public bool ConfigSNAT(string dev_IP, string EthName, string devIP, string EthIP, bool add_delete)
{
this.devform.setDev_IP(dev_IP);
if (devform.getDev_IP() == "0.0.0.0")
{
return(false);
}
string flag = ""; string configEth_bridge = ""; string configInfo = ""; string configEth_IP = ""; string sql_rule = "";
string rule = "iptables -t nat -A POSTROUTING -s " + devIP + " -o br0 -j SNAT --to-source " + dev_IP;
if (add_delete)
{
flag = "NAT1";
configEth_bridge = "brctl delif br0 " + EthName;//先将网口从网桥上删除
configEth_IP = "ifconfig " + EthName + " " + EthIP + " netmask 255.255.255.0" + " up";
configInfo = flag + configEth_bridge + " && " + configEth_IP + " && " + rule;
sql_rule = "INSERT INTO snat VALUES('" + StaticGlobal.firewallmac + "', '" + devIP + "', '" + EthName + "', '" + EthIP + "', '" + StaticGlobal.FwMACandIP[StaticGlobal.firewallmac] + "'); ";
}
else if (!add_delete)
{
flag = "NAT0";
configEth_bridge = "brctl addif br0 " + EthName;
configEth_IP = "ifconfig " + EthName + " " + "0.0.0.0 up";
configInfo = flag + configEth_IP + " && " + configEth_bridge + " && " + rule;
sql_rule = "DELETE FROM snat WHERE fwmac= '" + StaticGlobal.firewallmac + "' and origin_devIP='" + devIP + "'"
+ " and EthName= '" + EthName + "' and NATIP='" + EthIP + "' and EthIP='" + StaticGlobal.FwMACandIP[StaticGlobal.firewallmac] + "');";
}
NATdb_operate.dboperate(sql_rule);
SendInfo sendcmd = new SendInfo(devform);
return(sendcmd.SendConfigInfo(configInfo));
}
public bool ConfigOPCRules(OPCRulesForm orf, bool log_flag, bool add_delete)
{
string flag = null; string sql_rule = null;
String opc_rules_from_client_to_server0 = "iptables -A FORWARD -p tcp -s " + orf.getSrc_IP() + " -d " + orf.getDst_IP() + " --dport 135 -m state --state ESTABLISHED -j NFQUEUE --queue-num 1";
String opc_rules_from_client_to_server1 = "iptables -A FORWARD -p tcp -s " + orf.getDst_IP() + " -d " + orf.getSrc_IP();
String opc_rules_from_client_to_server_log = "iptables -A FORWARD -p tcp -s " + orf.getSrc_IP() + " -d " + orf.getDst_IP() + " --dport 135 -m state --state ESTABLISHED -j LOG --log-prefix " + "\"" + "ACCEPT&OPC&ESTABLISHED " + "\"";
//String opc_rules_from_server_to_client = "iptables -A FORWARD -p tcp -s " + orf.getDst_IP() + " -d " + orf.getSrc_IP() + " --sport 135 -m state --state ESTABLISHED -j NFQUEUE --queue-num 1";
if (add_delete == true)
{
flag = "DPI1";
sql_rule = "INSERT INTO OPC values " + "(" + devform.getDev_IP() + "','" + orf.getDst_IP() + "','" + orf.getSrc_IP() + "','ACCEPT','" + log_flag + "')";
}
else if (add_delete == false)
{
flag = "DPI0";
sql_rule = "DELETE FROM OPC where (dev_IP='" + devform.getDev_IP() + "' and dst_IP='" + orf.getDst_IP() + "' and src_IP='" + orf.getSrc_IP() + "' and method='ACCEPT')";
}
string rule = flag + opc_rules_from_client_to_server_log + " && " + opc_rules_from_client_to_server0 + " && " + opc_rules_from_client_to_server1;
DPIdb_operate.dboperate(sql_rule);
SendInfo sendcmd = new SendInfo(devform);
return(sendcmd.SendConfigInfo(rule));
}
bool INoIPConfig.NoipConfig(FWDeviceForm fw_dev)
{
string cmd = "ifconfig br0 down && ifconfig br0 0.0.0.0 up";
fw_dev.setDev_port(22222);
/*
*本身就无IP的防火墙不能配置为无IP模式
*/
if (fw_dev.getDev_IP() == "0.0.0.0")
{
return(false);
}
SendInfo sendcmd = new SendInfo(fw_dev);
if (sendcmd.SendConfigInfo(cmd))
{
fw_dev.setDev_IP("0.0.0.0");
return(true);
}
else
{
return(false);
}
}
public bool ConfigDNP3Rules(DNP3RulesForm dnp3rf, bool log_flag, bool add_delete)
{
string flag = null; string sql_rule = null;
String dnp3_rules_from_client_to_server_new = "iptables -A FORWARD -p tcp -s " + dnp3rf.getSrc_IP() + " -d " + dnp3rf.getDst_IP() + " --dport 20000 -m state --state NEW -j ACCEPT";
// String dnp3_rules_from_server_to_client_new = "iptables -A FORWARD -p tcp -s " + dnp3rf.getDst_IP() + " -d " + dnp3rf.getSrc_IP() + " --sport 20000 -m state --state NEW -j ACCEPT";
String dnp3_rules_from_client_to_server_established = "iptables -A FORWARD -p tcp -s " + dnp3rf.getSrc_IP() + " -d " + dnp3rf.getDst_IP() + " --dport 20000 -m state --state ESTABLISHED -j ACCEPT";
String dnp3_rules_from_client_to_server_back = "iptables -A FORWARD -p tcp -d " + dnp3rf.getSrc_IP() + " -s " + dnp3rf.getDst_IP();
string dnp3_rules_from_client_to_server_log = "iptables -A FORWARD -p tcp -s " + dnp3rf.getSrc_IP() + " -d " + dnp3rf.getDst_IP() + " --dport 20000 -m state --state ESTABLISHED -j LOG --log-prefix " + "\"" + "ACCEPT&DNP3&ESTABLISHED " + "\"";
// String dnp3_rules_from_server_to_client_established = "iptables -A FORWARD -p tcp -s " + dnp3rf.getDst_IP() + " -d " + dnp3rf.getSrc_IP() + " --sport 20000 -m state --state ESTABLISHED -j ACCEPT";
if (add_delete == true)
{
flag = "DPI1";
sql_rule = "INSERT INTO DNP3 values " + "(NULL,'" + devform.getDev_IP() + "','" + dnp3rf.getDst_IP() + "','" + dnp3rf.getSrc_IP() + "','ACCEPT','" + log_flag + "')";
}
else if (add_delete == false)
{
flag = "DPI0";
sql_rule = "DELETE FROM DNP3 where (dev_IP='" + devform.getDev_IP() + "' and dst_IP='" + dnp3rf.getDst_IP() + "' and src_IP='" + dnp3rf.getSrc_IP() + "' and method='ACCEPT')";
}
string rule = flag + dnp3_rules_from_client_to_server_log + " && " + dnp3_rules_from_client_to_server_new + " && " + dnp3_rules_from_client_to_server_established;
DPIdb_operate.dboperate(sql_rule);
SendInfo sendcmd = new SendInfo(devform);
return(sendcmd.SendConfigInfo(rule));
}
public int ScanDevice(string start_IP, string end_IP)
{
string[] sArray_startIP = start_IP.Split('.');
string[] sArray_endIP = end_IP.Split('.');
string unchange_part = sArray_startIP[0] + "." + sArray_startIP[1] + "." + sArray_startIP[2] + ".";
int start = Int32.Parse(sArray_startIP[3]);
int end = Int32.Parse(sArray_endIP[3]);
int IP_num = end - start;
List <string> dev_IP_list = new List <string>();
for (int count = 0; count + start <= end; count++)
{
dev_IP_list.Add(unchange_part + Convert.ToString(count + start));
}
foreach (string dev_IP in dev_IP_list)
{
#if debug
Console.WriteLine(dev_IP);
#endif
DeviceForm devform = new DeviceForm(dev_IP, 33333);
SendInfo sendcheckInfo = new SendInfo(devform);
sendcheckInfo.SendCheckInfo();
}
return(IP_num);
}
public bool ChangeWhiteLists(string dev_IP, string dst_IP, string src_IP, string dst_port, string src_port, bool log_record, bool add_delete)
{
this.devform.setDev_IP(dev_IP);
WhiteLists lists = new WhiteLists();
lists.setIPAndPort(dst_IP, src_IP, dst_port, src_port);
string flag = null; string sql_rule = "";
string whiteList_from_client_to_server0 = "iptables -A FORWARD -p tcp -s " + lists.getsrc_IP() + " -d " + lists.getdst_IP() + " --sport " + lists.getsrc_port()
+ " --dport " + lists.getdst_port() + " -j ACCEPT ";
// string whiteList_from_client_to_server1 = "iptables -A FORWARD -p tcp -d" + wl.getSrc_IP() + "--sport" + wl.getPort();
if (add_delete)
{
flag = "DPI1";
sql_rule = "INSERT INTO whl values " + "('" + StaticGlobal.firewallmac + "','" + dst_IP + "','" + src_IP + "','" + dst_port + "','" + src_port + "','" + log_record + "')";
}
else
{
flag = "DPI0";
sql_rule = "DELETE FROM whl where (fwmac='" + StaticGlobal.firewallmac + "' and dst_IP='" + dst_IP + "' and src_IP='" + src_IP + "' and dst_port='" + dst_port + "' and src_port='" + src_port + "')";
}
string changewl = flag + whiteList_from_client_to_server0;
LISTdb_operate.dboperate(sql_rule);
SendInfo sendcmd = new SendInfo(devform);
return(sendcmd.SendConfigInfo(changewl));
}
public bool ClearAllRules()
{
string rule = "iptables -P FORWARD ACCEPT && iptables -F && iptables -X && iptables -Z && iptables-restore</etc/iptables.up.rules";
SendInfo sendcmd = new SendInfo(devform);
return(sendcmd.SendConfigInfo(rule));
//sendcmd.SendConfigInfo("kill 'ps -e | grep snort | awk '{print $1}' |head -1"+"!");
}
public bool ClearNATRules(string dev_IP)
{
this.devform.setDev_IP(dev_IP);
if (devform.getDev_IP() == "0.0.0.0")
{
return(false);
}
string rule = "iptables -t nat -F";
SendInfo sendcmd = new SendInfo(devform);
return(sendcmd.SendConfigInfo(rule));
}
public bool ConfigDNAT(string dev_IP, string Original_DIP, string Original_dport, string Map_IP, string Map_port, bool add_delete)
{
this.devform.setDev_IP(dev_IP);
if (devform.getDev_IP() == "0.0.0.0")
{
return(false);
}
string flag = ""; string pre_rule = "";//string post_rule = "";
string sql_rule = "";
if (Original_dport != "any" & Map_port != "any")
{
pre_rule = "iptables -t nat -A PREROUTING -d" + " " + Original_DIP + " " + "-p tcp --dport " + Original_dport
+ " -j DNAT --to-destination " + Map_IP + ":" + Map_port;
//post_rule = "iptables -t nat -A POSTROUTING -d"+" "+Map_IP+" "+"-p tcp --dport "+Map_port
// +" -j SNAT --to "+Original_DIP+":"+Original_dport;
}
if (Original_dport != "any" & Map_port == "any")
{
pre_rule = "iptables -t nat -A PREROUTING -d" + " " + Original_DIP + " " + "-p tcp --dport " + Original_dport
+ " -j DNAT --to-destination " + Map_IP;
}
if (Original_dport == "any" & Map_port != "any")
{
pre_rule = "iptables -t nat -A PREROUTING -d" + " " + Original_DIP + " " + "-p tcp " + " -j DNAT --to-destination " + Map_IP + ":" + Map_port;
}
if (Original_dport == "any" & Map_port == "any")
{
pre_rule = "iptables -t nat -A PREROUTING -d" + " " + Original_DIP + " " + "-p tcp " + " -j DNAT --to-destination " + Map_IP;
}
if (add_delete)
{
flag = "NAT1";
sql_rule = "INSERT INTO dnat VALUES ('" + StaticGlobal.firewallmac + "','" + Original_DIP + "','" + Original_dport + "','" + Map_IP + "','" + Map_port + "');";
}
else if (!add_delete)
{
flag = "NAT0";
sql_rule = "DELETE FROM dnat WHERE fwmac= '" + StaticGlobal.firewallmac + "' and origin_dstIP='" + Original_DIP + "'"
+ " and origin_dport= '" + Original_dport + "' and map_IP='" + Map_IP + "' and map_port='" + Map_port + "');";
}
string configrule = flag + pre_rule;
SendInfo sendcmd = new SendInfo(devform);
NATdb_operate.dboperate(sql_rule);
return(sendcmd.SendConfigInfo(configrule));
}
public bool ConfigModbusTcpRules(ModbusTcpRulesForm mtrf, bool log_flag, bool add_delete)
{
// RulesDataProcess.ModbusTcpRulesDataProcess(mtrf);
String dpi_pro = "modbusTcp";
string flag = null; string dpi_rules_from_master_to_slave0 = null; string sql_rule = null;;
if (mtrf.getSrc_IP() == "any" & mtrf.getDst_IP() == "any")
{
dpi_rules_from_master_to_slave0 = "iptables" + " -A" + " " + "FORWARD" + " " + "-p tcp" + " " + "--dport" + " " + "502" + " " + "-m" + " " + dpi_pro + " " + "--data-addr" + " " + mtrf.getMin_addr() + ":" + mtrf.getMax_addr() + " " + "--modbus-func " + mtrf.getfunc() + " " + "--modbus-data " + mtrf.getMin_data() + ":" + mtrf.getMax_data() + " -j" + " " + "DROP";
}
else if (mtrf.getSrc_IP() == "any" & mtrf.getDst_IP() != "any")
{
dpi_rules_from_master_to_slave0 = "iptables" + " -A" + " " + "FORWARD" + " " + "-p tcp" + " " + "--dport" + " " + "502" + " " + "-d" + " " + mtrf.getDst_IP() + " " + "-m" + " " + dpi_pro + " " + "--data-addr" + " " + mtrf.getMin_addr() + ":" + mtrf.getMax_addr() + " " + "--modbus-func " + mtrf.getfunc() + " " + "--modbus-data " + mtrf.getMin_data() + ":" + mtrf.getMax_data() + " -j" + " " + "DROP";
}
else if (mtrf.getSrc_IP() != "any" & mtrf.getDst_IP() == "any")
{
dpi_rules_from_master_to_slave0 = "iptables" + " -A" + " " + "FORWARD" + " " + "-p tcp" + " " + "--dport" + " " + "502" + " " + "-s " + mtrf.getSrc_IP() + " " + "-m" + " " + dpi_pro + " " + "--data-addr" + " " + mtrf.getMin_addr() + ":" + mtrf.getMax_addr() + " " + "--modbus-func " + mtrf.getfunc() + " " + "--modbus-data " + mtrf.getMin_data() + ":" + mtrf.getMax_data() + " -j" + " " + "DROP";
}
else
{
dpi_rules_from_master_to_slave0 = "iptables" + " -A" + " " + "FORWARD" + " " + "-p tcp" + " " + "--dport" + " " + "502" + " " + "-s " + mtrf.getSrc_IP() + " " + "-d" + " " + mtrf.getDst_IP() + " " + "-m" + " " + dpi_pro + " " + "--data-addr" + " " + mtrf.getMin_addr() + ":" + mtrf.getMax_addr() + " " + "--modbus-func " + mtrf.getfunc() + " " + "--modbus-data " + mtrf.getMin_data() + ":" + mtrf.getMax_data() + " -j" + " " + " DROP";
}
//string dpi_rules_from_master_to_slave1 = "iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT";
string dpi_rules_from_master_to_slave_log = "iptables" + " -A" + " " + "FORWARD" + " " + "-p tcp" + " " + "--dport" + " " + "502" + " " + "-s " + mtrf.getSrc_IP() + " " + "-d" + " " + mtrf.getDst_IP() + " " + "-m" + " " + dpi_pro + " " + "--data-addr" + " " + mtrf.getMin_addr() + ":" + mtrf.getMax_addr() + " " + "--modbus-func " + mtrf.getfunc() + " " + "--modbus-data " + mtrf.getMin_data() + ":" + mtrf.getMax_data() + " -j" + " " + "LOG" + " " + "--log-prefix " + "\"" + "DROP&modbusTCP&data_illegal " + "\"";
if (add_delete == true)
{
flag = "DPI1";
sql_rule = "insert into modbustcp values ('" + StaticGlobal.firewallmac + "','" + dpi_pro + "','" + mtrf.getSrc_IP() + "','" + mtrf.getDst_IP() + "','"
+ mtrf.getMin_addr() + "','" + mtrf.getMax_addr() + "','" + mtrf.getMin_data() + "','" + mtrf.getMax_data() + "','" + mtrf.getfunc() + "','" + log_flag + "');";
}
else if (add_delete == false)
{
flag = "DPI0";
sql_rule = "delete from modbustcp where fw_mac= '" + StaticGlobal.firewallmac + "' and protocol = '" + dpi_pro + "' and source = '"
+ mtrf.getSrc_IP() + "' and destination = '" + mtrf.getDst_IP() + "' and coiladdressstart = '" + mtrf.getMin_addr() + "' and coiladdressstart = '"
+ mtrf.getMax_addr() + "'and minspeed ='" + mtrf.getMin_data() + "' and maxspeed ='" + mtrf.getMax_addr() + "' and functioncode = '" + mtrf.getfunc() + "' and log = '" + log_flag + "';";
}
string rule = flag + dpi_rules_from_master_to_slave_log + " && " + dpi_rules_from_master_to_slave0;
DPIdb_operate.dboperate(sql_rule);
SendInfo sendcmd = new SendInfo(devform);
return(sendcmd.SendConfigInfo(rule));
}
bool IResetIP.ResetIP(ProtecDeviceForm fw_dev, string BindIP)
{
string cmd = "ifconfig br0 down && ifconfig br0 " + BindIP + " up";
fw_dev.setDev_port(22222);
SendInfo sendResetcmd = new SendInfo(fw_dev);
if (sendResetcmd.SendConfigInfo(cmd))
{
fw_dev.setDev_IP(BindIP);
return(true);
}
else
{
return(false);
}
}
public bool DelCNCRules(string devIP, bool log_flag, int connlimit, string srcIP, string dstIP, string sport, string dport)
{
this.devform.setDev_IP(devIP);
if (devform.getDev_IP() == "0.0.0.0")
{
return(false);
}
string rule1 = "iptables -A FORWARD -p tcp --syn";
if (srcIP != "")
{
rule1 = rule1 + " -s " + srcIP;
}
if (sport != "")
{
rule1 = rule1 + " --sport " + sport;
}
if (dstIP != "")
{
rule1 = rule1 + " -d " + dstIP;
}
if (dport != "")
{
rule1 = rule1 + " --dport " + dport;
}
rule1 = rule1 + " -m connlimit --connlimit-above " + Convert.ToString(connlimit);
string rule = "CNC0" + rule1 + " -j DROP";
if (log_flag)
{
rule = rule + " && " + rule1 + " -j LOG";
}
string sql_str = "DELETE FROM cnc WHERE (fwmac='" + StaticGlobal.firewallmac + "' and connlimit=" + connlimit + " and srcIP='" + srcIP + "' and dstIP='" + dstIP + "' and sport='" + sport + "' and dport='" + dport + "')";
db_operate.dboperate(sql_str);
SendInfo sendcmd = new SendInfo(devform);
return(sendcmd.SendConfigInfo(rule));
}
public bool AddCNCRules(string devIP, bool log_flag, int connlimit, string srcIP, string dstIP, string sport, string dport)
{
this.devform.setDev_IP(devIP);
if (devform.getDev_IP() == "0.0.0.0")
{
return(false);
}
string rule1 = "iptables -A FORWARD -p tcp --syn";
if (srcIP != "")
{
rule1 = rule1 + " -s " + srcIP;
}
if (sport != "")
{
rule1 = rule1 + " --sport " + sport;
}
if (dstIP != "")
{
rule1 = rule1 + " -d " + dstIP;
}
if (dport != "")
{
rule1 = rule1 + " --dport " + dport;
}
rule1 = rule1 + " -m connlimit --connlimit-above " + Convert.ToString(connlimit);
string rule = "CNC1" + rule1 + " -j DROP";
if (log_flag)
{
rule = rule + " && " + rule1 + " -j LOG";
}
string sql_str = "INSERT INTO cnc VALUES " + "('" + StaticGlobal.firewallmac + "'," + log_flag.ToString() + ",'" + connlimit.ToString() + "','" + srcIP + "','" + dstIP + "','" + sport + "','" + dport + "')";
db_operate.dboperate(sql_str);
SendInfo sendcmd = new SendInfo(devform);
return(sendcmd.SendConfigInfo(rule));
}
public bool AddSTDRules(string devIP, bool log_flag, string protocol, string srcIP, string dstIP, string sport, string dport)
{
this.devform.setDev_IP(devIP);
if (devform.getDev_IP() == "0.0.0.0")
{
return(false);
}
string rule1 = "iptables -A FORWARD -p " + protocol;
if (srcIP != "")
{
rule1 = rule1 + " -s " + srcIP;
}
if (sport != "")
{
rule1 = rule1 + " --sport " + sport;
}
if (dstIP != "")
{
rule1 = rule1 + " -d " + dstIP;
}
if (dport != "")
{
rule1 = rule1 + " --dport " + dport;
}
string rule = "STD1" + rule1 + " -m state --state NEW -j ACCEPT";
if (log_flag)
{
rule = rule + " && " + rule1 + " -m state --state NEW -j LOG";
}
string sql_str = "INSERT INTO STD VALUES " + "('" + StaticGlobal.firewallmac + "'," + log_flag.ToString() + ",'" + protocol + "','" + srcIP + "','" + dstIP + "','" + sport + "','" + dport + "')";
db_operate.dboperate(sql_str);
SendInfo sendcmd = new SendInfo(devform);
return(sendcmd.SendConfigInfo(rule));
}
public bool NetRouteConfig(string devIP, bool add_del_flag, string net, string netmask, string Iface, string gateway)
{
this.devform.setDev_IP(devIP);
if (devform.getDev_IP() == "0.0.0.0")
{
return(false);
}
string rule;
string sql_str;
if (add_del_flag)
{
rule = "PRT1route add -net " + net;
sql_str = "INSERT INTO prt VALUES " + "('" + StaticGlobal.firewallmac + "'," + "'网络路由','" + "" + "','" + net + "','" + netmask + "','" + Iface + "','" + "" + "','" + gateway + "')";
}
else
{
rule = "PRT0route del -net " + net;
sql_str = "DELETE FROM prt WHERE (fwmac='" + StaticGlobal.firewallmac + "' and route_type='网络路由'" + " and net='" + net + "' and netmask='" + netmask + "' and Iface='" + Iface + "' and gateway='" + gateway + "')";
}
if (netmask != "")
{
rule = rule + " netmask " + netmask;
}
if (Iface != "")
{
rule = rule + " dev " + Iface;
}
if (gateway != "")
{
rule = rule + " gw " + gateway;
}
db_operate.dboperate(sql_str);
SendInfo sendcmd = new SendInfo(devform);
return(sendcmd.SendConfigInfo(rule));
}
public bool DelSTDRules(string devIP, bool log_flag, string protocol, string srcIP, string dstIP, string sport, string dport)
{
this.devform.setDev_IP(devIP);
if (devform.getDev_IP() == "0.0.0.0")
{
return(false);
}
string rule1 = "iptables -A FORWARD -p " + protocol;
if (srcIP != "")
{
rule1 = rule1 + " -s " + srcIP;
}
if (sport != "")
{
rule1 = rule1 + " --sport " + sport;
}
if (dstIP != "")
{
rule1 = rule1 + " -d " + dstIP;
}
if (dport != "")
{
rule1 = rule1 + " --dport " + dport;
}
string rule = "STD0" + rule1 + " -m state --state NEW -j ACCEPT";
if (log_flag)
{
rule = rule + " && " + rule1 + " -m state --state NEW -j LOG";
}
string sql_str = "DELETE FROM STD WHERE (fwmac='" + StaticGlobal.firewallmac + "' and protocol='" + protocol + "' and srcIP='" + srcIP + "' and dstIP='" + dstIP + "' and sport='" + sport + "' and dport='" + dport + "')";
db_operate.dboperate(sql_str);
SendInfo sendcmd = new SendInfo(devform);
return(sendcmd.SendConfigInfo(rule));
}
public bool ApplicationProtocolControl(string devIP, string protocol, bool pro_status)
{
this.devform.setDev_IP(devIP);
if (devform.getDev_IP() == "0.0.0.0")
{
return(false);
}
string port = protocol_port[protocol];
string rule1 = "iptables -A INPUT -p tcp --dport " + port + " -j ACCEPT && " +
"iptables -A OUTPUT -p tcp --dport " + port + " -j ACCEPT && " +
"iptables -A FORWARD -p tcp --sport " + port + " -j ACCEPT && " +
"iptables -A FORWARD -p tcp --dport " + port + " -j ACCEPT";
string rule2 = "iptables -A INPUT -p tcp --dport " + port + " -j DROP && " +
"iptables -A OUTPUT -p tcp --dport " + port + " -j DROP && " +
"iptables -A FORWARD -p tcp --sport " + port + " -j DROP && " +
"iptables -A FORWARD -p tcp --dport " + port + " -j DROP";
string rule;
string sql_str;
if (pro_status)
{
rule = "APC2" + rule1 + "#" + protocol;
sql_str = "update apc set status='allow' where protocol='" + protocol + "'";
}
else
{
rule = "APC2" + rule2 + "#" + protocol;
sql_str = "update apc set status='forbid' where protocol='" + protocol + "'";
}
db_operate.dboperate(sql_str);
SendInfo sendcmd = new SendInfo(devform);
return(sendcmd.SendConfigInfo(rule));
}