Class: BetterCap::Firewalls::Linux

Inherits:

Base

• Object
• Base
• BetterCap::Firewalls::Linux

Defined in:

lib/bettercap/firewalls/linux.rb

Overview

Linux firewall class.

Constant Summary

IPV4_PATH =

"/proc/sys/net/ipv4"

IP_FORWARD_PATH =

IPV4_PATH + "/ip_forward"

ICMP_BCAST_PATH =

IPV4_PATH + "/icmp_echo_ignore_broadcasts"

SEND_REDIRECTS_PATH =

IPV4_PATH + "/conf/all/send_redirects"

Instance Method Summary

• #add_port_redirection(r) ⇒ Object

  Apply the r BetterCap::Firewalls::Redirection port redirection object.

• #del_port_redirection(r) ⇒ Object

  Remove the r BetterCap::Firewalls::Redirection port redirection object.

• #enable_forwarding(enabled) ⇒ Object

  If enabled is true will enable packet forwarding, otherwise it will disable it.

• #enable_icmp_bcast(enabled) ⇒ Object

  If enabled is true will enable packet icmp_echo_ignore_broadcasts, otherwise it will disable it.

• #enable_send_redirects(enabled) ⇒ Object

  If enabled is true will enable send_redirects, otherwise it will disable it.

• #forwarding_enabled? ⇒ Boolean

  Return true if packet forwarding is currently enabled, otherwise false.

Methods inherited from Base

clear, get, #initialize, #restore

Constructor Details

This class inherits a constructor from BetterCap::Firewalls::Base

Instance Method Details

#add_port_redirection(r) ⇒ Object

Apply the r BetterCap::Firewalls::Redirection port redirection object.

# File 'lib/bettercap/firewalls/linux.rb', line 47

def add_port_redirection( r )
  # post route
  Shell.execute('iptables -t nat -I POSTROUTING -s 0/0 -j MASQUERADE')
  # accept all
  Shell.execute('iptables -P FORWARD ACCEPT')
  # add redirection
  Shell.execute("iptables -t nat -A PREROUTING -i #{r.interface} -p #{r.protocol} #{r.src_address.nil? ? '' : "-d #{r.src_address}"} --dport #{r.src_port} -j DNAT --to #{r.dst_address}:#{r.dst_port}")
end

#del_port_redirection(r) ⇒ Object

Remove the r BetterCap::Firewalls::Redirection port redirection object.

# File 'lib/bettercap/firewalls/linux.rb', line 57

def del_port_redirection( r )
  # remove post route
  Shell.execute('iptables -t nat -D POSTROUTING -s 0/0 -j MASQUERADE')
  # remove redirection
  Shell.execute("iptables -t nat -D PREROUTING -i #{r.interface} -p #{r.protocol} #{r.src_address.nil? ? '' : "-d #{r.src_address}"} --dport #{r.src_port} -j DNAT --to #{r.dst_address}:#{r.dst_port}")
end

#enable_forwarding(enabled) ⇒ Object

If enabled is true will enable packet forwarding, otherwise it will disable it.

# File 'lib/bettercap/firewalls/linux.rb', line 25

def enable_forwarding(enabled)
  File.open(IP_FORWARD_PATH,'w') { |f| f.puts "#{enabled ? 1 : 0}" }
end

#enable_icmp_bcast(enabled) ⇒ Object

If enabled is true will enable packet icmp_echo_ignore_broadcasts, otherwise it will disable it.

# File 'lib/bettercap/firewalls/linux.rb', line 36

def enable_icmp_bcast(enabled)
  File.open(ICMP_BCAST_PATH,'w') { |f| f.puts "#{enabled ? 1 : 0}" }
end

#enable_send_redirects(enabled) ⇒ Object

If enabled is true will enable send_redirects, otherwise it will disable it.

# File 'lib/bettercap/firewalls/linux.rb', line 42

def enable_send_redirects(enabled)
  File.open(SEND_REDIRECTS_PATH,'w') { |f| f.puts "#{enabled ? 1 : 0}" }
end

#forwarding_enabled? ⇒ Boolean

Return true if packet forwarding is currently enabled, otherwise false.

Returns:

• (Boolean)

# File 'lib/bettercap/firewalls/linux.rb', line 30

def forwarding_enabled?
  File.open(IP_FORWARD_PATH) { |f| f.read.strip == '1' }
end