void kiptablesgenerator::setupInterfacesPage()
{
interfacesPage = new QFrame(this);
QVBoxLayout *layout = new QVBoxLayout(interfacesPage);
QLabel *intro = new QLabel(i18n(
"<p>Which of the following interfaces do you want to filter?</p>"
"<p>It is strongly advised <b>not</b> to filter '<tt>lo</tt>'.</p>"), interfacesPage);
intro->show();
layout->addWidget(intro);
KListBox *interfaces = new KListBox(interfacesPage);
char buffer[IFNAMSIZ];
for(unsigned int i = 1; if_indextoname(i, buffer) != NULL; i++)
{
interfaces->insertItem((QString)buffer);
}
interfaces->setSelectionMode(QListBox::Multi);
for (unsigned short i = 0; i < interfaces->count(); i++)
if (interfaces->item(i)->text() != "lo")
interfaces->setSelected(i, true);
interfaces->show();
layout->addWidget(interfaces);
namedWidgets["iInterfaces"] = interfaces;
KPushButton *newInterface = new KPushButton(i18n("A&dd Interface..."), interfacesPage);
newInterface->show();
layout->addWidget(newInterface);
connect(newInterface, SIGNAL(clicked()), this, SLOT(slotNewInterface()));
interfacesPage->show();
this->addPage(interfacesPage, i18n("Interfaces"));
}
void kiptablesgenerator::accept()
{
QString rulesList;
rulesList =
"#!/bin/sh\n" +
i18n("# Generated by KIptablesGenerator\n") +
i18n("# Copyright (c) 2004 Fred Emmott <*****@*****.**>\n") +
i18n("# See KIptablesGenerator for license information.\n") +
i18n("# You probably want to make this a startup script, eg on\n") +
i18n("# slackware you probably want to save this as /etc/rc.d/rc.firewall\n")+
"IPTABLES=/usr/sbin/iptables\n";
if (((QButtonGroup*) namedWidgets["incomingYesNo"])->selected()->name() == (QString) "yes")
{
if ( ((KComboBox*) namedWidgets["incomingPolicy"])->currentItem() == 0)
rulesList += "$IPTABLES -P INPUT ACCEPT\n";
else
rulesList += "$IPTABLES -P INPUT DROP\n";
KListBox* interfaces = (KListBox*) namedWidgets["iInterfaces"];
for (unsigned int i = 0; i < interfaces->count(); i++)
{
QListBoxItem* interface = interfaces->item(i);
if (! interface->isSelected())
rulesList += QString("$IPTABLES -A INPUT -i %1 -j ACCEPT\n").arg(interface->text());
}
KListView* hosts = (KListView*) namedWidgets["hostsList"];
QListViewItem* host = hosts->firstChild();
while (host)
{
QString
accept = host->text(0),
ipOrMAC = host->text(1),
address = host->text(2),
action;
accept == i18n("Allow")
? action = "ACCEPT"
: action = "DROP";
ipOrMAC == i18n("IP")
? rulesList += QString("$IPTABLES -A INPUT -s %1 -j %2\n").arg(address).arg(action)
: rulesList += QString("$IPTABLES -A INPUT -m mac --mac-source %1 -j %2\n").arg(address).arg(action);
host = host->nextSibling();
}
if (((QCheckBox *) namedWidgets["iCheckLocalSpoof"])->isChecked())
rulesList += "$IPTABLES -A INPUT ! -i lo -d 127.0.0.0/8 -j DROP\n";
if (((QCheckBox *) namedWidgets["iSynFloodProtect"])->isChecked())
{
rulesList += "$IPTABLES -N Flood-Scan\n";
rulesList += "$IPTABLES -A INPUT -p tcp -m tcp --syn -j Flood-Scan\n";
rulesList += "$IPTABLES -A Flood-Scan -m limit --limit 1/s --limit-burst 20 -j RETURN\n";
rulesList += "$IPTABLES -A Flood-Scan -j DROP\n";
}
if (((QCheckBox *) namedWidgets["iCheckSyn"])->isChecked())
rulesList += "$IPTABLES -A INPUT -p tcp -m tcp ! --syn -m conntrack --ctstate NEW -j DROP\n";
if (((QCheckBox *) namedWidgets["iCheckSynFin"])->isChecked())
rulesList += "$IPTABLES -A INPUT -p tcp -m tcp --tcp-flags SYN,FIN SYN,FIN -j DROP\n";
if ( ((QCheckBox*) namedWidgets["iConntrackAllSame"])->isChecked() )
{
if ( ((QCheckBox*) namedWidgets["iConntrackAllEstablished"])->isChecked() )
rulesList += "$IPTABLES -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT\n";
if ( ((QCheckBox*) namedWidgets["iConntrackAllRelated"])->isChecked() )
rulesList += "$IPTABLES -A INPUT -m conntrack --ctstate RELATED -j ACCEPT\n";
if ( ((QCheckBox*) namedWidgets["iConntrackAllNew"])->isChecked() )
rulesList += "$IPTABLES -A INPUT -m conntrack --ctstate NEW -j ACCEPT\n";
}
else
{
if ( ((QCheckBox*) namedWidgets["iConntrackTcpEstablished"])->isChecked() )
rulesList += "$IPTABLES -A INPUT -p tcp -m conntrack --ctstate ESTABLISHED -j ACCEPT\n";
if ( ((QCheckBox*) namedWidgets["iConntrackTcpRelated"])->isChecked() )
rulesList += "$IPTABLES -A INPUT -p tcp -m conntrack --ctstate RELATED -j ACCEPT\n";
if ( ((QCheckBox*) namedWidgets["iConntrackTcpNew"])->isChecked() )
rulesList += "$IPTABLES -A INPUT -p tcp -m conntrack --ctstate NEW -j ACCEPT\n";
if ( ((QCheckBox*) namedWidgets["iConntrackUdpEstablished"])->isChecked() )
rulesList += "$IPTABLES -A INPUT -p udp -m conntrack --ctstate ESTABLISHED -j ACCEPT\n";
if ( ((QCheckBox*) namedWidgets["iConntrackUdpRelated"])->isChecked() )
rulesList += "$IPTABLES -A INPUT -p udp -m conntrack --ctstate RELATED -j ACCEPT\n";
if ( ((QCheckBox*) namedWidgets["iConntrackUdpNew"])->isChecked() )
rulesList += "$IPTABLES -A INPUT -p udp -m conntrack --ctstate NEW -j ACCEPT\n";
if ( ((QCheckBox*) namedWidgets["iConntrackICMPEstablished"])->isChecked() )
rulesList += "$IPTABLES -A INPUT -p icmp -m conntrack --ctstate ESTABLISHED -j ACCEPT\n";
if ( ((QCheckBox*) namedWidgets["iConntrackICMPRelated"])->isChecked() )
rulesList += "$IPTABLES -A INPUT -p icmp -m conntrack --ctstate RELATED -j ACCEPT\n";
if ( ((QCheckBox*) namedWidgets["iConntrackICMPNew"])->isChecked() )
rulesList += "$IPTABLES -A INPUT -p icmp -m conntrack --ctstate NEW -j ACCEPT\n";
}
KListView* services = (KListView*) namedWidgets["iPorts"];
QListViewItem* service = services->firstChild();
while (service)
{
// columns: portNumber, protoName, action, portName
QString
portNumber = service->text(0),
protocol = service->text(1),
action = service->text(2),
portName = service->text(3);
action == i18n("Accept") ? action = "ACCEPT" : action = "DROP";
if (protocol == i18n("TCP & UDP") || protocol == i18n("TCP"))
rulesList += QString("$IPTABLES -A INPUT -p tcp -m tcp --dport %1 -j %2\n").arg(portNumber).arg(action);
if (protocol == i18n("TCP & UDP") || protocol == i18n("UDP"))
rulesList += QString("$IPTABLES -A INPUT -p udp -m udp --dport %1 -j %2\n").arg(portNumber).arg(action);
if (protocol == i18n("ICMP"))
rulesList += QString("$IPTABLES -A INPUT -p icmp -m icmp --icmp-type %1 -j %2\n").arg(portName).arg(action);
service = service->nextSibling();
}
KListView* forwards = (KListView*) namedWidgets["forwardsList"];
QListViewItem* forward = forwards->firstChild();
while (forward)
{
QString
direction = forward->text(0),
localPort = forward->text(1),
destination = forward->text(2);
direction == i18n("Incoming")
? rulesList += QString("$IPTABLES -t nat -A PREROUTING -p tcp -m tcp --dport %1 -j DNAT --to %2\n").arg(localPort).arg(destination)
: rulesList += QString("$IPTABLES -t nat -A OUTPUT -p tcp -m tcp --dport %1 -j DNAT --to %2\n").arg(localPort).arg(destination);
forward = forward->nextSibling();
}
}
this->hide();
rulesDialog = new RulesDialog(this,(char*) 0, &rulesList);
rulesDialog->show();
connect(rulesDialog, SIGNAL(closeClicked()), this, SLOT(slotShownRules()));
}
