Class: BetterCap::Firewalls::BSD

Inherits:

Base

• Object
• Base
• BetterCap::Firewalls::BSD

Defined in:

lib/bettercap/firewalls/bsd.rb

Overview

*BSD and OSX Firewall class.

Instance Method Summary

• #add_port_redirection(r) ⇒ Object

  Apply the r BetterCap::Firewalls::Redirection port redirection object.

• #del_port_redirection(r) ⇒ Object

  Remove the r BetterCap::Firewalls::Redirection port redirection object.

• #enable(enabled) ⇒ Object

  If enabled is true, the PF firewall will be enabled, otherwise it will be disabled.

• #enable_forwarding(enabled) ⇒ Object

  If enabled is true will enable packet forwarding, otherwise it will disable it.

• #enable_icmp_bcast(enabled) ⇒ Object

  If enabled is true will enable packet icmp_echo_ignore_broadcasts, otherwise it will disable it.

• #enable_send_redirects(enabled) ⇒ Object

  This method is ignored on OSX.

• #forwarding_enabled? ⇒ Boolean

  Return true if packet forwarding is currently enabled, otherwise false.

Methods inherited from Base

clear, get, #initialize, #restore

Constructor Details

This class inherits a constructor from BetterCap::Firewalls::Base

Instance Method Details

#add_port_redirection(r) ⇒ Object

Apply the r BetterCap::Firewalls::Redirection port redirection object.

# File 'lib/bettercap/firewalls/bsd.rb', line 47

def add_port_redirection( r )
  # create the pf config file
  config_file = "/tmp/bettercap_pf_#{Process.pid}.conf"

  File.open( config_file, 'a+t' ) do |f|
    f.write "rdr pass on #{r.interface} proto #{r.protocol} from any to #{r.src_address.nil? ? 'any' : r.src_address} port #{r.src_port} -> #{r.dst_address} port #{r.dst_port}\n"
  end

  # load the rule
  Shell.execute("pfctl -f #{config_file} >/dev/null 2>&1")
  # enable pf
  enable true
end

#del_port_redirection(r) ⇒ Object

Remove the r BetterCap::Firewalls::Redirection port redirection object.

# File 'lib/bettercap/firewalls/bsd.rb', line 62

def del_port_redirection( r )
  # FIXME: This should search for multiple rules inside the
  # file and remove only this one.

  # disable pf
  enable false

  begin
    # remove the pf config file
    File.delete( "/tmp/bettercap_pf_#{Process.pid}.conf" )
  rescue
  end

end

#enable(enabled) ⇒ Object

If enabled is true, the PF firewall will be enabled, otherwise it will be disabled.

# File 'lib/bettercap/firewalls/bsd.rb', line 40

def enable(enabled)
  begin
    Shell.execute("pfctl -#{enabled ? 'e' : 'd'} >/dev/null 2>&1")
  rescue; end
end

#enable_forwarding(enabled) ⇒ Object

If enabled is true will enable packet forwarding, otherwise it will disable it.

# File 'lib/bettercap/firewalls/bsd.rb', line 20

def enable_forwarding(enabled)
  Shell.execute("sysctl -w net.inet.ip.forwarding=#{enabled ? 1 : 0}")
end

#enable_icmp_bcast(enabled) ⇒ Object

If enabled is true will enable packet icmp_echo_ignore_broadcasts, otherwise it will disable it.

# File 'lib/bettercap/firewalls/bsd.rb', line 26

def enable_icmp_bcast(enabled)
  Shell.execute("sysctl -w net.inet.icmp.bmcastecho=#{enabled ? 1 : 0}")
end

#enable_send_redirects(enabled) ⇒ Object

This method is ignored on OSX.

# File 'lib/bettercap/firewalls/bsd.rb', line 36

def enable_send_redirects(enabled); end

#forwarding_enabled? ⇒ Boolean

Return true if packet forwarding is currently enabled, otherwise false.

Returns:

• (Boolean)

# File 'lib/bettercap/firewalls/bsd.rb', line 31

def forwarding_enabled?
  Shell.execute('sysctl net.inet.ip.forwarding').strip.split(' ')[1] == '1'
end