public bool ConfigSNAT(string dev_IP, string EthName, string devIP, string EthIP, bool add_delete)
{
this.devform.setDev_IP(dev_IP);
if (devform.getDev_IP() == "0.0.0.0")
{
return(false);
}
string flag = ""; string configEth_bridge = ""; string configInfo = ""; string configEth_IP = ""; string sql_rule = "";
string rule = "iptables -t nat -A POSTROUTING -s " + devIP + " -o br0 -j SNAT --to-source " + dev_IP;
if (add_delete)
{
flag = "NAT1";
configEth_bridge = "brctl delif br0 " + EthName;//先将网口从网桥上删除
configEth_IP = "ifconfig " + EthName + " " + EthIP + " netmask 255.255.255.0" + " up";
configInfo = flag + configEth_bridge + " && " + configEth_IP + " && " + rule;
sql_rule = "INSERT INTO snat VALUES('" + StaticGlobal.firewallmac + "', '" + devIP + "', '" + EthName + "', '" + EthIP + "', '" + StaticGlobal.FwMACandIP[StaticGlobal.firewallmac] + "'); ";
}
else if (!add_delete)
{
flag = "NAT0";
configEth_bridge = "brctl addif br0 " + EthName;
configEth_IP = "ifconfig " + EthName + " " + "0.0.0.0 up";
configInfo = flag + configEth_IP + " && " + configEth_bridge + " && " + rule;
sql_rule = "DELETE FROM snat WHERE fwmac= '" + StaticGlobal.firewallmac + "' and origin_devIP='" + devIP + "'"
+ " and EthName= '" + EthName + "' and NATIP='" + EthIP + "' and EthIP='" + StaticGlobal.FwMACandIP[StaticGlobal.firewallmac] + "');";
}
NATdb_operate.dboperate(sql_rule);
SendInfo sendcmd = new SendInfo(devform);
return(sendcmd.SendConfigInfo(configInfo));
}
public bool ChangeWhiteLists(string dev_IP, string dst_IP, string src_IP, string dst_port, string src_port, bool log_record, bool add_delete)
{
this.devform.setDev_IP(dev_IP);
WhiteLists lists = new WhiteLists();
lists.setIPAndPort(dst_IP, src_IP, dst_port, src_port);
string flag = null; string sql_rule = "";
string whiteList_from_client_to_server0 = "iptables -A FORWARD -p tcp -s " + lists.getsrc_IP() + " -d " + lists.getdst_IP() + " --sport " + lists.getsrc_port()
+ " --dport " + lists.getdst_port() + " -j ACCEPT ";
// string whiteList_from_client_to_server1 = "iptables -A FORWARD -p tcp -d" + wl.getSrc_IP() + "--sport" + wl.getPort();
if (add_delete)
{
flag = "DPI1";
sql_rule = "INSERT INTO whl values " + "('" + StaticGlobal.firewallmac + "','" + dst_IP + "','" + src_IP + "','" + dst_port + "','" + src_port + "','" + log_record + "')";
}
else
{
flag = "DPI0";
sql_rule = "DELETE FROM whl where (fwmac='" + StaticGlobal.firewallmac + "' and dst_IP='" + dst_IP + "' and src_IP='" + src_IP + "' and dst_port='" + dst_port + "' and src_port='" + src_port + "')";
}
string changewl = flag + whiteList_from_client_to_server0;
LISTdb_operate.dboperate(sql_rule);
SendInfo sendcmd = new SendInfo(devform);
return(sendcmd.SendConfigInfo(changewl));
}
public bool ConfigModbusTcpRules(ModbusTcpRulesForm mtrf, bool log_flag, bool add_delete)
{
// RulesDataProcess.ModbusTcpRulesDataProcess(mtrf);
String dpi_pro = "modbusTcp";
string flag = null; string dpi_rules_from_master_to_slave0 = null; string sql_rule = null;;
if (mtrf.getSrc_IP() == "any" & mtrf.getDst_IP() == "any")
{
dpi_rules_from_master_to_slave0 = "iptables" + " -A" + " " + "FORWARD" + " " + "-p tcp" + " " + "--dport" + " " + "502" + " " + "-m" + " " + dpi_pro + " " + "--data-addr" + " " + mtrf.getMin_addr() + ":" + mtrf.getMax_addr() + " " + "--modbus-func " + mtrf.getfunc() + " " + "--modbus-data " + mtrf.getMin_data() + ":" + mtrf.getMax_data() + " -j" + " " + "DROP";
}
else if (mtrf.getSrc_IP() == "any" & mtrf.getDst_IP() != "any")
{
dpi_rules_from_master_to_slave0 = "iptables" + " -A" + " " + "FORWARD" + " " + "-p tcp" + " " + "--dport" + " " + "502" + " " + "-d" + " " + mtrf.getDst_IP() + " " + "-m" + " " + dpi_pro + " " + "--data-addr" + " " + mtrf.getMin_addr() + ":" + mtrf.getMax_addr() + " " + "--modbus-func " + mtrf.getfunc() + " " + "--modbus-data " + mtrf.getMin_data() + ":" + mtrf.getMax_data() + " -j" + " " + "DROP";
}
else if (mtrf.getSrc_IP() != "any" & mtrf.getDst_IP() == "any")
{
dpi_rules_from_master_to_slave0 = "iptables" + " -A" + " " + "FORWARD" + " " + "-p tcp" + " " + "--dport" + " " + "502" + " " + "-s " + mtrf.getSrc_IP() + " " + "-m" + " " + dpi_pro + " " + "--data-addr" + " " + mtrf.getMin_addr() + ":" + mtrf.getMax_addr() + " " + "--modbus-func " + mtrf.getfunc() + " " + "--modbus-data " + mtrf.getMin_data() + ":" + mtrf.getMax_data() + " -j" + " " + "DROP";
}
else
{
dpi_rules_from_master_to_slave0 = "iptables" + " -A" + " " + "FORWARD" + " " + "-p tcp" + " " + "--dport" + " " + "502" + " " + "-s " + mtrf.getSrc_IP() + " " + "-d" + " " + mtrf.getDst_IP() + " " + "-m" + " " + dpi_pro + " " + "--data-addr" + " " + mtrf.getMin_addr() + ":" + mtrf.getMax_addr() + " " + "--modbus-func " + mtrf.getfunc() + " " + "--modbus-data " + mtrf.getMin_data() + ":" + mtrf.getMax_data() + " -j" + " " + " DROP";
}
//string dpi_rules_from_master_to_slave1 = "iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT";
string dpi_rules_from_master_to_slave_log = "iptables" + " -A" + " " + "FORWARD" + " " + "-p tcp" + " " + "--dport" + " " + "502" + " " + "-s " + mtrf.getSrc_IP() + " " + "-d" + " " + mtrf.getDst_IP() + " " + "-m" + " " + dpi_pro + " " + "--data-addr" + " " + mtrf.getMin_addr() + ":" + mtrf.getMax_addr() + " " + "--modbus-func " + mtrf.getfunc() + " " + "--modbus-data " + mtrf.getMin_data() + ":" + mtrf.getMax_data() + " -j" + " " + "LOG" + " " + "--log-prefix " + "\"" + "DROP&modbusTCP&data_illegal " + "\"";
if (add_delete == true)
{
flag = "DPI1";
sql_rule = "insert into modbustcp values ('" + StaticGlobal.firewallmac + "','" + dpi_pro + "','" + mtrf.getSrc_IP() + "','" + mtrf.getDst_IP() + "','"
+ mtrf.getMin_addr() + "','" + mtrf.getMax_addr() + "','" + mtrf.getMin_data() + "','" + mtrf.getMax_data() + "','" + mtrf.getfunc() + "','" + log_flag + "');";
}
else if (add_delete == false)
{
flag = "DPI0";
sql_rule = "delete from modbustcp where fw_mac= '" + StaticGlobal.firewallmac + "' and protocol = '" + dpi_pro + "' and source = '"
+ mtrf.getSrc_IP() + "' and destination = '" + mtrf.getDst_IP() + "' and coiladdressstart = '" + mtrf.getMin_addr() + "' and coiladdressstart = '"
+ mtrf.getMax_addr() + "'and minspeed ='" + mtrf.getMin_data() + "' and maxspeed ='" + mtrf.getMax_addr() + "' and functioncode = '" + mtrf.getfunc() + "' and log = '" + log_flag + "';";
}
string rule = flag + dpi_rules_from_master_to_slave_log + " && " + dpi_rules_from_master_to_slave0;
DPIdb_operate.dboperate(sql_rule);
SendInfo sendcmd = new SendInfo(devform);
return(sendcmd.SendConfigInfo(rule));
}
private void SaveConfig_click(object sender, RoutedEventArgs e)
{
string updateSql = "update fwproperty set 名称='" + FWname.Text + "',防火墙IP='" + FWIP.Text + "',防火墙描述='" + textBox.Text +
"' where 防火墙ID='" + StaticGlobal.firewallmac + "';";
db.dboperate(updateSql);
DB_DataGridbinding pro = new DB_DataGridbinding();
pro.PropertyBind();
}
public bool AddCNCRules(string devIP, bool log_flag, int connlimit, string srcIP, string dstIP, string sport, string dport)
{
this.devform.setDev_IP(devIP);
if (devform.getDev_IP() == "0.0.0.0")
{
return(false);
}
string rule1 = "iptables -A FORWARD -p tcp --syn";
if (srcIP != "")
{
rule1 = rule1 + " -s " + srcIP;
}
if (sport != "")
{
rule1 = rule1 + " --sport " + sport;
}
if (dstIP != "")
{
rule1 = rule1 + " -d " + dstIP;
}
if (dport != "")
{
rule1 = rule1 + " --dport " + dport;
}
rule1 = rule1 + " -m connlimit --connlimit-above " + Convert.ToString(connlimit);
string rule = "CNC1" + rule1 + " -j DROP";
if (log_flag)
{
rule = rule + " && " + rule1 + " -j LOG";
}
string sql_str = "INSERT INTO cnc VALUES " + "('" + StaticGlobal.firewallmac + "'," + log_flag.ToString() + ",'" + connlimit.ToString() + "','" + srcIP + "','" + dstIP + "','" + sport + "','" + dport + "')";
db_operate.dboperate(sql_str);
SendInfo sendcmd = new SendInfo(devform);
return(sendcmd.SendConfigInfo(rule));
}
public bool AddSTDRules(string devIP, bool log_flag, string protocol, string srcIP, string dstIP, string sport, string dport)
{
this.devform.setDev_IP(devIP);
if (devform.getDev_IP() == "0.0.0.0")
{
return(false);
}
string rule1 = "iptables -A FORWARD -p " + protocol;
if (srcIP != "")
{
rule1 = rule1 + " -s " + srcIP;
}
if (sport != "")
{
rule1 = rule1 + " --sport " + sport;
}
if (dstIP != "")
{
rule1 = rule1 + " -d " + dstIP;
}
if (dport != "")
{
rule1 = rule1 + " --dport " + dport;
}
string rule = "STD1" + rule1 + " -m state --state NEW -j ACCEPT";
if (log_flag)
{
rule = rule + " && " + rule1 + " -m state --state NEW -j LOG";
}
string sql_str = "INSERT INTO STD VALUES " + "('" + StaticGlobal.firewallmac + "'," + log_flag.ToString() + ",'" + protocol + "','" + srcIP + "','" + dstIP + "','" + sport + "','" + dport + "')";
db_operate.dboperate(sql_str);
SendInfo sendcmd = new SendInfo(devform);
return(sendcmd.SendConfigInfo(rule));
}
public bool DefaultRouteConfig(string devIP, bool add_del_flag, string Iface, string gateway)
{
this.devform.setDev_IP(devIP);
if (devform.getDev_IP() == "0.0.0.0")
{
return(false);
}
string rule;
string sql_str;
if (add_del_flag)
{
rule = "PRT1route add default ";
sql_str = "INSERT INTO prt VALUES " + "('" + StaticGlobal.firewallmac + "'," + "'默认路由','" + "" + "','" + "" + "','" + "" + "','" + Iface + "','" + "" + "','" + gateway + "')";
}
else
{
rule = "PRT0route del default ";
sql_str = "DELETE FROM prt WHERE (fwmac='" + StaticGlobal.firewallmac + "' and route_type='默认路由'" + " and Iface='" + Iface + "' and gateway='" + gateway + "')";
}
if (Iface != "")
{
rule = rule + " dev " + Iface;
}
if (gateway != "")
{
rule = rule + " gw " + gateway;
}
db_operate.dboperate(sql_str);
SendInfo sendcmd = new SendInfo(devform);
return(sendcmd.SendConfigInfo(rule));
}
public bool ApplicationProtocolControl(string devIP, string protocol, bool pro_status)
{
this.devform.setDev_IP(devIP);
if (devform.getDev_IP() == "0.0.0.0")
{
return(false);
}
string port = protocol_port[protocol];
string rule1 = "iptables -A INPUT -p tcp --dport " + port + " -j ACCEPT && " +
"iptables -A OUTPUT -p tcp --dport " + port + " -j ACCEPT && " +
"iptables -A FORWARD -p tcp --sport " + port + " -j ACCEPT && " +
"iptables -A FORWARD -p tcp --dport " + port + " -j ACCEPT";
string rule2 = "iptables -A INPUT -p tcp --dport " + port + " -j DROP && " +
"iptables -A OUTPUT -p tcp --dport " + port + " -j DROP && " +
"iptables -A FORWARD -p tcp --sport " + port + " -j DROP && " +
"iptables -A FORWARD -p tcp --dport " + port + " -j DROP";
string rule;
string sql_str;
if (pro_status)
{
rule = "APC2" + rule1 + "#" + protocol;
sql_str = "update apc set status='allow' where protocol='" + protocol + "'";
}
else
{
rule = "APC2" + rule2 + "#" + protocol;
sql_str = "update apc set status='forbid' where protocol='" + protocol + "'";
}
db_operate.dboperate(sql_str);
SendInfo sendcmd = new SendInfo(devform);
return(sendcmd.SendConfigInfo(rule));
}
//扫描线程
private void Scaning()
{
Dispatcher.Invoke(new Action(() =>
{
Scanbutton.IsEnabled = false;
LayoutRoot.Visibility = Visibility.Visible;
ScanlistBox.Items.Clear();
//treeView.Items.Clear();
}));
StaticGlobal.FireWalldevices.Clear();
StaticGlobal.FwMACandIP.Clear();
StaticGlobal.fwdev_list.Clear();
string inserttext = "";
IDevicesCheck devConfirm = new DevicesCheck();
StaticGlobal.fwdev_list = devConfirm.CheckDevices(scanstarttext, scanendtext);
string propertySql = "";
for (int i = 0; i < StaticGlobal.fwdev_list.Count(); i++)
{
for (int j = 0; j < StaticGlobal.fwdev_list[i].getProtecDev_list().Count(); j++)
{
string fw_ip = StaticGlobal.fwdev_list[i].getDev_IP();
string fw_mac = StaticGlobal.fwdev_list[i].getDev_MAC();
string dev_ip = StaticGlobal.fwdev_list[i].getProtecDev_list()[j].getDev_IP();
string dev_mac = StaticGlobal.fwdev_list[i].getProtecDev_list()[j].getDev_MAC();
string dev_type = StaticGlobal.fwdev_list[i].getProtecDev_list()[j].getDev_type();
inserttext += "INSERT INTO firewallip VALUES ('" + fw_ip + "','" + fw_mac + "','" + dev_ip + "','" + dev_mac + "','" + dev_type + "');";
propertySql += "INSERT INTO fwproperty values('" + fw_mac + "','" + fw_mac + "','" + fw_ip + "',NULL);";
}
}
string propertySql1 = "truncate table fwproperty;" + propertySql;
db.dboperate(propertySql1);
MySqlConnection conn = new MySqlConnection(StaticGlobal.ConnectionString);
conn.Open();
string sqltext = "truncate table firewallip;" + inserttext + "select fw_ip,fw_mac,dev_ip,dev_mac,dev_type from firewallip order by 1;";
MySqlCommand cm = new MySqlCommand(sqltext, conn);
MySqlDataReader dr = cm.ExecuteReader();
List <string> firewallmac = new List <string>();
int index = 0;
//绑定
while (dr.Read())
{
if (!firewallmac.Contains(dr[1]))
{
firewallmac.Add(dr[1].ToString());
StaticGlobal.FwMACandIP.Add(dr[1].ToString(), dr[0].ToString());
Dispatcher.Invoke(new Action(() =>
{
ListBoxItem item1 = new ListBoxItem();
item1.Content = scanstarttext + "-" + scanendtext;
item1.Style = this.FindResource("SimpleListBoxItemIPScanRange") as Style;
ScanlistBox.Items.Add(item1);
ListBoxItem item = new ListBoxItem();
item.Content = "防火墙 MAC: " + dr[1];
item.Style = this.FindResource("SimpleListBoxItemFireWall") as Style;
ScanlistBox.Items.Add(item);
ListBoxItem item2 = new ListBoxItem();
item2.Content = dr[4] + " IP: " + dr[2];
item2.Style = this.FindResource("SimpleListBoxItemPLC") as Style;
ScanlistBox.Items.Add(item2);
}));
FireWallDevices firewalldevices = new FireWallDevices(index, dr[0].ToString(), dr[1].ToString());
StaticGlobal.FireWalldevices.Add(firewalldevices);
index++;
}
else
{
Dispatcher.Invoke(new Action(() =>
{
ListBoxItem item1 = new ListBoxItem();
item1.Content = scanstarttext + "-" + scanendtext;
item1.Style = this.FindResource("SimpleListBoxItemIPScanRange") as Style;
ScanlistBox.Items.Add(item1);
ListBoxItem item = new ListBoxItem();
item.Content = dr[4] + " IP: " + dr[2];
item.Style = this.FindResource("SimpleListBoxItemPLC") as Style;
ScanlistBox.Items.Add(item);
}));
}
}
index = 0;
dr.Close();
conn.Close();
Thread.Sleep(500);
Dispatcher.Invoke(new Action(() =>
{
Scanbutton.IsEnabled = true;
LayoutRoot.Visibility = Visibility.Collapsed;
}));
ScanThread.Abort();
}