Class: BetterCap::Firewalls::Linux
- Defined in:
- lib/bettercap/firewalls/linux.rb
Overview
Linux firewall class.
Constant Summary collapse
- IPV4_PATH =
"/proc/sys/net/ipv4"- IP_FORWARD_PATH =
IPV4_PATH + "/ip_forward"
- ICMP_BCAST_PATH =
IPV4_PATH + "/icmp_echo_ignore_broadcasts"
- SEND_REDIRECTS_PATH =
IPV4_PATH + "/conf/all/send_redirects"
- IPV6_PATH =
"/proc/sys/net/ipv6"- IPV6_FORWARD_PATH =
IPV6_PATH + "/conf/all/forwarding"
Instance Method Summary collapse
-
#add_port_redirection(r, use_ipv6) ⇒ Object
Apply the
rBetterCap::Firewalls::Redirection port redirection object. -
#del_port_redirection(r, use_ipv6) ⇒ Object
Remove the
rBetterCap::Firewalls::Redirection port redirection object. -
#enable_forwarding(enabled) ⇒ Object
If
enabledis true will enable packet forwarding, otherwise it will disable it. -
#enable_icmp_bcast(enabled) ⇒ Object
If
enabledis true will enable packet icmp_echo_ignore_broadcasts, otherwise it will disable it. -
#enable_ipv6_forwarding(enabled) ⇒ Object
If
enabledis true will enable packet forwarding, otherwise it will disable it. -
#enable_send_redirects(enabled) ⇒ Object
If
enabledis true will enable send_redirects, otherwise it will disable it. -
#forwarding_enabled? ⇒ Boolean
Return true if packet forwarding is currently enabled, otherwise false.
-
#ipv6_forwarding_enabled? ⇒ Boolean
Return true if packet forwarding for IPv6 is currently enabled, otherwise false.
- #supported? ⇒ Boolean
Methods inherited from Base
clear, get, #initialize, #restore
Constructor Details
This class inherits a constructor from BetterCap::Firewalls::Base
Instance Method Details
#add_port_redirection(r, use_ipv6) ⇒ Object
Apply the r BetterCap::Firewalls::Redirection port redirection object.
67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 |
# File 'lib/bettercap/firewalls/linux.rb', line 67 def add_port_redirection( r, use_ipv6 ) table = 'iptables' cal_dst_address = r.dst_address if use_ipv6 table = 'ip6tables' # Prevent sending out ICMPv6 Redirect packets. Shell.execute("#{table} -I OUTPUT -p icmpv6 --icmpv6-type redirect -j DROP") # Ipv6 uses a different ip + port representation cal_dst_address = "[#{r.dst_address}]" end # accept all Shell.execute("#{table} -P FORWARD ACCEPT") # add redirection Shell.execute("#{table} -t nat -A PREROUTING -i #{r.interface} -p #{r.protocol} #{r.src_address.nil? ? '' : "-d #{r.src_address}"} --dport #{r.src_port} -j DNAT --to #{cal_dst_address}:#{r.dst_port}") end |
#del_port_redirection(r, use_ipv6) ⇒ Object
Remove the r BetterCap::Firewalls::Redirection port redirection object.
85 86 87 88 89 90 91 92 93 94 95 |
# File 'lib/bettercap/firewalls/linux.rb', line 85 def del_port_redirection( r, use_ipv6 ) table = 'iptables' cal_dst_address = r.dst_address if use_ipv6 table = 'ip6tables' # Ipv6 uses a different ip + port representation cal_dst_address = "[#{r.dst_address}]" end # remove redirection Shell.execute("#{table} -t nat -D PREROUTING -i #{r.interface} -p #{r.protocol} #{r.src_address.nil? ? '' : "-d #{r.src_address}"} --dport #{r.src_port} -j DNAT --to #{cal_dst_address}:#{r.dst_port}") end |
#enable_forwarding(enabled) ⇒ Object
If enabled is true will enable packet forwarding, otherwise it will disable it.
39 40 41 |
# File 'lib/bettercap/firewalls/linux.rb', line 39 def enable_forwarding(enabled) File.open(IP_FORWARD_PATH,'w') { |f| f.puts "#{enabled ? 1 : 0}" } end |
#enable_icmp_bcast(enabled) ⇒ Object
If enabled is true will enable packet icmp_echo_ignore_broadcasts, otherwise it will disable it.
56 57 58 |
# File 'lib/bettercap/firewalls/linux.rb', line 56 def enable_icmp_bcast(enabled) File.open(ICMP_BCAST_PATH,'w') { |f| f.puts "#{enabled ? 1 : 0}" } end |
#enable_ipv6_forwarding(enabled) ⇒ Object
If enabled is true will enable packet forwarding, otherwise it will disable it.
33 34 35 |
# File 'lib/bettercap/firewalls/linux.rb', line 33 def enable_ipv6_forwarding(enabled) File.open(IPV6_FORWARD_PATH,'w') { |f| f.puts "#{enabled ? 1 : 0}"} end |
#enable_send_redirects(enabled) ⇒ Object
If enabled is true will enable send_redirects, otherwise it will disable it.
62 63 64 |
# File 'lib/bettercap/firewalls/linux.rb', line 62 def enable_send_redirects(enabled) File.open(SEND_REDIRECTS_PATH,'w') { |f| f.puts "#{enabled ? 1 : 0}" } end |
#forwarding_enabled? ⇒ Boolean
Return true if packet forwarding is currently enabled, otherwise false.
44 45 46 |
# File 'lib/bettercap/firewalls/linux.rb', line 44 def forwarding_enabled? File.open(IP_FORWARD_PATH) { |f| f.read.strip == '1' } end |
#ipv6_forwarding_enabled? ⇒ Boolean
Return true if packet forwarding for IPv6 is currently enabled, otherwise false.
49 50 51 |
# File 'lib/bettercap/firewalls/linux.rb', line 49 def ipv6_forwarding_enabled? File.open(IPV6_FORWARD_PATH) { |f| f.read.strip == '1' } end |
#supported? ⇒ Boolean
26 27 28 29 |
# File 'lib/bettercap/firewalls/linux.rb', line 26 def supported? # Avoids stuff like this https://github.com/evilsocket/bettercap/issues/341 File.file?(IP_FORWARD_PATH) end |