Class: BetterCap::Firewalls::Linux

Inherits:
Base
  • Object
show all
Defined in:
lib/bettercap/firewalls/linux.rb

Overview

Linux firewall class.

Constant Summary collapse

IPV4_PATH =
"/proc/sys/net/ipv4"
IP_FORWARD_PATH =
IPV4_PATH + "/ip_forward"
ICMP_BCAST_PATH =
IPV4_PATH + "/icmp_echo_ignore_broadcasts"
SEND_REDIRECTS_PATH =
IPV4_PATH + "/conf/all/send_redirects"

Instance Method Summary collapse

Methods inherited from Base

clear, get, #initialize, #restore

Constructor Details

This class inherits a constructor from BetterCap::Firewalls::Base

Instance Method Details

#add_port_redirection(r) ⇒ Object

Apply the r BetterCap::Firewalls::Redirection port redirection object.


47
48
49
50
51
52
53
54
# File 'lib/bettercap/firewalls/linux.rb', line 47

def add_port_redirection( r )
  # post route
  Shell.execute('iptables -t nat -I POSTROUTING -s 0/0 -j MASQUERADE')
  # accept all
  Shell.execute('iptables -P FORWARD ACCEPT')
  # add redirection
  Shell.execute("iptables -t nat -A PREROUTING -i #{r.interface} -p #{r.protocol} #{r.src_address.nil? ? '' : "-d #{r.src_address}"} --dport #{r.src_port} -j DNAT --to #{r.dst_address}:#{r.dst_port}")
end

#del_port_redirection(r) ⇒ Object

Remove the r BetterCap::Firewalls::Redirection port redirection object.


57
58
59
60
61
62
# File 'lib/bettercap/firewalls/linux.rb', line 57

def del_port_redirection( r )
  # remove post route
  Shell.execute('iptables -t nat -D POSTROUTING -s 0/0 -j MASQUERADE')
  # remove redirection
  Shell.execute("iptables -t nat -D PREROUTING -i #{r.interface} -p #{r.protocol} #{r.src_address.nil? ? '' : "-d #{r.src_address}"} --dport #{r.src_port} -j DNAT --to #{r.dst_address}:#{r.dst_port}")
end

#enable_forwarding(enabled) ⇒ Object

If enabled is true will enable packet forwarding, otherwise it will disable it.


25
26
27
# File 'lib/bettercap/firewalls/linux.rb', line 25

def enable_forwarding(enabled)
  File.open(IP_FORWARD_PATH,'w') { |f| f.puts "#{enabled ? 1 : 0}" }
end

#enable_icmp_bcast(enabled) ⇒ Object

If enabled is true will enable packet icmp_echo_ignore_broadcasts, otherwise it will disable it.


36
37
38
# File 'lib/bettercap/firewalls/linux.rb', line 36

def enable_icmp_bcast(enabled)
  File.open(ICMP_BCAST_PATH,'w') { |f| f.puts "#{enabled ? 1 : 0}" }
end

#enable_send_redirects(enabled) ⇒ Object

If enabled is true will enable send_redirects, otherwise it will disable it.


42
43
44
# File 'lib/bettercap/firewalls/linux.rb', line 42

def enable_send_redirects(enabled)
  File.open(SEND_REDIRECTS_PATH,'w') { |f| f.puts "#{enabled ? 1 : 0}" }
end

#forwarding_enabled?Boolean

Return true if packet forwarding is currently enabled, otherwise false.

Returns:

  • (Boolean)

30
31
32
# File 'lib/bettercap/firewalls/linux.rb', line 30

def forwarding_enabled?
  File.open(IP_FORWARD_PATH) { |f| f.read.strip == '1' }
end