Class: BetterCap::Firewalls::BSD
- Defined in:
- lib/bettercap/firewalls/bsd.rb
Overview
*BSD and OSX Firewall class.
Instance Method Summary collapse
-
#add_port_redirection(r, use_ipv6) ⇒ Object
Apply the
r
BetterCap::Firewalls::Redirection port redirection object. -
#del_port_redirection(r, use_ipv6) ⇒ Object
Remove the
r
BetterCap::Firewalls::Redirection port redirection object. -
#enable(enabled) ⇒ Object
If
enabled
is true, the PF firewall will be enabled, otherwise it will be disabled. -
#enable_forwarding(enabled) ⇒ Object
If
enabled
is true will enable packet forwarding, otherwise it will disable it. -
#enable_icmp_bcast(enabled) ⇒ Object
If
enabled
is true will enable packet icmp_echo_ignore_broadcasts, otherwise it will disable it. -
#enable_ipv6_forwarding(enabled) ⇒ Object
If
enabled
is true will enable packet forwarding, otherwise it will disable it. -
#enable_send_redirects(enabled) ⇒ Object
This method is ignored on OSX.
-
#forwarding_enabled? ⇒ Boolean
Return true if packet forwarding is currently enabled, otherwise false.
-
#initialize ⇒ BSD
constructor
A new instance of BSD.
-
#ipv6_forwarding_enabled? ⇒ Boolean
Return true if packet forwarding for IPv6 is currently enabled, otherwise false.
Methods inherited from Base
clear, get, #restore, #supported?
Constructor Details
#initialize ⇒ BSD
Returns a new instance of BSD.
18 19 20 |
# File 'lib/bettercap/firewalls/bsd.rb', line 18 def initialize @filename = "/tmp/bettercap_pf_#{Process.pid}.conf" end |
Instance Method Details
#add_port_redirection(r, use_ipv6) ⇒ Object
Apply the r
BetterCap::Firewalls::Redirection port redirection object.
61 62 63 64 65 66 67 68 69 70 |
# File 'lib/bettercap/firewalls/bsd.rb', line 61 def add_port_redirection( r, use_ipv6 ) # create the pf config file File.open( @filename, 'a+t' ) do |f| f.write "#{gen_rule(r)}\n" end # load the rule Shell.execute("pfctl -f #{@filename} >/dev/null 2>&1") # enable pf enable true end |
#del_port_redirection(r, use_ipv6) ⇒ Object
Remove the r
BetterCap::Firewalls::Redirection port redirection object.
73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 |
# File 'lib/bettercap/firewalls/bsd.rb', line 73 def del_port_redirection( r, use_ipv6 ) # remove the redirection rule from the existing file rule = gen_rule(r) rules = File.readlines(@filename).collect(&:strip).reject(&:empty?) rules.delete(rule) # no other rules, delete file and disable firewall. if rules.empty? File.delete(@filename) enable false # other rules are present in the file, update it else File.open( @filename, 'w+t' ) do |f| rules.each do |rule| f.write "#{rule}\n" end end # let the firewall know we updated the file Shell.execute("pfctl -f #{@filename} >/dev/null 2>&1") end rescue end |
#enable(enabled) ⇒ Object
If enabled
is true, the PF firewall will be enabled, otherwise it will be disabled.
55 56 57 58 |
# File 'lib/bettercap/firewalls/bsd.rb', line 55 def enable(enabled) Shell.execute("pfctl -#{enabled ? 'e' : 'd'} >/dev/null 2>&1") rescue end |
#enable_forwarding(enabled) ⇒ Object
If enabled
is true will enable packet forwarding, otherwise it will disable it.
24 25 26 |
# File 'lib/bettercap/firewalls/bsd.rb', line 24 def enable_forwarding(enabled) Shell.execute("sysctl -w net.inet.ip.forwarding=#{enabled ? 1 : 0}") end |
#enable_icmp_bcast(enabled) ⇒ Object
If enabled
is true will enable packet icmp_echo_ignore_broadcasts, otherwise it will disable it.
36 37 38 |
# File 'lib/bettercap/firewalls/bsd.rb', line 36 def enable_icmp_bcast(enabled) Shell.execute("sysctl -w net.inet.icmp.bmcastecho=#{enabled ? 1 : 0}") end |
#enable_ipv6_forwarding(enabled) ⇒ Object
If enabled
is true will enable packet forwarding, otherwise it will disable it.
30 31 32 |
# File 'lib/bettercap/firewalls/bsd.rb', line 30 def enable_ipv6_forwarding(enabled) Shell.execute("sysctl -w net.inet6.ip6.forwarding=#{enabled ? 1 : 0}") end |
#enable_send_redirects(enabled) ⇒ Object
This method is ignored on OSX.
51 |
# File 'lib/bettercap/firewalls/bsd.rb', line 51 def enable_send_redirects(enabled); end |