include/wvipfirewall.h

   1 /* -*- Mode: C++ -*-
   2  * Worldvisions Weaver Software:
   3  *   Copyright (C) 1997-2002 Net Integration Technologies, Inc.
   4  *
   5  * WvIPFirewall is an extremely simple hackish class that handles the Linux
   6  * 2.4 "iptables" firewall.  It's okay to create more than one instance
   7  * of this class; they'll co-operate.
   8  *
   9  * They need you to have created the appropriate firewall tables already,
  10  * however, and call them from the right places in the Input and/or Forward
  11  * firewalls.
  12  */
  13 #ifndef __WVIPFIREWALL_H
  14 #define __WVIPFIREWALL_H
  15
  16 #include "wvinterface.h"
  17 #include "wvstringlist.h"
  18 #include "wvaddr.h"
  19
  20
  21 DeclareWvList(WvIPPortAddr);
  22 class IWvIPFirewall
  23 {
  24 public:
  25     virtual ~IWvIPFirewall() { }
  26     virtual void zap() = 0;
  27     virtual void add_port(const WvIPPortAddr &addr) = 0;
  28     virtual void add_redir(const WvIPPortAddr &src, int dstport) = 0;
  29     virtual void add_redir_all(int dstport) = 0;
  30     virtual void add_redir_port_range(const WvIPPortAddr &src_min,
  31             const WvIPPortAddr &src_max, int dstport) = 0;
  32     virtual void add_proto(WvStringParm proto) = 0;
  33     virtual void add_forward(const WvIPPortAddr &src, const WvIPPortAddr &dst,
  34             bool snat) = 0;
  35
  36     virtual void del_port(const WvIPPortAddr &addr) = 0;
  37     virtual void del_redir(const WvIPPortAddr &src, int dstport) = 0;
  38     virtual void del_redir_all(int dstport) = 0;
  39     virtual void del_redir_port_range(const WvIPPortAddr &src_min,
  40             const WvIPPortAddr &src_max, int dstport) = 0;
  41     virtual void del_proto(WvStringParm proto) = 0;
  42     virtual void del_forward(const WvIPPortAddr &src, const WvIPPortAddr &dst,
  43             bool snat) = 0;
  44 };
  45
  46 /** Class to handle Linux 2.4 IPTables */
  47 class WvIPFirewall : public IWvIPFirewall
  48 {
  49     class FFwd
  50     {
  51     public:
  52         WvIPPortAddr src;
  53         WvIPPortAddr dst;
  54         bool snat;
  55
  56         FFwd(const WvIPPortAddr &_src, const WvIPPortAddr &_dst, bool _snat) : src(_src), dst(_dst)
  57             { snat = _snat; }
  58     };
  59
  60     class Redir
  61     {
  62     public:
  63         WvIPPortAddr src;
  64         int dstport;
  65
  66         Redir(const WvIPPortAddr &_src, int _dstport) : src(_src)
  67             { dstport = _dstport; }
  68     };
  69
  70     class RedirAll
  71     {
  72     public:
  73         int dstport;
  74
  75         RedirAll(int _dstport)
  76             { dstport = _dstport; }
  77     };
  78
  79     class RedirPortRange
  80     {
  81     public:
  82         WvIPPortAddr src_min;
  83         WvIPPortAddr src_max;
  84         int dstport;
  85
  86         RedirPortRange(const WvIPPortAddr &_src_min,
  87                 const WvIPPortAddr &_src_max, int _dstport)
  88             : src_min(_src_min), src_max(_src_max)
  89             { dstport = _dstport; }
  90     };
  91
  92     DeclareWvList(FFwd);
  93     DeclareWvList(Redir);
  94     DeclareWvList(RedirAll);
  95     DeclareWvList(RedirPortRange);
  96
  97     FFwdList ffwds;
  98     RedirList redirs;
  99     RedirAllList redir_alls;
 100     RedirPortRangeList redir_port_ranges;
 101
 102     WvIPPortAddrList addrs;
 103     WvStringList protos;
 104
 105     WvString port_command(const char *cmd, const char *proto,
 106                           const WvIPPortAddr &addr);
 107     WvString redir_command(const char *cmd,
 108                            const WvIPPortAddr &src, int dstport);
 109     WvString redir_port_range_command(const char *cmd,
 110         const WvIPPortAddr &src_min, const WvIPPortAddr &src_max, int dstport);
 111     WvString redir_all_command(const char *cmd, int dstport);
 112     WvString proto_command(const char *cmd, const char *proto);
 113     WvString forward_command(const char *cmd, const char *proto,
 114                              const WvIPPortAddr &src,
 115                              const WvIPPortAddr &dst, bool snat);
 116     WvLog log;
 117     const char *shutup() const
 118         { return ignore_errors ? " >/dev/null 2>/dev/null " : ""; }
 119
 120 public:
 121     WvIPFirewall();
 122     virtual ~WvIPFirewall();
 123
 124     static bool enable, ignore_errors;
 125
 126     virtual void zap();
 127     virtual void add_port(const WvIPPortAddr &addr);
 128     virtual void add_redir(const WvIPPortAddr &src, int dstport);
 129     virtual void add_redir_all(int dstport);
 130     virtual void add_redir_port_range(const WvIPPortAddr &src_min,
 131             const WvIPPortAddr &src_max, int dstport);
 132     virtual void add_proto(WvStringParm proto);
 133     virtual void add_forward(const WvIPPortAddr &src, const WvIPPortAddr &dst,
 134             bool snat);
 135     virtual void del_proto(WvStringParm proto);
 136     virtual void del_port(const WvIPPortAddr &addr);
 137     virtual void del_redir(const WvIPPortAddr &src, int dstport);
 138     virtual void del_forward(const WvIPPortAddr &src, const WvIPPortAddr &dst,
 139             bool snat);
 140     virtual void del_redir_all(int dstport);
 141     virtual void del_redir_port_range(const WvIPPortAddr &src_min,
 142             const WvIPPortAddr &src_max, int dstport);
 143 };
 144
 145 #endif // __WVIPFIREWALL_H