public bool ChangeWhiteLists(string dev_IP, string dst_IP, string src_IP, string dst_port, string src_port, bool log_record, bool add_delete)
{
this.devform.setDev_IP(dev_IP);
WhiteLists lists = new WhiteLists();
lists.setIPAndPort(dst_IP, src_IP, dst_port, src_port);
string flag = null; string sql_rule = "";
string whiteList_from_client_to_server0 = "iptables -A FORWARD -p tcp -s " + lists.getsrc_IP() + " -d " + lists.getdst_IP() + " --sport " + lists.getsrc_port()
+ " --dport " + lists.getdst_port() + " -j ACCEPT ";
// string whiteList_from_client_to_server1 = "iptables -A FORWARD -p tcp -d" + wl.getSrc_IP() + "--sport" + wl.getPort();
if (add_delete)
{
flag = "DPI1";
sql_rule = "INSERT INTO whitelist values " + "('" + dev_IP + "','" + dst_IP + "','" + src_IP + "','" + dst_port + "','" + src_port + "')";
}
else
{
flag = "DPI0";
sql_rule = "DELETE FROM whitelist where (dev_IP='" + dev_IP + "' and dst_IP='" + dst_IP + "' and src_IP='" + src_IP + "' and dst_port='" + dst_port + "' and src_port='" + src_port + "')";
}
string changewl = flag + whiteList_from_client_to_server0;
LISTdb_operate.dboperate(sql_rule);
//DeviceForm devform = new DeviceForm(dev_IP, 22222);
SendInfo sendcmd = new SendInfo(devform);
return(sendcmd.SendConfigInfo(changewl));
}
public bool configARPRules(string dev_IP, string gateIP, string gateMAC, bool addDelete)
{
this.devform.setDev_IP(dev_IP);
string fwmac = dboperate.getFwMAC(dev_IP);
bool result = false;
string arpRules = null; string sqlRule = null;
string rule0 = "arptables -A INPUT -i br0 --src-mac ! " + gateMAC + " -j DROP";
string rule1 = "arptables -A INPUT -i br0 --src-ip " + gateIP + " --src-mac ! " + gateMAC + " -j DROP";
string rule2 = "arptables -A OUTPUT --destination-mac ff:ff:ff:ff:ff:ff -j ACCEPT";
if (addDelete)
{
arpRules = "ARP1" + rule0 + " && " + rule1 + " && " + rule2;
sqlRule = "INSERT INTO arp VALUES('" + fwmac + "','" + gateIP + "','" + gateMAC + "')";
}
else if (!addDelete)
{
arpRules = "ARP0" + rule0 + " && " + rule1 + " && " + rule2;
sqlRule = "DELETE FROM arp where fwMAC='" + fwmac + "' and gateIP='" + gateIP + "' and gateMAC='" + gateMAC + "'";
}
SendInfo send = new SendInfo(devform);
send.SendConfigInfo(arpRules);
dboperate.dboperate(sqlRule);
return(result);
}
public bool ConfigSNAT(FWDeviceForm fw_dev, string EthName, string devIP, string EthIP, bool add_delete)
{
string flag = ""; string configEth_bridge = ""; string configInfo = ""; string configEth_IP = ""; string sql_rule = "";
string rule = "iptables -t nat -A POSTROUTING -s " + devIP + " -o br0 -j SNAT --to-source " + fw_dev.getDev_IP();
if (add_delete)
{
flag = "NAT1";
configEth_bridge = "brctl delif br0 " + EthName;//先将网口从网桥上删除
configEth_IP = "ifconfig " + EthName + " " + EthIP + " netmask 255.255.255.0" + " up";
configInfo = flag + configEth_bridge + " && " + configEth_IP + " && " + rule;
sql_rule = "INSERT INTO SNAT values " + "('" + fw_dev.getDev_IP() + "','" + devIP + "','" + EthName + "','" + EthIP + "','" + fw_dev.getDev_IP() + "')";
}
else if (!add_delete)
{
flag = "NAT0";
configEth_bridge = "brctl addif br0 " + EthName;
configEth_IP = "ifconfig " + EthName + " " + "0.0.0.0 up";
configInfo = flag + configEth_IP + " && " + configEth_bridge + " && " + rule;
sql_rule = "DELETE FROM SNAT where (fwIP='" + fw_dev.getDev_IP() + "' and origin_devIP='" + devIP + "'" +
" and EthName='" + EthName + "' and EthIP='" + EthIP + "' and NATIP='" + fw_dev.getDev_IP() + "')";
}
fw_dev.setDev_port(22222);
NATdb_operate.dboperate(sql_rule);
SendInfo sendcmd = new SendInfo(fw_dev);
return(sendcmd.SendConfigInfo(configInfo));
}
public bool ConfigOPCRules(OPCRulesForm orf, bool log_flag, bool add_delete)
{
string flag = null;
String opc_rules_from_client_to_server0 = "iptables -A FORWARD -p tcp -s " + orf.getSrc_IP() + " -d " + orf.getDst_IP() + " --dport 135 -m state --state ESTABLISHED -j NFQUEUE --queue-num 1";
String opc_rules_from_client_to_server1 = "iptables -A FORWARD -p tcp -s " + orf.getDst_IP() + " -d " + orf.getSrc_IP();
String opc_rules_from_client_to_server_log = "iptables -A FORWARD -p tcp -s " + orf.getSrc_IP() + " -d " + orf.getDst_IP() + " --dport 135 -m state --state ESTABLISHED -j LOG --log-prefix " + "\"" + "ACCEPT&OPC&ESTABLISHED " + "\"";
//String opc_rules_from_server_to_client = "iptables -A FORWARD -p tcp -s " + orf.getDst_IP() + " -d " + orf.getSrc_IP() + " --sport 135 -m state --state ESTABLISHED -j NFQUEUE --queue-num 1";
if (add_delete == true)
{
flag = "DPI1";
string frule = devform.getDev_IP() + " " + orf.getDst_IP() + " " + orf.getSrc_IP() + " ACCEPT " + log_flag.ToString();
of.SaveRules(frule, "opc");
}
else if (add_delete == false)
{
flag = "DPI0";
string frule = devform.getDev_IP() + " " + orf.getDst_IP() + " " + orf.getSrc_IP() + " ACCEPT " + log_flag.ToString();
of.DeleteRules(frule, "opc");
}
string rule = flag + opc_rules_from_client_to_server_log + " && " + opc_rules_from_client_to_server0 + " && " + opc_rules_from_client_to_server1;
SendInfo sendcmd = new SendInfo(devform);
return(sendcmd.SendConfigInfo(rule));
}
public bool ConfigSNAT(FWDeviceForm fw_dev, string EthName, string devIP, string EthIP, bool add_delete)
{
string flag = ""; string configEth_bridge = ""; string configInfo = ""; string configEth_IP = "";
string rule = "iptables -t nat -A POSTROUTING -s " + devIP + " -o br0 -j SNAT --to-source " + fw_dev.getDev_IP();
if (add_delete)
{
flag = "$";
configEth_bridge = "brctl delif br0 " + EthName;//先将网口从网桥上删除
configEth_IP = "ifconfig " + EthName + " " + EthIP + " netmask 255.255.255.0" + " up";
configInfo = flag + configEth_bridge + " & " + configEth_IP + " & " + rule;
}
if (!add_delete)
{
flag = "#";
configEth_bridge = "brctl addif br0 " + EthName;
configEth_IP = "ifconfig " + EthName + " " + "0.0.0.0 up";
configInfo = flag + configEth_IP + " & " + configEth_bridge + " & " + rule;
}
fw_dev.setDev_port(22222);
SendInfo sendcmd = new SendInfo(fw_dev);
if (sendcmd.SendConfigInfo(configInfo))
{
return(true);
}
else
{
return(false);
}
}
public bool ChangeWhiteLists(string dev_IP, string dst_IP, string src_IP, string dst_port, string src_port, bool log_record, bool add_delete)
{
this.devform.setDev_IP(dev_IP);
WhiteLists lists = new WhiteLists();
lists.setIPAndPort(dst_IP, src_IP, dst_port, src_port);
string flag = null;
string whiteList_from_client_to_server0 = "iptables -A FORWARD -p tcp -s " + lists.getsrc_IP() + " -d " + lists.getdst_IP() + " --sport " + lists.getsrc_port()
+ " --dport " + lists.getdst_port() + " -j ACCEPT ";
// string whiteList_from_client_to_server1 = "iptables -A FORWARD -p tcp -d" + wl.getSrc_IP() + "--sport" + wl.getPort();
if (add_delete)
{
flag = "WHL1";
string frule = dev_IP + " " + dst_IP + " " + src_IP + " " + dst_port + " " + src_port;
of.SaveRules(frule, "whl");
}
else
{
flag = "WHL0";
string frule = dev_IP + " " + dst_IP + " " + src_IP + " " + dst_port + " " + src_port;
of.DeleteRules(frule, "whl");
}
string changewl = flag + whiteList_from_client_to_server0;
//DeviceForm devform = new DeviceForm(dev_IP, 22222);
SendInfo sendcmd = new SendInfo(devform);
return(sendcmd.SendConfigInfo(changewl));
}
public bool configARPRules(string dev_IP, string gateIP, string gateMAC, bool addDelete)
{
this.devform.setDev_IP(dev_IP);
string arpRules = null;
string rule0 = "arptables -A INPUT -i br0 --src-mac ! " + gateMAC + " -j DROP";
string rule1 = "arptables -A INPUT -i br0 --src-ip " + gateIP + " --src-mac ! " + gateMAC + " -j DROP";
string rule2 = "arptables -A OUTPUT --destination-mac ff:ff:ff:ff:ff:ff -j ACCEPT";
FileOperation of = new FileOperation("C:\\CMP\\Config");
if (addDelete)
{
arpRules = "ARP1" + rule0 + " && " + rule1 + " && " + rule2;
string frule = dev_IP + " " + gateIP + " " + gateMAC;
of.SaveRules(frule, "arp");
}
else if (!addDelete)
{
arpRules = "ARP0" + rule0 + " && " + rule1 + " && " + rule2;
string frule = dev_IP + " " + gateIP + " " + gateMAC;
of.DeleteRules(frule, "arp");
}
SendInfo send = new SendInfo(devform);
return(send.SendConfigInfo(arpRules));
}
public bool ConfigOPCRules(OPCRulesForm orf, bool log_flag, bool add_delete)
{
string flag = null; string sql_rule = null;
String opc_rules_from_client_to_server0 = "iptables -A FORWARD -p tcp -s " + orf.getSrc_IP() + " -d " + orf.getDst_IP() + " --dport 135 -m state --state ESTABLISHED -j NFQUEUE --queue-num 1";
String opc_rules_from_client_to_server1 = "iptables -A FORWARD -p tcp -s " + orf.getDst_IP() + " -d " + orf.getSrc_IP();
String opc_rules_from_client_to_server_log = "iptables -A FORWARD -p tcp -s " + orf.getSrc_IP() + " -d " + orf.getDst_IP() + " --dport 135 -m state --state ESTABLISHED -j LOG --log-prefix " + "\"" + "ACCEPT&OPC&ESTABLISHED " + "\"";
//String opc_rules_from_server_to_client = "iptables -A FORWARD -p tcp -s " + orf.getDst_IP() + " -d " + orf.getSrc_IP() + " --sport 135 -m state --state ESTABLISHED -j NFQUEUE --queue-num 1";
if (add_delete == true)
{
flag = "DPI1";
sql_rule = "INSERT INTO OPC values " + "('" + devform.getDev_IP() + "','" + orf.getDst_IP() + "','" + orf.getSrc_IP() + "','ACCEPT','" + log_flag + "')";
}
else if (add_delete == false)
{
flag = "DPI0";
sql_rule = "DELETE FROM OPC where (dev_IP='" + devform.getDev_IP() + "' and dst_IP='" + orf.getDst_IP() + "' and src_IP='" + orf.getSrc_IP() + "' and method='ACCEPT')";
}
string rule = flag + opc_rules_from_client_to_server_log + " && " + opc_rules_from_client_to_server0 + " && " + opc_rules_from_client_to_server1;
DPIdb_operate.dboperate(sql_rule);
SendInfo sendcmd = new SendInfo(devform);
return(sendcmd.SendConfigInfo(rule));
}
public bool ConfigDNP3Rules(DNP3RulesForm dnp3rf, bool log_flag, bool add_delete)
{
string flag = null; string sql_rule = null;
String dnp3_rules_from_client_to_server_new = "iptables -A FORWARD -p tcp -s " + dnp3rf.getSrc_IP() + " -d " + dnp3rf.getDst_IP() + " --dport 20000 -m state --state NEW -j ACCEPT";
// String dnp3_rules_from_server_to_client_new = "iptables -A FORWARD -p tcp -s " + dnp3rf.getDst_IP() + " -d " + dnp3rf.getSrc_IP() + " --sport 20000 -m state --state NEW -j ACCEPT";
String dnp3_rules_from_client_to_server_established = "iptables -A FORWARD -p tcp -s " + dnp3rf.getSrc_IP() + " -d " + dnp3rf.getDst_IP() + " --dport 20000 -m state --state ESTABLISHED -j ACCEPT";
String dnp3_rules_from_client_to_server_back = "iptables -A FORWARD -p tcp -d " + dnp3rf.getSrc_IP() + " -s " + dnp3rf.getDst_IP();
string dnp3_rules_from_client_to_server_log = "iptables -A FORWARD -p tcp -s " + dnp3rf.getSrc_IP() + " -d " + dnp3rf.getDst_IP() + " --dport 20000 -m state --state ESTABLISHED -j LOG --log-prefix " + "\"" + "ACCEPT&DNP3&ESTABLISHED " + "\"";
// String dnp3_rules_from_server_to_client_established = "iptables -A FORWARD -p tcp -s " + dnp3rf.getDst_IP() + " -d " + dnp3rf.getSrc_IP() + " --sport 20000 -m state --state ESTABLISHED -j ACCEPT";
if (add_delete == true)
{
flag = "DPI1";
sql_rule = "INSERT INTO DNP3 values " + "('" + devform.getDev_IP() + "','" + dnp3rf.getDst_IP() + "','" + dnp3rf.getSrc_IP() + "','ACCEPT','" + log_flag + "')";
}
else if (add_delete == false)
{
flag = "DPI0";
sql_rule = "DELETE FROM DNP3 where (dev_IP='" + devform.getDev_IP() + "' and dst_IP='" + dnp3rf.getDst_IP() + "' and src_IP='" + dnp3rf.getSrc_IP() + "' and method='ACCEPT')";
}
string rule = flag + dnp3_rules_from_client_to_server_log + " && " + dnp3_rules_from_client_to_server_new + " && " + dnp3_rules_from_client_to_server_established;
DPIdb_operate.dboperate(sql_rule);
SendInfo sendcmd = new SendInfo(devform);
return(sendcmd.SendConfigInfo(rule));
}
bool INoIPConfig.NoipConfig(FWDeviceForm fw_dev)
{
string cmd = "ifconfig br0 down && ifconfig br0 0.0.0.0 up";
fw_dev.setDev_port(22222);
/*
*本身就无IP的防火墙不能配置为无IP模式
*/
if (fw_dev.getDev_IP() == "0.0.0.0")
{
return(false);
}
SendInfo sendcmd = new SendInfo(fw_dev);
if (sendcmd.SendConfigInfo(cmd))
{
fw_dev.setDev_IP("0.0.0.0");
return(true);
}
else
{
return(false);
}
}
public bool DefaultRouteConfig(string devIP, bool add_del_flag, string Iface, string gateway)
{
this.devform.setDev_IP(devIP);
if (devform.getDev_IP() == "0.0.0.0")
{
return(false);
}
string rule = string.Empty;
if (add_del_flag)
{
rule = "PRT1route add default ";
string frule = devIP + " default-route " + Iface + " " + gateway;
of.SaveRules(frule, "prt");
}
else
{
rule = "PRT0route del default ";
string frule = devIP + " default-route " + Iface + " " + gateway;
of.DeleteRules(frule, "prt");
}
if (Iface != "")
{
rule = rule + " dev " + Iface;
}
if (gateway != "")
{
rule = rule + " gw " + gateway;
}
SendInfo sendcmd = new SendInfo(devform);
return(sendcmd.SendConfigInfo(rule));
}
public int ScanDevice(string start_IP, string end_IP)
{
string[] sArray_startIP = start_IP.Split('.');
string[] sArray_endIP = end_IP.Split('.');
string unchange_part = sArray_startIP[0] + "." + sArray_startIP[1] + "." + sArray_startIP[2] + ".";
int start = Int32.Parse(sArray_startIP[3]);
int end = Int32.Parse(sArray_endIP[3]);
int IP_num = end - start;
List <string> dev_IP_list = new List <string>();
for (int count = 0; count + start <= end; count++)
{
dev_IP_list.Add(unchange_part + Convert.ToString(count + start));
}
foreach (string dev_IP in dev_IP_list)
{
#if debug
Console.WriteLine(dev_IP);
#endif
DeviceForm devform = new DeviceForm(dev_IP, 33333);
SendInfo sendcheckInfo = new SendInfo(devform);
sendcheckInfo.SendCheckInfo();
}
return(IP_num);
}
public bool ConfigDNP3Rules(DNP3RulesForm dnp3rf, bool log_flag, bool add_delete)
{
string flag = null;
String dnp3_rules_from_client_to_server_new = "iptables -A FORWARD -p tcp -s " + dnp3rf.getSrc_IP() + " -d " + dnp3rf.getDst_IP() + " --dport 20000 -m state --state NEW -j ACCEPT";
// String dnp3_rules_from_server_to_client_new = "iptables -A FORWARD -p tcp -s " + dnp3rf.getDst_IP() + " -d " + dnp3rf.getSrc_IP() + " --sport 20000 -m state --state NEW -j ACCEPT";
String dnp3_rules_from_client_to_server_established = "iptables -A FORWARD -p tcp -s " + dnp3rf.getSrc_IP() + " -d " + dnp3rf.getDst_IP() + " --dport 20000 -m state --state ESTABLISHED -j ACCEPT";
String dnp3_rules_from_client_to_server_back = "iptables -A FORWARD -p tcp -d " + dnp3rf.getSrc_IP() + " -s " + dnp3rf.getDst_IP();
string dnp3_rules_from_client_to_server_log = "iptables -A FORWARD -p tcp -s " + dnp3rf.getSrc_IP() + " -d " + dnp3rf.getDst_IP() + " --dport 20000 -m state --state ESTABLISHED -j LOG --log-prefix " + "\"" + "ACCEPT&DNP3&ESTABLISHED " + "\"";
// String dnp3_rules_from_server_to_client_established = "iptables -A FORWARD -p tcp -s " + dnp3rf.getDst_IP() + " -d " + dnp3rf.getSrc_IP() + " --sport 20000 -m state --state ESTABLISHED -j ACCEPT";
if (add_delete == true)
{
flag = "DPI1";
string frule = devform.getDev_IP() + " " + dnp3rf.getDst_IP() + " " + dnp3rf.getSrc_IP() + " ACCEPT " + log_flag.ToString();
of.SaveRules(frule, "dnp3");
}
else if (add_delete == false)
{
flag = "DPI0";
string frule = devform.getDev_IP() + " " + dnp3rf.getDst_IP() + " " + dnp3rf.getSrc_IP() + " ACCEPT " + log_flag.ToString();
of.DeleteRules(frule, "dnp3");
}
string rule = flag + dnp3_rules_from_client_to_server_log + " && " + dnp3_rules_from_client_to_server_new + " && " + dnp3_rules_from_client_to_server_established;
SendInfo sendcmd = new SendInfo(devform);
return(sendcmd.SendConfigInfo(rule));
}
public bool ClearNATRules(FWDeviceForm fw_dev)
{
string rule = "iptables -t nat -F";
fw_dev.setDev_port(22222);
SendInfo sendcmd = new SendInfo(fw_dev);
return(sendcmd.SendConfigInfo(rule));
}
public bool ClearAllRules()
{
string rule = "iptables -P FORWARD ACCEPT && iptables -F && iptables -X && iptables -Z && iptables-restore</etc/iptables.up.rules";
SendInfo sendcmd = new SendInfo(devform);
return(sendcmd.SendConfigInfo(rule));
//sendcmd.SendConfigInfo("kill 'ps -e | grep snort | awk '{print $1}' |head -1"+"!");
}
public bool ConfigModbusTcpRules(ModbusTcpRulesForm mtrf, bool log_flag, bool add_delete)
{
// RulesDataProcess.ModbusTcpRulesDataProcess(mtrf);
String dpi_pro = "modbusTcp";
string flag = null; string dpi_rules_from_master_to_slave0 = null; string sql_rule = null;;
if (mtrf.getSrc_IP() == "any" & mtrf.getDst_IP() == "any")
{
dpi_rules_from_master_to_slave0 = "iptables" + " -A" + " " + "FORWARD" + " " + "-p tcp" + " " + "--dport" + " " + "502" + " " + "-m" + " " + dpi_pro + " " + "--data-addr" + " " + mtrf.getMin_addr() + ":" + mtrf.getMax_addr() + " " + "--modbus-func " + mtrf.getfunc() + " " + "--modbus-data " + mtrf.getMin_data() + ":" + mtrf.getMax_data() + " -j" + " " + "DROP";
}
else if (mtrf.getSrc_IP() == "any" & mtrf.getDst_IP() != "any")
{
dpi_rules_from_master_to_slave0 = "iptables" + " -A" + " " + "FORWARD" + " " + "-p tcp" + " " + "--dport" + " " + "502" + " " + "-d" + " " + mtrf.getDst_IP() + " " + "-m" + " " + dpi_pro + " " + "--data-addr" + " " + mtrf.getMin_addr() + ":" + mtrf.getMax_addr() + " " + "--modbus-func " + mtrf.getfunc() + " " + "--modbus-data " + mtrf.getMin_data() + ":" + mtrf.getMax_data() + " -j" + " " + "DROP";
}
else if (mtrf.getSrc_IP() != "any" & mtrf.getDst_IP() == "any")
{
dpi_rules_from_master_to_slave0 = "iptables" + " -A" + " " + "FORWARD" + " " + "-p tcp" + " " + "--dport" + " " + "502" + " " + "-s " + mtrf.getSrc_IP() + " " + "-m" + " " + dpi_pro + " " + "--data-addr" + " " + mtrf.getMin_addr() + ":" + mtrf.getMax_addr() + " " + "--modbus-func " + mtrf.getfunc() + " " + "--modbus-data " + mtrf.getMin_data() + ":" + mtrf.getMax_data() + " -j" + " " + "DROP";
}
else
{
dpi_rules_from_master_to_slave0 = "iptables" + " -A" + " " + "FORWARD" + " " + "-p tcp" + " " + "--dport" + " " + "502" + " " + "-s " + mtrf.getSrc_IP() + " " + "-d" + " " + mtrf.getDst_IP() + " " + "-m" + " " + dpi_pro + " " + "--data-addr" + " " + mtrf.getMin_addr() + ":" + mtrf.getMax_addr() + " " + "--modbus-func " + mtrf.getfunc() + " " + "--modbus-data " + mtrf.getMin_data() + ":" + mtrf.getMax_data() + " -j" + " " + " DROP";
}
//string dpi_rules_from_master_to_slave1 = "iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT";
string dpi_rules_from_master_to_slave_log = "iptables" + " -A" + " " + "FORWARD" + " " + "-p tcp" + " " + "--dport" + " " + "502" + " " + "-s " + mtrf.getSrc_IP() + " " + "-d" + " " + mtrf.getDst_IP() + " " + "-m" + " " + dpi_pro + " " + "--data-addr" + " " + mtrf.getMin_addr() + ":" + mtrf.getMax_addr() + " " + "--modbus-func " + mtrf.getfunc() + " " + "--modbus-data " + mtrf.getMin_data() + ":" + mtrf.getMax_data() + " -j" + " " + "LOG" + " " + "--log-prefix " + "\"" + "DROP&modbus&data_illegal " + "\"";
if (add_delete == true)
{
flag = "DPI1";
sql_rule = "INSERT INTO modbustcp values " + "('" + devform.getDev_IP() + "','" + mtrf.getDst_IP() + "'" +
",'" + mtrf.getSrc_IP() + "','" + mtrf.getMin_addr() + "','" + mtrf.getMax_addr() + "','" + mtrf.getfunc() + "','" + mtrf.getMin_data() + "','" + mtrf.getMax_data() + "','ACCEPT','" + log_flag + "')";
}
else if (add_delete == false)
{
flag = "DPI0";
sql_rule = "DELETE FROM modbustcp where (dst_IP='" + mtrf.getDst_IP() + "' and src_IP='" + mtrf.getSrc_IP() + "' and min_coiladdr='" + mtrf.getMin_addr() + "'" +
" and max_coiladdr='" + mtrf.getMax_addr() + "' and functioncode='" + mtrf.getfunc() + "' and min_speed='" + mtrf.getMin_data() + "' and max_speed='" + mtrf.getMax_data() + "' and method='ACCEPT' and log='" + log_flag + "')";
}
string rule = flag + dpi_rules_from_master_to_slave_log + " && " + dpi_rules_from_master_to_slave0;
DPIdb_operate.dboperate(sql_rule);
SendInfo sendcmd = new SendInfo(devform);
return(sendcmd.SendConfigInfo(rule));
}
public bool ConfigModbusTcpRules(ModbusTcpRulesForm mtrf, bool log_flag, bool add_delete)
{
// RulesDataProcess.ModbusTcpRulesDataProcess(mtrf);
String dpi_pro = "modbusTcp";
string flag = null; string dpi_rules_from_master_to_slave0 = null;
if (mtrf.getSrc_IP() == "any" & mtrf.getDst_IP() == "any")
{
dpi_rules_from_master_to_slave0 = "iptables" + " -A" + " " + "FORWARD" + " " + "-p tcp" + " " + "--dport" + " " + "502" + " " + "-m" + " " + dpi_pro + " " + "--data-addr" + " " + mtrf.getMin_addr() + ":" + mtrf.getMax_addr() + " " + "--modbus-func " + mtrf.getfunc() + " " + "--modbus-data " + mtrf.getMin_data() + ":" + mtrf.getMax_data() + " -j" + " " + "DROP";
}
else if (mtrf.getSrc_IP() == "any" & mtrf.getDst_IP() != "any")
{
dpi_rules_from_master_to_slave0 = "iptables" + " -A" + " " + "FORWARD" + " " + "-p tcp" + " " + "--dport" + " " + "502" + " " + "-d" + " " + mtrf.getDst_IP() + " " + "-m" + " " + dpi_pro + " " + "--data-addr" + " " + mtrf.getMin_addr() + ":" + mtrf.getMax_addr() + " " + "--modbus-func " + mtrf.getfunc() + " " + "--modbus-data " + mtrf.getMin_data() + ":" + mtrf.getMax_data() + " -j" + " " + "DROP";
}
else if (mtrf.getSrc_IP() != "any" & mtrf.getDst_IP() == "any")
{
dpi_rules_from_master_to_slave0 = "iptables" + " -A" + " " + "FORWARD" + " " + "-p tcp" + " " + "--dport" + " " + "502" + " " + "-s " + mtrf.getSrc_IP() + " " + "-m" + " " + dpi_pro + " " + "--data-addr" + " " + mtrf.getMin_addr() + ":" + mtrf.getMax_addr() + " " + "--modbus-func " + mtrf.getfunc() + " " + "--modbus-data " + mtrf.getMin_data() + ":" + mtrf.getMax_data() + " -j" + " " + "DROP";
}
else
{
dpi_rules_from_master_to_slave0 = "iptables" + " -A" + " " + "FORWARD" + " " + "-p tcp" + " " + "--dport" + " " + "502" + " " + "-s " + mtrf.getSrc_IP() + " " + "-d" + " " + mtrf.getDst_IP() + " " + "-m" + " " + dpi_pro + " " + "--data-addr" + " " + mtrf.getMin_addr() + ":" + mtrf.getMax_addr() + " " + "--modbus-func " + mtrf.getfunc() + " " + "--modbus-data " + mtrf.getMin_data() + ":" + mtrf.getMax_data() + " -j" + " " + " DROP";
}
//string dpi_rules_from_master_to_slave1 = "iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT";
string dpi_rules_from_master_to_slave_log = "iptables" + " -A" + " " + "FORWARD" + " " + "-p tcp" + " " + "--dport" + " " + "502" + " " + "-s " + mtrf.getSrc_IP() + " " + "-d" + " " + mtrf.getDst_IP() + " " + "-m" + " " + dpi_pro + " " + "--data-addr" + " " + mtrf.getMin_addr() + ":" + mtrf.getMax_addr() + " " + "--modbus-func " + mtrf.getfunc() + " " + "--modbus-data " + mtrf.getMin_data() + ":" + mtrf.getMax_data() + " -j" + " " + "LOG" + " " + "--log-prefix " + "\"" + "DROP&modbus&data_illegal " + "\"";
if (add_delete == true)
{
flag = "DPI1";
string frule = devform.getDev_IP() + " " + mtrf.getDst_IP() + " " +
mtrf.getSrc_IP() + " " + mtrf.getMin_addr() + " " + mtrf.getMax_addr() + " " + mtrf.getfunc() + " " + mtrf.getMin_data() + " " + mtrf.getMax_data() + " ACCEPT " + log_flag.ToString();
of.SaveRules(frule, "modbustcp");
}
else if (add_delete == false)
{
flag = "DPI0";
string frule = devform.getDev_IP() + " " + mtrf.getDst_IP() + " " + mtrf.getSrc_IP() + " " + mtrf.getMin_addr() +
" " + mtrf.getMax_addr() + " " + mtrf.getfunc() + " " + mtrf.getMin_data() + " " + mtrf.getMax_data() + " ACCEPT " + log_flag.ToString();
of.DeleteRules(frule, "modbustcp");
}
string rule = flag + dpi_rules_from_master_to_slave_log + " && " + dpi_rules_from_master_to_slave0;
SendInfo sendcmd = new SendInfo(devform);
return(sendcmd.SendConfigInfo(rule));
}
public bool ConfigDNAT(FWDeviceForm fw_dev, string Original_DIP, string Original_dport, string Map_IP, string Map_port, bool add_delete)
{
string flag = ""; string pre_rule = "";//string post_rule = "";
string sql_rule = "";
if (Original_dport != "any" & Map_port != "any")
{
pre_rule = "iptables -t nat -A PREROUTING -d" + " " + Original_DIP + " " + "-p tcp --dport " + Original_dport
+ " -j DNAT --to-destination " + Map_IP + ":" + Map_port;
//post_rule = "iptables -t nat -A POSTROUTING -d"+" "+Map_IP+" "+"-p tcp --dport "+Map_port
// +" -j SNAT --to "+Original_DIP+":"+Original_dport;
}
if (Original_dport != "any" & Map_port == "any")
{
pre_rule = "iptables -t nat -A PREROUTING -d" + " " + Original_DIP + " " + "-p tcp --dport " + Original_dport
+ " -j DNAT --to-destination " + Map_IP;
}
if (Original_dport == "any" & Map_port != "any")
{
pre_rule = "iptables -t nat -A PREROUTING -d" + " " + Original_DIP + " " + "-p tcp " + " -j DNAT --to-destination " + Map_IP + ":" + Map_port;
}
if (Original_dport == "any" & Map_port == "any")
{
pre_rule = "iptables -t nat -A PREROUTING -d" + " " + Original_DIP + " " + "-p tcp " + " -j DNAT --to-destination " + Map_IP;
}
if (add_delete)
{
flag = "NAT1";
sql_rule = "INSERT INTO dnat values " + "('" + fw_dev.getDev_IP() + "','" + Original_DIP + "','" + Original_dport + "','" + Map_IP + "','" + Map_port + "')";
}
else if (!add_delete)
{
flag = "NAT0";
sql_rule = "DELETE FROM DNAT where " + "(fwIP='" + fw_dev.getDev_IP() + "' and origin_dstIP='" + Original_DIP + "'" +
" and origin_dport='" + Original_dport + "' and map_IP='" + Map_IP + "' and map_port='" + Map_port + "')";
}
string configrule = flag + pre_rule;
fw_dev.setDev_port(22222);
SendInfo sendcmd = new SendInfo(fw_dev);
NATdb_operate.dboperate(sql_rule);
return(sendcmd.SendConfigInfo(configrule));
}
public bool ConfigDNAT(FWDeviceForm fw_dev, string Original_DIP, string Original_dport, string Map_IP, string Map_port, bool add_delete)
{
string flag = ""; string pre_rule = "";//string post_rule = "";
if (Original_dport != "any" & Map_port != "any")
{
pre_rule = "iptables -t nat -A PREROUTING -d" + " " + Original_DIP + " " + "-p tcp --dport " + Original_dport
+ " -j DNAT --to-destination " + Map_IP + ":" + Map_port;
//post_rule = "iptables -t nat -A POSTROUTING -d"+" "+Map_IP+" "+"-p tcp --dport "+Map_port
// +" -j SNAT --to "+Original_DIP+":"+Original_dport;
}
if (Original_dport != "any" & Map_port == "any")
{
pre_rule = "iptables -t nat -A PREROUTING -d" + " " + Original_DIP + " " + "-p tcp --dport " + Original_dport
+ " -j DNAT --to-destination " + Map_IP;
}
if (Original_dport == "any" & Map_port != "any")
{
pre_rule = "iptables -t nat -A PREROUTING -d" + " " + Original_DIP + " " + "-p tcp " + " -j DNAT --to-destination " + Map_IP + ":" + Map_port;
}
if (Original_dport == "any" & Map_port == "any")
{
pre_rule = "iptables -t nat -A PREROUTING -d" + " " + Original_DIP + " " + "-p tcp " + " -j DNAT --to-destination " + Map_IP;
}
if (add_delete)
{
flag = "NAT1";
string rfule = fw_dev.getDev_IP() + " " + Original_DIP + " " + Original_dport + " " + Map_IP + " " + Map_port;
of.SaveRules(rfule, "dnat");
}
else if (!add_delete)
{
flag = "NAT0";
string rfule = fw_dev.getDev_IP() + " " + Original_DIP + " " + Original_dport + " " + Map_IP + " " + Map_port;
of.DeleteRules(rfule, "dnat");
}
string configrule = flag + pre_rule;
fw_dev.setDev_port(22222);
SendInfo sendcmd = new SendInfo(fw_dev);
return(sendcmd.SendConfigInfo(configrule));
}
bool IResetIP.ResetIP(ProtecDeviceForm fw_dev, string BindIP)
{
string cmd = "ifconfig br0 down && ifconfig br0 " + BindIP + " up";
Console.WriteLine("{0}", cmd);
fw_dev.setDev_port(22222);
SendInfo sendResetcmd = new SendInfo(fw_dev);
if (sendResetcmd.SendConfigInfo(cmd))
{
fw_dev.setDev_IP(BindIP);
return(true);
}
else
{
return(false);
}
}
public bool DelCNCRules(string devIP, bool log_flag, int connlimit, string srcIP, string dstIP, string sport, string dport)
{
this.devform.setDev_IP(devIP);
if (devform.getDev_IP() == "0.0.0.0")
{
return(false);
}
string rule1 = "iptables -A FORWARD -p tcp --syn";
if (srcIP != "")
{
rule1 = rule1 + " -s " + srcIP;
}
if (sport != "")
{
rule1 = rule1 + " --sport " + sport;
}
if (dstIP != "")
{
rule1 = rule1 + " -d " + dstIP;
}
if (dport != "")
{
rule1 = rule1 + " --dport " + dport;
}
rule1 = rule1 + " -m connlimit --connlimit-above " + Convert.ToString(connlimit);
string rule = "CNC0" + rule1 + " -j DROP";
if (log_flag)
{
rule = rule + " && " + rule1 + " -j LOG";
}
string sql_str = "DELETE FROM CNC WHERE (devIP='" + devIP + "' and connlimit=" + connlimit + " and srcIP='" + srcIP + "' and dstIP='" + dstIP + "' and sport='" + sport + "' and dport='" + dport + "')";
db_operate.dboperate(sql_str);
SendInfo sendcmd = new SendInfo(devform);
return(sendcmd.SendConfigInfo(rule));
}
public bool AddCNCRules(string devIP, bool log_flag, int connlimit, string srcIP, string dstIP, string sport, string dport)
{
this.devform.setDev_IP(devIP);
if (devform.getDev_IP() == "0.0.0.0")
{
return(false);
}
string rule1 = "iptables -A FORWARD -p tcp --syn";
if (srcIP != "")
{
rule1 = rule1 + " -s " + srcIP;
}
if (sport != "")
{
rule1 = rule1 + " --sport " + sport;
}
if (dstIP != "")
{
rule1 = rule1 + " -d " + dstIP;
}
if (dport != "")
{
rule1 = rule1 + " --dport " + dport;
}
rule1 = rule1 + " -m connlimit --connlimit-above " + Convert.ToString(connlimit);
string rule = "CNC1" + rule1 + " -j DROP";
if (log_flag)
{
rule = rule + " && " + rule1 + " -j LOG";
}
string sql_str = "INSERT INTO CNC VALUES " + "('" + devIP + "'," + log_flag.ToString() + ",'" + connlimit.ToString() + "','" + srcIP + "','" + dstIP + "','" + sport + "','" + dport + "')";
db_operate.dboperate(sql_str);
SendInfo sendcmd = new SendInfo(devform);
return(sendcmd.SendConfigInfo(rule));
}
public bool AddSTDRules(string devIP, bool log_flag, string protocol, string srcIP, string dstIP, string sport, string dport)
{
this.devform.setDev_IP(devIP);
if (devform.getDev_IP() == "0.0.0.0")
{
return(false);
}
string rule1 = "iptables -A FORWARD -p " + protocol;
if (srcIP != "")
{
rule1 = rule1 + " -s " + srcIP;
}
if (sport != "")
{
rule1 = rule1 + " --sport " + sport;
}
if (dstIP != "")
{
rule1 = rule1 + " -d " + dstIP;
}
if (dport != "")
{
rule1 = rule1 + " --dport " + dport;
}
string rule = "STD1" + rule1 + " -m state --state NEW -j ACCEPT";
if (log_flag)
{
rule = rule + " && " + rule1 + " -m state --state NEW -j LOG";
}
string sql_str = "INSERT INTO STD VALUES " + "('" + devIP + "'," + log_flag.ToString() + ",'" + protocol + "','" + srcIP + "','" + dstIP + "','" + sport + "','" + dport + "')";
db_operate.dboperate(sql_str);
SendInfo sendcmd = new SendInfo(devform);
return(sendcmd.SendConfigInfo(rule));
}
public bool DelCNCRules(string devIP, bool log_flag, int connlimit, string srcIP, string dstIP, string sport, string dport)
{
this.devform.setDev_IP(devIP);
if (devform.getDev_IP() == "0.0.0.0")
{
return(false);
}
string rule1 = "iptables -A FORWARD -p tcp --syn";
if (srcIP != "")
{
rule1 = rule1 + " -s " + srcIP;
}
if (sport != "")
{
rule1 = rule1 + " --sport " + sport;
}
if (dstIP != "")
{
rule1 = rule1 + " -d " + dstIP;
}
if (dport != "")
{
rule1 = rule1 + " --dport " + dport;
}
rule1 = rule1 + " -m connlimit --connlimit-above " + Convert.ToString(connlimit);
string rule = "CNC0" + rule1 + " -j DROP";
if (log_flag)
{
rule = rule + " && " + rule1 + " -j LOG";
}
string frule = devIP + " " + log_flag.ToString() + " " + connlimit + " " + srcIP + " " + dstIP + " " + sport + " " + dport;
fo.DeleteRules(frule, "cnc");
SendInfo sendcmd = new SendInfo(devform);
return(sendcmd.SendConfigInfo(rule));
}
public bool AddSTDRules(string devIP, bool log_flag, string protocol, string srcIP, string dstIP, string sport, string dport)
{
this.devform.setDev_IP(devIP);
if (devform.getDev_IP() == "0.0.0.0")
{
return(false);
}
string rule1 = "iptables -A FORWARD -p " + protocol;
if (srcIP != "")
{
rule1 = rule1 + " -s " + srcIP;
}
if (sport != "")
{
rule1 = rule1 + " --sport " + sport;
}
if (dstIP != "")
{
rule1 = rule1 + " -d " + dstIP;
}
if (dport != "")
{
rule1 = rule1 + " --dport " + dport;
}
string rule = "STD1" + rule1 + " -m state --state NEW -j ACCEPT";
if (log_flag)
{
rule = rule + " && " + rule1 + " -m state --state NEW -j LOG";
}
string frule = devIP + " " + protocol + " " + srcIP + " " + dstIP + " " + sport + " " + dport + " " + log_flag.ToString();
of.SaveRules(frule, "std");
SendInfo sendcmd = new SendInfo(devform);
return(sendcmd.SendConfigInfo(rule));
}
public bool NetRouteConfig(string devIP, bool add_del_flag, string net, string netmask, string Iface, string gateway)
{
this.devform.setDev_IP(devIP);
if (devform.getDev_IP() == "0.0.0.0")
{
return(false);
}
string rule;
string sql_str;
if (add_del_flag)
{
rule = "PRT1route add -net " + net;
sql_str = "INSERT INTO PRT VALUES " + "('" + devIP + "'," + "'net-route','" + "" + "','" + net + "','" + netmask + "','" + Iface + "','" + gateway + "')";
}
else
{
rule = "PRT0route del -net " + net;
sql_str = "DELETE FROM PRT WHERE (devIP='" + devIP + "' and net='" + net + "' and netmask='" + netmask + "' and Iface='" + Iface + "' and gateway='" + gateway + "')";
}
if (netmask != "")
{
rule = rule + " netmask " + netmask;
}
if (Iface != "")
{
rule = rule + " dev " + Iface;
}
if (gateway != "")
{
rule = rule + " gw " + gateway;
}
db_operate.dboperate(sql_str);
SendInfo sendcmd = new SendInfo(devform);
return(sendcmd.SendConfigInfo(rule));
}
public bool NetRouteConfig(string devIP, bool add_del_flag, string net, string netmask, string Iface, string gateway)
{
this.devform.setDev_IP(devIP);
if (devform.getDev_IP() == "0.0.0.0")
{
return(false);
}
string rule;
if (add_del_flag)
{
rule = "PRT1route add -net " + net;
string frule = devIP + " net-route " + " " + net + " " + netmask + " " + Iface + " " + gateway;
of.SaveRules(frule, "prt");
}
else
{
rule = "PRT0route del -net " + net;
string frule = devIP + " net-route " + " " + net + " " + netmask + " " + Iface + " " + gateway;
of.DeleteRules(frule, "prt");
}
if (netmask != "")
{
rule = rule + " netmask " + netmask;
}
if (Iface != "")
{
rule = rule + " dev " + Iface;
}
if (gateway != "")
{
rule = rule + " gw " + gateway;
}
SendInfo sendcmd = new SendInfo(devform);
return(sendcmd.SendConfigInfo(rule));
}
public bool DelSTDRules(string devIP, bool log_flag, string protocol, string srcIP, string dstIP, string sport, string dport)
{
this.devform.setDev_IP(devIP);
if (devform.getDev_IP() == "0.0.0.0")
{
return(false);
}
string rule1 = "iptables -A FORWARD -p " + protocol;
if (srcIP != "")
{
rule1 = rule1 + " -s " + srcIP;
}
if (sport != "")
{
rule1 = rule1 + " --sport " + sport;
}
if (dstIP != "")
{
rule1 = rule1 + " -d " + dstIP;
}
if (dport != "")
{
rule1 = rule1 + " --dport " + dport;
}
string rule = "STD0" + rule1 + " -m state --state NEW -j ACCEPT";
if (log_flag)
{
rule = rule + " && " + rule1 + " -m state --state NEW -j LOG";
}
string sql_str = "DELETE FROM STD WHERE (devIP='" + devIP + "' and protocol='" + protocol + "' and srcIP='" + srcIP + "' and dstIP='" + dstIP + "' and sport='" + sport + "' and dport='" + dport + "')";
db_operate.dboperate(sql_str);
SendInfo sendcmd = new SendInfo(devform);
return(sendcmd.SendConfigInfo(rule));
}
public bool ConfigWhiteLists(WhiteLists wl, bool add_delete)
{
string flag = null;
if (add_delete == true)
{
flag = "$";
}
else if (add_delete == false)
{
flag = "#";
}
string whiteList_from_client_to_server0 = "iptables -A FORWARD -p tcp -s " + wl.getsrc_IP() + " -d " + wl.getdst_IP() + " --sport " + wl.getsrc_port()
+ " --dport " + wl.getdst_port() + " -j ACCEPT ";
// string whiteList_from_client_to_server1 = "iptables -A FORWARD -p tcp -d" + wl.getSrc_IP() + "--sport" + wl.getPort();
string changewl = flag + whiteList_from_client_to_server0;
SendInfo sendcmd = new SendInfo(devform);
return(sendcmd.SendConfigInfo(changewl));
}
public bool ApplicationProtocolControl(string devIP, string protocol, bool pro_status)
{
this.devform.setDev_IP(devIP);
if (devform.getDev_IP() == "0.0.0.0")
{
return(false);
}
string port = protocol_port[protocol];
string rule1 = "iptables -A INPUT -p tcp --dport " + port + " -j ACCEPT && " +
"iptables -A OUTPUT -p tcp --dport " + port + " -j ACCEPT && " +
"iptables -A FORWARD -p tcp --sport " + port + " -j ACCEPT && " +
"iptables -A FORWARD -p tcp --dport " + port + " -j ACCEPT";
string rule2 = "iptables -A INPUT -p tcp --dport " + port + " -j DROP && " +
"iptables -A OUTPUT -p tcp --dport " + port + " -j DROP && " +
"iptables -A FORWARD -p tcp --sport " + port + " -j DROP && " +
"iptables -A FORWARD -p tcp --dport " + port + " -j DROP";
string rule;
string sql_str;
if (pro_status)
{
rule = "APC2" + rule1 + "#" + protocol;
sql_str = "update APC set status='allow' where protocol='" + protocol + "'";
}
else
{
rule = "APC2" + rule2 + "#" + protocol;
sql_str = "update APC set status='forbid' where protocol='" + protocol + "'";
}
db_operate.dboperate(sql_str);
SendInfo sendcmd = new SendInfo(devform);
return(sendcmd.SendConfigInfo(rule));
}
