public void Output(IpTablesSystem system, IpTablesRuleSet ruleSet) { foreach (var p in _protocols) { var description = _chain + "_" + p.Key; String chainName = ShortHash.HexHash(description); if (ruleSet.Chains.HasChain(chainName, _table)) { throw new IpTablesNetException(String.Format("Duplicate feature split: {0}", chainName)); } //Jump to chain var chain = ruleSet.Chains.GetChainOrAdd(_chain, _table, system); IpTablesRule jumpRule = new IpTablesRule(system, chain); jumpRule.GetModuleOrLoad <CoreModule>("core").Jump = chainName; jumpRule.GetModuleOrLoad <CommentModule>("comment").CommentText = _commentPrefix + "|FS|" + description; _setter(jumpRule, p.Key); ruleSet.AddRule(jumpRule); //Nested output ruleSet.AddChain(chainName, _table); p.Value.Output(system, ruleSet); } }
/// <summary> /// Create a rule with a goto target to a specified chain /// </summary> /// <param name="chainIn"></param> /// <param name="chainJump"></param> /// <param name="system"></param> /// <returns></returns> public static IpTablesRule CreateGoto(IpTablesChain chainIn, String chainJump, NetfilterSystem system) { var rule = new IpTablesRule(system, chainIn); rule.GetModuleOrLoad <CoreModule>("core").Goto = chainJump; return(rule); }
public void Output(IpTablesSystem system, IpTablesRuleSet ruleSet) { //foreach group => rules foreach (var p in _rules) { //The new chain var description = _chain + "_" + p.Key; String chainName = ShortHash.HexHash(description + "|" + _table); if (ruleSet.Chains.HasChain(chainName, _table)) { throw new IpTablesNetException(String.Format("Duplicate feature split: {0}", chainName)); } var chain = ruleSet.Chains.GetChainOrAdd(chainName, _table, system); //Nested output var singleRule = OutputRulesForGroup(ruleSet, system, p.Value, chainName, p.Key); //Console.WriteLine("Is Single Rule: {0}", singleRule == null ? "NO" : "YES"); if (singleRule == null) { if (chain.Rules.Count != 0) { IpTablesRule jumpRule = IpTablesRule.Parse(_baseRule, system, ruleSet.Chains); _setJump(jumpRule, p.Key); //jumpRule. jumpRule.GetModuleOrLoad <CoreModule>("core").Jump = chainName; jumpRule.GetModuleOrLoad <CommentModule>("comment").CommentText = _commentPrefix + "|MA|" + description; ruleSet.AddRule(jumpRule); } else { //Console.WriteLine(String.Format("No rules in the chain \"{0}\", skipping jump from {1}.", chainName, _chain)); } } else { _setJump(singleRule, p.Key); //ruleSet.AddRule(singleRule); } if (chain.Rules.Count == 0) { ruleSet.Chains.RemoveChain(chain); } } }
public static void SourcePortSetter(IpTablesRule rule, List <PortOrRange> ranges) { var protocol = rule.GetModule <CoreModule>("core").Protocol; if (ranges.Count == 1 && !protocol.Null && !protocol.Not) { if (protocol.Value == "tcp") { var tcp = rule.GetModuleOrLoad <TcpModule>("tcp"); tcp.SourcePort = new ValueOrNot <PortOrRange>(ranges[0]); } else { var tcp = rule.GetModuleOrLoad <UdpModule>("udp"); tcp.SourcePort = new ValueOrNot <PortOrRange>(ranges[0]); } } else { var multiport = rule.GetModuleOrLoad <MultiportModule>("multiport"); multiport.SourcePorts = new ValueOrNot <IEnumerable <PortOrRange> >(ranges); } }
/// <summary> /// Add the rules /// </summary> /// <param name="ruleSet"></param> /// <param name="system"></param> /// <param name="rules"></param> /// <param name="chainName"></param> /// <param name="key"></param> /// <returns>an IPTables rule if the output is singular</returns> private IpTablesRule OutputRulesForGroup(IpTablesRuleSet ruleSet, IpTablesSystem system, List <IpTablesRule> rules, string chainName, TKey key) { if (rules.Count == 0) { return(null); } int count = 0, ruleCount = 0; List <PortOrRange> ranges = new List <PortOrRange>(); IpTablesRule rule1 = null; var firstCore = rules[0].GetModule <CoreModule>("core"); int ruleIdx = 1; Action buildRule = () => { //Console.WriteLine("t2"); if (ranges.Count == 0) { throw new IpTablesNetException("this should not happen"); } rule1 = IpTablesRule.Parse(_baseRule, system, ruleSet.Chains); //Core Module var ruleCore = rule1.GetModuleOrLoad <CoreModule>("core"); ruleCore.Protocol = firstCore.Protocol; if (firstCore.TargetMode == TargetMode.Goto && !String.IsNullOrEmpty(firstCore.Goto)) { ruleCore.Goto = firstCore.Goto; } else if (firstCore.TargetMode == TargetMode.Jump && !String.IsNullOrEmpty(firstCore.Jump)) { ruleCore.Jump = firstCore.Jump; } //Comment Module var ruleComment = rule1.GetModuleOrLoad <CommentModule>("comment"); ruleComment.CommentText = _commentPrefix + "|" + chainName + "|" + ruleIdx; // Create just one rule if there is only one set of multiports if (ruleCount == 1 && ranges.Count == 1 && _setJump != null) { _setJump(rule1, key); rule1.Chain = ruleSet.Chains.GetChainOrDefault(_chain, _table); } else { rule1.Chain = ruleSet.Chains.GetChainOrDefault(chainName, _table); } //Console.WriteLine(rule1.GetActionCommandParamters()); _setPort(rule1, new List <PortOrRange>(ranges)); ruleSet.AddRule(rule1); ruleIdx++; }; List <PortOrRange> ports = rules.Select(rule => _extractPort(rule)).ToList(); PortRangeHelpers.SortRangeFirstLowHigh(ports); ports = PortRangeHelpers.CompressRanges(ports); ruleCount = PortRangeHelpers.CountRequiredMultiports(ports); foreach (var e in ports) { if (!_ipset && (count == 14 && e.IsRange() || count == 15)) { buildRule(); count = 0; ranges.Clear(); } ranges.Add(e); if (e.IsRange()) { count += 2; } else { count++; } } if (ranges.Count != 0) { buildRule(); } if (ruleCount != 1 || ranges.Count != 1) { return(null); } return(rule1); }
public static void SourcePortSetter(IpTablesRule rule, List<PortOrRange> ranges) { var protocol = rule.GetModule<CoreModule>("core").Protocol; if (ranges.Count == 1 && !protocol.Null && !protocol.Not) { if (protocol.Value == "tcp") { var tcp = rule.GetModuleOrLoad<TcpModule>("tcp"); tcp.SourcePort = new ValueOrNot<PortOrRange>(ranges[0]); } else { var tcp = rule.GetModuleOrLoad<UdpModule>("udp"); tcp.SourcePort = new ValueOrNot<PortOrRange>(ranges[0]); } } else { var multiport = rule.GetModuleOrLoad<MultiportModule>("multiport"); multiport.SourcePorts = new ValueOrNot<IEnumerable<PortOrRange>>(ranges); } }
public static void SetComment(this IpTablesRule rule, String commentText) { var commentModule = rule.GetModuleOrLoad <CommentModule>("comment"); commentModule.CommentText = commentText; }
private void setSourceIp(IpTablesRule arg1, IPAddress arg2) { arg1.GetModuleOrLoad <CoreModule>("core").Source = new ValueOrNot <IpCidr>(new IpCidr(arg2, 32)); }
private void setter(IpTablesRule arg1, String arg2) { arg1.GetModuleOrLoad <CoreModule>("core").InInterface = new ValueOrNot <String>(arg2); }
private void setter(IpTablesRule arg1, IPAddress arg2) { arg1.GetModuleOrLoad<CoreModule>("core").Source = new ValueOrNot<IpCidr>(new IpCidr(arg2)); }
private void setter(IpTablesRule arg1, String arg2) { arg1.GetModuleOrLoad<CoreModule>("core").InInterface = new ValueOrNot<String>(arg2); }