public bool ConfigOPCRules(OPCRulesForm orf, bool log_flag, bool add_delete)
{
string flag = null; string sql_rule = null;
String opc_rules_from_client_to_server0 = "iptables -A FORWARD -p tcp -s " + orf.getSrc_IP() + " -d " + orf.getDst_IP() + " --dport 135 -m state --state ESTABLISHED -j NFQUEUE --queue-num 1";
String opc_rules_from_client_to_server1 = "iptables -A FORWARD -p tcp -s " + orf.getDst_IP() + " -d " + orf.getSrc_IP();
String opc_rules_from_client_to_server_log = "iptables -A FORWARD -p tcp -s " + orf.getSrc_IP() + " -d " + orf.getDst_IP() + " --dport 135 -m state --state ESTABLISHED -j LOG --log-prefix " + "\"" + "ACCEPT&OPC&ESTABLISHED " + "\"";
//String opc_rules_from_server_to_client = "iptables -A FORWARD -p tcp -s " + orf.getDst_IP() + " -d " + orf.getSrc_IP() + " --sport 135 -m state --state ESTABLISHED -j NFQUEUE --queue-num 1";
if (add_delete == true)
{
flag = "DPI1";
sql_rule = "INSERT INTO OPC values " + "(" + devform.getDev_IP() + "','" + orf.getDst_IP() + "','" + orf.getSrc_IP() + "','ACCEPT','" + log_flag + "')";
}
else if (add_delete == false)
{
flag = "DPI0";
sql_rule = "DELETE FROM OPC where (dev_IP='" + devform.getDev_IP() + "' and dst_IP='" + orf.getDst_IP() + "' and src_IP='" + orf.getSrc_IP() + "' and method='ACCEPT')";
}
string rule = flag + opc_rules_from_client_to_server_log + " && " + opc_rules_from_client_to_server0 + " && " + opc_rules_from_client_to_server1;
DPIdb_operate.dboperate(sql_rule);
SendInfo sendcmd = new SendInfo(devform);
return(sendcmd.SendConfigInfo(rule));
}
public bool ConfigSNAT(string dev_IP, string EthName, string devIP, string EthIP, bool add_delete)
{
this.devform.setDev_IP(dev_IP);
if (devform.getDev_IP() == "0.0.0.0")
{
return(false);
}
string flag = ""; string configEth_bridge = ""; string configInfo = ""; string configEth_IP = ""; string sql_rule = "";
string rule = "iptables -t nat -A POSTROUTING -s " + devIP + " -o br0 -j SNAT --to-source " + dev_IP;
if (add_delete)
{
flag = "NAT1";
configEth_bridge = "brctl delif br0 " + EthName;//先将网口从网桥上删除
configEth_IP = "ifconfig " + EthName + " " + EthIP + " netmask 255.255.255.0" + " up";
configInfo = flag + configEth_bridge + " && " + configEth_IP + " && " + rule;
sql_rule = "INSERT INTO snat VALUES('" + StaticGlobal.firewallmac + "', '" + devIP + "', '" + EthName + "', '" + EthIP + "', '" + StaticGlobal.FwMACandIP[StaticGlobal.firewallmac] + "'); ";
}
else if (!add_delete)
{
flag = "NAT0";
configEth_bridge = "brctl addif br0 " + EthName;
configEth_IP = "ifconfig " + EthName + " " + "0.0.0.0 up";
configInfo = flag + configEth_IP + " && " + configEth_bridge + " && " + rule;
sql_rule = "DELETE FROM snat WHERE fwmac= '" + StaticGlobal.firewallmac + "' and origin_devIP='" + devIP + "'"
+ " and EthName= '" + EthName + "' and NATIP='" + EthIP + "' and EthIP='" + StaticGlobal.FwMACandIP[StaticGlobal.firewallmac] + "');";
}
NATdb_operate.dboperate(sql_rule);
SendInfo sendcmd = new SendInfo(devform);
return(sendcmd.SendConfigInfo(configInfo));
}
public bool AddCNCRules(string devIP, bool log_flag, int connlimit, string srcIP, string dstIP, string sport, string dport)
{
this.devform.setDev_IP(devIP);
if (devform.getDev_IP() == "0.0.0.0")
{
return(false);
}
string rule1 = "iptables -A FORWARD -p tcp --syn";
if (srcIP != "")
{
rule1 = rule1 + " -s " + srcIP;
}
if (sport != "")
{
rule1 = rule1 + " --sport " + sport;
}
if (dstIP != "")
{
rule1 = rule1 + " -d " + dstIP;
}
if (dport != "")
{
rule1 = rule1 + " --dport " + dport;
}
rule1 = rule1 + " -m connlimit --connlimit-above " + Convert.ToString(connlimit);
string rule = "CNC1" + rule1 + " -j DROP";
if (log_flag)
{
rule = rule + " && " + rule1 + " -j LOG";
}
string sql_str = "INSERT INTO cnc VALUES " + "('" + StaticGlobal.firewallmac + "'," + log_flag.ToString() + ",'" + connlimit.ToString() + "','" + srcIP + "','" + dstIP + "','" + sport + "','" + dport + "')";
db_operate.dboperate(sql_str);
SendInfo sendcmd = new SendInfo(devform);
return(sendcmd.SendConfigInfo(rule));
}
public bool AddSTDRules(string devIP, bool log_flag, string protocol, string srcIP, string dstIP, string sport, string dport)
{
this.devform.setDev_IP(devIP);
if (devform.getDev_IP() == "0.0.0.0")
{
return(false);
}
string rule1 = "iptables -A FORWARD -p " + protocol;
if (srcIP != "")
{
rule1 = rule1 + " -s " + srcIP;
}
if (sport != "")
{
rule1 = rule1 + " --sport " + sport;
}
if (dstIP != "")
{
rule1 = rule1 + " -d " + dstIP;
}
if (dport != "")
{
rule1 = rule1 + " --dport " + dport;
}
string rule = "STD1" + rule1 + " -m state --state NEW -j ACCEPT";
if (log_flag)
{
rule = rule + " && " + rule1 + " -m state --state NEW -j LOG";
}
string sql_str = "INSERT INTO STD VALUES " + "('" + StaticGlobal.firewallmac + "'," + log_flag.ToString() + ",'" + protocol + "','" + srcIP + "','" + dstIP + "','" + sport + "','" + dport + "')";
db_operate.dboperate(sql_str);
SendInfo sendcmd = new SendInfo(devform);
return(sendcmd.SendConfigInfo(rule));
}
public bool DefaultRouteConfig(string devIP, bool add_del_flag, string Iface, string gateway)
{
this.devform.setDev_IP(devIP);
if (devform.getDev_IP() == "0.0.0.0")
{
return(false);
}
string rule;
string sql_str;
if (add_del_flag)
{
rule = "PRT1route add default ";
sql_str = "INSERT INTO prt VALUES " + "('" + StaticGlobal.firewallmac + "'," + "'默认路由','" + "" + "','" + "" + "','" + "" + "','" + Iface + "','" + "" + "','" + gateway + "')";
}
else
{
rule = "PRT0route del default ";
sql_str = "DELETE FROM prt WHERE (fwmac='" + StaticGlobal.firewallmac + "' and route_type='默认路由'" + " and Iface='" + Iface + "' and gateway='" + gateway + "')";
}
if (Iface != "")
{
rule = rule + " dev " + Iface;
}
if (gateway != "")
{
rule = rule + " gw " + gateway;
}
db_operate.dboperate(sql_str);
SendInfo sendcmd = new SendInfo(devform);
return(sendcmd.SendConfigInfo(rule));
}
public bool ApplicationProtocolControl(string devIP, string protocol, bool pro_status)
{
this.devform.setDev_IP(devIP);
if (devform.getDev_IP() == "0.0.0.0")
{
return(false);
}
string port = protocol_port[protocol];
string rule1 = "iptables -A INPUT -p tcp --dport " + port + " -j ACCEPT && " +
"iptables -A OUTPUT -p tcp --dport " + port + " -j ACCEPT && " +
"iptables -A FORWARD -p tcp --sport " + port + " -j ACCEPT && " +
"iptables -A FORWARD -p tcp --dport " + port + " -j ACCEPT";
string rule2 = "iptables -A INPUT -p tcp --dport " + port + " -j DROP && " +
"iptables -A OUTPUT -p tcp --dport " + port + " -j DROP && " +
"iptables -A FORWARD -p tcp --sport " + port + " -j DROP && " +
"iptables -A FORWARD -p tcp --dport " + port + " -j DROP";
string rule;
string sql_str;
if (pro_status)
{
rule = "APC2" + rule1 + "#" + protocol;
sql_str = "update apc set status='allow' where protocol='" + protocol + "'";
}
else
{
rule = "APC2" + rule2 + "#" + protocol;
sql_str = "update apc set status='forbid' where protocol='" + protocol + "'";
}
db_operate.dboperate(sql_str);
SendInfo sendcmd = new SendInfo(devform);
return(sendcmd.SendConfigInfo(rule));
}
/// <summary>
/// 发送配置信息
/// </summary>
/// <param name="cmd">需要配置的规则</param>
public bool SendConfigInfo(string cmd)
{
config_info_confirm = false;
byte[] head = { 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a }; //自定义数据包包头
byte[] body = Encoding.ASCII.GetBytes(cmd + "*");
byte[] data = head.Concat(body).ToArray();
ASCIIEncoding encoding = new ASCIIEncoding();
string yucon = encoding.GetString(data, 0, data.Length);
Console.WriteLine("{0}", yucon);
UdpClient client = null;
IPAddress remoteIP = IPAddress.Parse(devform.getDev_IP());
int remotePort = devform.getDev_port();
IPEndPoint remotePoint = new IPEndPoint(remoteIP, remotePort);
#if debug
Console.WriteLine("start sending:");
#endif
client = new UdpClient();
client.Send(data, data.Length, remotePoint);
/* 监听无IP配置是否成功返回消息 */
UdpClient listener = new UdpClient(30333);
listener.Client.ReceiveTimeout = 10000;
IPEndPoint groupEP = null;
//DateTime beforDT = System.DateTime.Now;
try
{
while (!config_info_confirm)
{
byte[] content = listener.Receive(ref groupEP);
string con = Encoding.Default.GetString(content);
if (con == "success")
{
config_info_confirm = true;
}
if (con == "fail")
{
config_info_confirm = false;
}
}
}
catch (Exception e)
{
Console.WriteLine(e.ToString());
config_info_confirm = false;
}
finally
{
listener.Close();
}
client.Close();
#if debug
Console.WriteLine("send successfully!");
#endif
return(config_info_confirm);
}
