Class: BetterCap::Firewalls::BSD

Inherits:
Base
  • Object
show all
Defined in:
lib/bettercap/firewalls/bsd.rb

Overview

*BSD and OSX Firewall class.

Instance Method Summary collapse

Methods inherited from Base

clear, get, #initialize, #restore

Constructor Details

This class inherits a constructor from BetterCap::Firewalls::Base

Instance Method Details

#add_port_redirection(r) ⇒ Object

Apply the r BetterCap::Firewalls::Redirection port redirection object.


47
48
49
50
51
52
53
54
55
56
57
58
59
# File 'lib/bettercap/firewalls/bsd.rb', line 47

def add_port_redirection( r )
  # create the pf config file
  config_file = "/tmp/bettercap_pf_#{Process.pid}.conf"

  File.open( config_file, 'a+t' ) do |f|
    f.write "rdr pass on #{r.interface} proto #{r.protocol} from any to #{r.src_address.nil? ? 'any' : r.src_address} port #{r.src_port} -> #{r.dst_address} port #{r.dst_port}\n"
  end

  # load the rule
  Shell.execute("pfctl -f #{config_file} >/dev/null 2>&1")
  # enable pf
  enable true
end

#del_port_redirection(r) ⇒ Object

Remove the r BetterCap::Firewalls::Redirection port redirection object.


62
63
64
65
66
67
68
69
70
71
72
73
74
75
# File 'lib/bettercap/firewalls/bsd.rb', line 62

def del_port_redirection( r )
  # FIXME: This should search for multiple rules inside the
  # file and remove only this one.

  # disable pf
  enable false

  begin
    # remove the pf config file
    File.delete( "/tmp/bettercap_pf_#{Process.pid}.conf" )
  rescue
  end

end

#enable(enabled) ⇒ Object

If enabled is true, the PF firewall will be enabled, otherwise it will be disabled.


40
41
42
43
44
# File 'lib/bettercap/firewalls/bsd.rb', line 40

def enable(enabled)
  begin
    Shell.execute("pfctl -#{enabled ? 'e' : 'd'} >/dev/null 2>&1")
  rescue; end
end

#enable_forwarding(enabled) ⇒ Object

If enabled is true will enable packet forwarding, otherwise it will disable it.


20
21
22
# File 'lib/bettercap/firewalls/bsd.rb', line 20

def enable_forwarding(enabled)
  Shell.execute("sysctl -w net.inet.ip.forwarding=#{enabled ? 1 : 0}")
end

#enable_icmp_bcast(enabled) ⇒ Object

If enabled is true will enable packet icmp_echo_ignore_broadcasts, otherwise it will disable it.


26
27
28
# File 'lib/bettercap/firewalls/bsd.rb', line 26

def enable_icmp_bcast(enabled)
  Shell.execute("sysctl -w net.inet.icmp.bmcastecho=#{enabled ? 1 : 0}")
end

#enable_send_redirects(enabled) ⇒ Object

This method is ignored on OSX.


36
# File 'lib/bettercap/firewalls/bsd.rb', line 36

def enable_send_redirects(enabled); end

#forwarding_enabled?Boolean

Return true if packet forwarding is currently enabled, otherwise false.

Returns:

  • (Boolean)

31
32
33
# File 'lib/bettercap/firewalls/bsd.rb', line 31

def forwarding_enabled?
  Shell.execute('sysctl net.inet.ip.forwarding').strip.split(' ')[1] == '1'
end