Search in sources :

Example 1 with FirewallNatConfig

use of org.eclipse.kura.net.firewall.FirewallNatConfig in project kura by eclipse.

the class GwtNetworkServiceImpl method findDeviceFirewallNATs.

@Override
public ArrayList<GwtFirewallNatEntry> findDeviceFirewallNATs(GwtXSRFToken xsrfToken) throws GwtKuraException {
    checkXSRFToken(xsrfToken);
    NetworkAdminService nas = ServiceLocator.getInstance().getService(NetworkAdminService.class);
    List<GwtFirewallNatEntry> gwtNatEntries = new ArrayList<GwtFirewallNatEntry>();
    try {
        List<NetConfig> firewallConfigs = nas.getFirewallConfiguration();
        if (firewallConfigs != null && !firewallConfigs.isEmpty()) {
            for (NetConfig netConfig : firewallConfigs) {
                if (netConfig instanceof FirewallNatConfig) {
                    s_logger.debug("findDeviceFirewallNATs() :: adding new NAT Entry");
                    GwtFirewallNatEntry entry = new GwtFirewallNatEntry();
                    entry.setInInterface(((FirewallNatConfig) netConfig).getSourceInterface());
                    entry.setOutInterface(((FirewallNatConfig) netConfig).getDestinationInterface());
                    entry.setProtocol(((FirewallNatConfig) netConfig).getProtocol());
                    entry.setSourceNetwork(((FirewallNatConfig) netConfig).getSource());
                    entry.setDestinationNetwork(((FirewallNatConfig) netConfig).getDestination());
                    String masquerade = ((FirewallNatConfig) netConfig).isMasquerade() ? "yes" : "no";
                    entry.setMasquerade(masquerade);
                    gwtNatEntries.add(entry);
                }
            }
        }
        return new ArrayList<GwtFirewallNatEntry>(gwtNatEntries);
    } catch (KuraException e) {
        s_logger.warn("Failed", e);
        throw new GwtKuraException(GwtKuraErrorCode.INTERNAL_ERROR, e);
    }
}
Also used : GwtKuraException(org.eclipse.kura.web.shared.GwtKuraException) GwtFirewallNatEntry(org.eclipse.kura.web.shared.model.GwtFirewallNatEntry) KuraException(org.eclipse.kura.KuraException) GwtKuraException(org.eclipse.kura.web.shared.GwtKuraException) ArrayList(java.util.ArrayList) NetConfig(org.eclipse.kura.net.NetConfig) NetworkAdminService(org.eclipse.kura.net.NetworkAdminService) FirewallNatConfig(org.eclipse.kura.net.firewall.FirewallNatConfig)

Example 2 with FirewallNatConfig

use of org.eclipse.kura.net.firewall.FirewallNatConfig in project kura by eclipse.

the class GwtNetworkServiceImpl method updateDeviceFirewallNATs.

@Override
public void updateDeviceFirewallNATs(GwtXSRFToken xsrfToken, List<GwtFirewallNatEntry> entries) throws GwtKuraException {
    s_logger.debug("updateDeviceFirewallNATs() :: updating NAT entries");
    checkXSRFToken(xsrfToken);
    NetworkAdminService nas = ServiceLocator.getInstance().getService(NetworkAdminService.class);
    List<FirewallNatConfig> firewallNatConfigs = new ArrayList<FirewallNatConfig>();
    for (GwtFirewallNatEntry entry : entries) {
        String srcNetwork = GwtSafeHtmlUtils.htmlEscape(entry.getSourceNetwork());
        String dstNetwork = GwtSafeHtmlUtils.htmlEscape(entry.getDestinationNetwork());
        if (srcNetwork == null || "".equals(srcNetwork)) {
            srcNetwork = "0.0.0.0/0";
        }
        if (dstNetwork == null || "".equals(dstNetwork)) {
            dstNetwork = "0.0.0.0/0";
        }
        boolean masquerade = entry.getMasquerade().equals("yes") ? true : false;
        FirewallNatConfig firewallNatConfig = new FirewallNatConfig(GwtSafeHtmlUtils.htmlEscape(entry.getInInterface()), GwtSafeHtmlUtils.htmlEscape(entry.getOutInterface()), GwtSafeHtmlUtils.htmlEscape(entry.getProtocol()), srcNetwork, dstNetwork, masquerade);
        firewallNatConfigs.add(firewallNatConfig);
    }
    try {
        nas.setFirewallNatConfiguration(firewallNatConfigs);
    } catch (KuraException e) {
        throw new GwtKuraException(GwtKuraErrorCode.INTERNAL_ERROR, e);
    }
}
Also used : GwtKuraException(org.eclipse.kura.web.shared.GwtKuraException) GwtFirewallNatEntry(org.eclipse.kura.web.shared.model.GwtFirewallNatEntry) KuraException(org.eclipse.kura.KuraException) GwtKuraException(org.eclipse.kura.web.shared.GwtKuraException) ArrayList(java.util.ArrayList) NetworkAdminService(org.eclipse.kura.net.NetworkAdminService) FirewallNatConfig(org.eclipse.kura.net.firewall.FirewallNatConfig)

Example 3 with FirewallNatConfig

use of org.eclipse.kura.net.firewall.FirewallNatConfig in project kura by eclipse.

the class FirewallAutoNatConfigWriter method getNatConfigs.

private LinkedHashSet<NATRule> getNatConfigs(NetworkConfiguration networkConfig) {
    LinkedHashSet<NATRule> natConfigs = new LinkedHashSet<NATRule>();
    if (networkConfig != null) {
        ArrayList<String> wanList = new ArrayList<String>();
        ArrayList<String> natList = new ArrayList<String>();
        // get relevant interfaces
        for (NetInterfaceConfig<? extends NetInterfaceAddressConfig> netInterfaceConfig : networkConfig.getNetInterfaceConfigs()) {
            String interfaceName = netInterfaceConfig.getName();
            NetInterfaceStatus status = NetInterfaceStatus.netIPv4StatusUnknown;
            boolean isNat = false;
            for (NetInterfaceAddressConfig addressConfig : netInterfaceConfig.getNetInterfaceAddresses()) {
                for (NetConfig netConfig : addressConfig.getConfigs()) {
                    if (netConfig instanceof NetConfigIP4) {
                        status = ((NetConfigIP4) netConfig).getStatus();
                    } else if (netConfig instanceof FirewallAutoNatConfig) {
                        s_logger.debug("getNatConfigs() :: FirewallAutoNatConfig: {}", ((FirewallAutoNatConfig) netConfig).toString());
                        isNat = true;
                    } else if (netConfig instanceof FirewallNatConfig) {
                        s_logger.debug("getNatConfigs() ::  FirewallNatConfig: {}", ((FirewallNatConfig) netConfig).toString());
                    }
                }
            }
            if (NetInterfaceStatus.netIPv4StatusEnabledWAN.equals(status)) {
                wanList.add(interfaceName);
            } else if (NetInterfaceStatus.netIPv4StatusEnabledLAN.equals(status) && isNat) {
                natList.add(interfaceName);
            }
        }
        // create a nat rule for each interface to all potential wan interfaces
        for (String sourceInterface : natList) {
            for (String destinationInterface : wanList) {
                s_logger.debug("Got NAT rule for source: " + sourceInterface + ", destination: " + destinationInterface);
                natConfigs.add(new NATRule(sourceInterface, destinationInterface, true));
            }
        }
    }
    return natConfigs;
}
Also used : LinkedHashSet(java.util.LinkedHashSet) FirewallAutoNatConfig(org.eclipse.kura.net.firewall.FirewallAutoNatConfig) NetInterfaceStatus(org.eclipse.kura.net.NetInterfaceStatus) ArrayList(java.util.ArrayList) NATRule(org.eclipse.kura.linux.net.iptables.NATRule) FirewallNatConfig(org.eclipse.kura.net.firewall.FirewallNatConfig) NetConfigIP4(org.eclipse.kura.net.NetConfigIP4) NetConfig(org.eclipse.kura.net.NetConfig) NetInterfaceAddressConfig(org.eclipse.kura.net.NetInterfaceAddressConfig)

Example 4 with FirewallNatConfig

use of org.eclipse.kura.net.firewall.FirewallNatConfig in project kura by eclipse.

the class FirewallConfigurationServiceImpl method setFirewallNatConfiguration.

@Override
public void setFirewallNatConfiguration(List<FirewallNatConfig> natConfigs) throws KuraException {
    LinuxFirewall firewall = LinuxFirewall.getInstance();
    firewall.deleteAllNatRules();
    ArrayList<NATRule> natRules = new ArrayList<NATRule>();
    for (FirewallNatConfig natConfig : natConfigs) {
        NATRule natRule = new NATRule(natConfig.getSourceInterface(), natConfig.getDestinationInterface(), natConfig.getProtocol(), natConfig.getSource(), natConfig.getDestination(), natConfig.isMasquerade());
        natRules.add(natRule);
    }
    firewall.addNatRules(natRules);
}
Also used : LinuxFirewall(org.eclipse.kura.linux.net.iptables.LinuxFirewall) ArrayList(java.util.ArrayList) NATRule(org.eclipse.kura.linux.net.iptables.NATRule) FirewallNatConfig(org.eclipse.kura.net.firewall.FirewallNatConfig)

Example 5 with FirewallNatConfig

use of org.eclipse.kura.net.firewall.FirewallNatConfig in project kura by eclipse.

the class FirewallConfigurationServiceImpl method getFirewallConfiguration.

@Override
public FirewallConfiguration getFirewallConfiguration() throws KuraException {
    s_logger.debug("getting the firewall configuration");
    FirewallConfiguration firewallConfiguration = new FirewallConfiguration();
    LinuxFirewall firewall = LinuxFirewall.getInstance();
    Iterator<LocalRule> localRules = firewall.getLocalRules().iterator();
    while (localRules.hasNext()) {
        LocalRule localRule = localRules.next();
        if (localRule.getPortRange() != null) {
            s_logger.debug("getFirewallConfiguration() :: Adding local rule for {}", localRule.getPortRange());
            firewallConfiguration.addConfig(new FirewallOpenPortConfigIP4(localRule.getPortRange(), NetProtocol.valueOf(localRule.getProtocol()), localRule.getPermittedNetwork(), localRule.getPermittedInterfaceName(), localRule.getUnpermittedInterfaceName(), localRule.getPermittedMAC(), localRule.getSourcePortRange()));
        } else {
            s_logger.debug("getFirewallConfiguration() :: Adding local rule for {}", localRule.getPort());
            firewallConfiguration.addConfig(new FirewallOpenPortConfigIP4(localRule.getPort(), NetProtocol.valueOf(localRule.getProtocol()), localRule.getPermittedNetwork(), localRule.getPermittedInterfaceName(), localRule.getUnpermittedInterfaceName(), localRule.getPermittedMAC(), localRule.getSourcePortRange()));
        }
    }
    Iterator<PortForwardRule> portForwardRules = firewall.getPortForwardRules().iterator();
    while (portForwardRules.hasNext()) {
        PortForwardRule portForwardRule = portForwardRules.next();
        try {
            s_logger.debug("getFirewallConfiguration() :: Adding port forwarding - inbound iface is {}", portForwardRule.getInboundIface());
            firewallConfiguration.addConfig(new FirewallPortForwardConfigIP4(portForwardRule.getInboundIface(), portForwardRule.getOutboundIface(), (IP4Address) IPAddress.parseHostAddress(portForwardRule.getAddress()), NetProtocol.valueOf(portForwardRule.getProtocol()), portForwardRule.getInPort(), portForwardRule.getOutPort(), portForwardRule.isMasquerade(), new NetworkPair<IP4Address>((IP4Address) IPAddress.parseHostAddress(portForwardRule.getPermittedNetwork()), (short) portForwardRule.getPermittedNetworkMask()), portForwardRule.getPermittedMAC(), portForwardRule.getSourcePortRange()));
        } catch (UnknownHostException e) {
            e.printStackTrace();
            throw new KuraException(KuraErrorCode.INTERNAL_ERROR, e);
        }
    }
    Iterator<NATRule> autoNatRules = firewall.getAutoNatRules().iterator();
    while (autoNatRules.hasNext()) {
        NATRule autoNatRule = autoNatRules.next();
        s_logger.debug("getFirewallConfiguration() :: Adding auto NAT rules {}", autoNatRule.getSourceInterface());
        firewallConfiguration.addConfig(new FirewallAutoNatConfig(autoNatRule.getSourceInterface(), autoNatRule.getDestinationInterface(), autoNatRule.isMasquerade()));
    }
    Iterator<NATRule> natRules = firewall.getNatRules().iterator();
    while (natRules.hasNext()) {
        NATRule natRule = natRules.next();
        s_logger.debug("getFirewallConfiguration() :: Adding NAT rules {}", natRule.getSourceInterface());
        firewallConfiguration.addConfig(new FirewallNatConfig(natRule.getSourceInterface(), natRule.getDestinationInterface(), natRule.getProtocol(), natRule.getSource(), natRule.getDestination(), natRule.isMasquerade()));
    }
    return firewallConfiguration;
}
Also used : UnknownHostException(java.net.UnknownHostException) FirewallAutoNatConfig(org.eclipse.kura.net.firewall.FirewallAutoNatConfig) PortForwardRule(org.eclipse.kura.linux.net.iptables.PortForwardRule) IP4Address(org.eclipse.kura.net.IP4Address) FirewallConfiguration(org.eclipse.kura.core.net.FirewallConfiguration) LinuxFirewall(org.eclipse.kura.linux.net.iptables.LinuxFirewall) NATRule(org.eclipse.kura.linux.net.iptables.NATRule) FirewallNatConfig(org.eclipse.kura.net.firewall.FirewallNatConfig) NetworkPair(org.eclipse.kura.net.NetworkPair) KuraException(org.eclipse.kura.KuraException) FirewallPortForwardConfigIP4(org.eclipse.kura.net.firewall.FirewallPortForwardConfigIP4) FirewallOpenPortConfigIP4(org.eclipse.kura.net.firewall.FirewallOpenPortConfigIP4) LocalRule(org.eclipse.kura.linux.net.iptables.LocalRule)

Aggregations

FirewallNatConfig (org.eclipse.kura.net.firewall.FirewallNatConfig)6 ArrayList (java.util.ArrayList)4 KuraException (org.eclipse.kura.KuraException)3 NATRule (org.eclipse.kura.linux.net.iptables.NATRule)3 LinuxFirewall (org.eclipse.kura.linux.net.iptables.LinuxFirewall)2 NetConfig (org.eclipse.kura.net.NetConfig)2 NetworkAdminService (org.eclipse.kura.net.NetworkAdminService)2 FirewallAutoNatConfig (org.eclipse.kura.net.firewall.FirewallAutoNatConfig)2 GwtKuraException (org.eclipse.kura.web.shared.GwtKuraException)2 GwtFirewallNatEntry (org.eclipse.kura.web.shared.model.GwtFirewallNatEntry)2 UnknownHostException (java.net.UnknownHostException)1 LinkedHashSet (java.util.LinkedHashSet)1 FirewallConfiguration (org.eclipse.kura.core.net.FirewallConfiguration)1 LocalRule (org.eclipse.kura.linux.net.iptables.LocalRule)1 PortForwardRule (org.eclipse.kura.linux.net.iptables.PortForwardRule)1 IP4Address (org.eclipse.kura.net.IP4Address)1 NetConfigIP4 (org.eclipse.kura.net.NetConfigIP4)1 NetInterfaceAddressConfig (org.eclipse.kura.net.NetInterfaceAddressConfig)1 NetInterfaceStatus (org.eclipse.kura.net.NetInterfaceStatus)1 NetworkPair (org.eclipse.kura.net.NetworkPair)1