfig(new FirewallOpenPortConfigIP4(localRule.getPort(), NetProtocol.valueOf(localRule.getProtocol()), localRule.getPermittedNetwork(), localRule.getPermittedInterfaceName(), localRule.getUnpermittedInterfaceName(), localRule.getPermittedMAC(), localRule.getSourcePortRange()));
}
}
Iterator<PortForwardRule> portForwardRules = firewall.getPortForwardRules().iterator();
while (portForwardRules.hasNext()) {
PortForwardRule portForwardRule = portForwardRules.next();
try {
s_logger.debug("getFirewallConfiguration() :: Adding port forwarding - inbound iface is {}", portForwardRule.getInboundIface());
firewallConfiguration.addConfig(new FirewallPortForwardConfigIP4(portForwardRule.getInboundIface(), portForwardRule.getOutboundIface(), (IP4Address) IPAddress.parseHostAddress(portForwardRule.getAddress()), NetProtocol.valueOf(portForwardRule.getProtocol()), portForwardRule.getInPort(), portForwardRule.getOutPort(), portForwardRule.isMasquerade(), new NetworkPair<IP4Address>((IP4Address) IPAddress.parseHostAddress(portForwardRule.getPermittedNetwork()), (short) portForwardRule.getPermittedNetworkMask()), portForwardRule.getPermittedMAC(), portForwardRule.getSourcePortRange()));
} catch (UnknownHostException e) {
e.printStackTrace();
throw new KuraException(KuraErrorCode.INTERNAL_ERROR, e);
}
}
Iterator<NATRule> autoNatRules = firewall.getAutoNatRules().iterator();
while (autoNatRules.hasNext()) {
NATRule autoNatRule = autoNatRules.next();
s_logger.debug("getFirewallConfiguration() :: Adding auto NAT rules {}", autoNatRule.getSourceInterface());
firewallConfiguration.addConfig(new FirewallAutoNatConfig(autoNatRule.getSourceInterface(), autoNatRule.getDestinationInterface(), autoNatRule.isMasquerade()));
}
Iterator<NATRule> natRules = firewall.getNatRules().iterator();
while (natRules.hasNext()) {
NATRule natRule = natRules.next();
s_logger.debug("getFirewallConfiguration() :: Adding NAT rules {}", natRule.getSourceInterface());
firewallConfiguration.addConfig(new FirewallNatConfig(natRule.getSourceInterface(), natRule.getDestinationInterface(), natRule.getProtocol(), natRule.getSource(), natRule.getDestination(), natRule.isMasquerade()));
}
return firewallConfiguration;
}
Aggregations