Class: BetterCap::Firewalls::OSX

Inherits:
Base
  • Object
show all
Defined in:
lib/bettercap/firewalls/osx.rb

Overview

OSX Firewall class.

Instance Method Summary collapse

Methods inherited from Base

#initialize, #restore

Constructor Details

This class inherits a constructor from BetterCap::Firewalls::Base

Instance Method Details

#add_port_redirection(r) ⇒ Object

Apply the r BetterCap::Firewalls::Redirection port redirection object.


48
49
50
51
52
53
54
55
56
57
58
59
60
# File 'lib/bettercap/firewalls/osx.rb', line 48

def add_port_redirection( r )
  # create the pf config file
  config_file = "/tmp/bettercap_pf_#{Process.pid}.conf"

  File.open( config_file, 'a+t' ) do |f|
    f.write "rdr pass on #{r.interface} proto #{r.protocol} from any to any port #{r.src_port} -> #{r.dst_address} port #{r.dst_port}\n"
  end

  # load the rule
  Shell.execute("pfctl -f #{config_file} >/dev/null 2>&1")
  # enable pf
  enable true
end

#del_port_redirection(r) ⇒ Object

Remove the r BetterCap::Firewalls::Redirection port redirection object.


63
64
65
66
67
68
69
70
71
72
73
74
75
76
# File 'lib/bettercap/firewalls/osx.rb', line 63

def del_port_redirection( r )
  # FIXME: This should search for multiple rules inside the
  # file and remove only this one.

  # disable pf
  enable false

  begin
    # remove the pf config file
    File.delete( "/tmp/bettercap_pf_#{Process.pid}.conf" )
  rescue
  end

end

#enable(enabled) ⇒ Object

If enabled is true, the PF firewall will be enabled, otherwise it will be disabled.


41
42
43
44
45
# File 'lib/bettercap/firewalls/osx.rb', line 41

def enable(enabled)
  begin
    Shell.execute("pfctl -#{enabled ? 'e' : 'd'} >/dev/null 2>&1")
  rescue; end
end

#enable_forwarding(enabled) ⇒ Object

If enabled is true will enable packet forwarding, otherwise it will disable it.


21
22
23
# File 'lib/bettercap/firewalls/osx.rb', line 21

def enable_forwarding(enabled)
  Shell.execute("sysctl -w net.inet.ip.forwarding=#{enabled ? 1 : 0}")
end

#enable_icmp_bcast(enabled) ⇒ Object

If enabled is true will enable packet icmp_echo_ignore_broadcasts, otherwise it will disable it.


27
28
29
# File 'lib/bettercap/firewalls/osx.rb', line 27

def enable_icmp_bcast(enabled)
  Shell.execute("sysctl -w net.inet.icmp.bmcastecho=#{enabled ? 1 : 0}")
end

#enable_send_redirects(enabled) ⇒ Object

This method is ignored on OSX.


37
# File 'lib/bettercap/firewalls/osx.rb', line 37

def enable_send_redirects(enabled); end

#forwarding_enabled?Boolean

Return true if packet forwarding is currently enabled, otherwise false.

Returns:

  • (Boolean)

32
33
34
# File 'lib/bettercap/firewalls/osx.rb', line 32

def forwarding_enabled?
  Shell.execute('sysctl net.inet.ip.forwarding').strip.split(' ')[1] == '1'
end