void kiptablesgenerator::setupInterfacesPage() { interfacesPage = new QFrame(this); QVBoxLayout *layout = new QVBoxLayout(interfacesPage); QLabel *intro = new QLabel(i18n( "<p>Which of the following interfaces do you want to filter?</p>" "<p>It is strongly advised <b>not</b> to filter '<tt>lo</tt>'.</p>"), interfacesPage); intro->show(); layout->addWidget(intro); KListBox *interfaces = new KListBox(interfacesPage); char buffer[IFNAMSIZ]; for(unsigned int i = 1; if_indextoname(i, buffer) != NULL; i++) { interfaces->insertItem((QString)buffer); } interfaces->setSelectionMode(QListBox::Multi); for (unsigned short i = 0; i < interfaces->count(); i++) if (interfaces->item(i)->text() != "lo") interfaces->setSelected(i, true); interfaces->show(); layout->addWidget(interfaces); namedWidgets["iInterfaces"] = interfaces; KPushButton *newInterface = new KPushButton(i18n("A&dd Interface..."), interfacesPage); newInterface->show(); layout->addWidget(newInterface); connect(newInterface, SIGNAL(clicked()), this, SLOT(slotNewInterface())); interfacesPage->show(); this->addPage(interfacesPage, i18n("Interfaces")); }
void kiptablesgenerator::accept() { QString rulesList; rulesList = "#!/bin/sh\n" + i18n("# Generated by KIptablesGenerator\n") + i18n("# Copyright (c) 2004 Fred Emmott <*****@*****.**>\n") + i18n("# See KIptablesGenerator for license information.\n") + i18n("# You probably want to make this a startup script, eg on\n") + i18n("# slackware you probably want to save this as /etc/rc.d/rc.firewall\n")+ "IPTABLES=/usr/sbin/iptables\n"; if (((QButtonGroup*) namedWidgets["incomingYesNo"])->selected()->name() == (QString) "yes") { if ( ((KComboBox*) namedWidgets["incomingPolicy"])->currentItem() == 0) rulesList += "$IPTABLES -P INPUT ACCEPT\n"; else rulesList += "$IPTABLES -P INPUT DROP\n"; KListBox* interfaces = (KListBox*) namedWidgets["iInterfaces"]; for (unsigned int i = 0; i < interfaces->count(); i++) { QListBoxItem* interface = interfaces->item(i); if (! interface->isSelected()) rulesList += QString("$IPTABLES -A INPUT -i %1 -j ACCEPT\n").arg(interface->text()); } KListView* hosts = (KListView*) namedWidgets["hostsList"]; QListViewItem* host = hosts->firstChild(); while (host) { QString accept = host->text(0), ipOrMAC = host->text(1), address = host->text(2), action; accept == i18n("Allow") ? action = "ACCEPT" : action = "DROP"; ipOrMAC == i18n("IP") ? rulesList += QString("$IPTABLES -A INPUT -s %1 -j %2\n").arg(address).arg(action) : rulesList += QString("$IPTABLES -A INPUT -m mac --mac-source %1 -j %2\n").arg(address).arg(action); host = host->nextSibling(); } if (((QCheckBox *) namedWidgets["iCheckLocalSpoof"])->isChecked()) rulesList += "$IPTABLES -A INPUT ! -i lo -d 127.0.0.0/8 -j DROP\n"; if (((QCheckBox *) namedWidgets["iSynFloodProtect"])->isChecked()) { rulesList += "$IPTABLES -N Flood-Scan\n"; rulesList += "$IPTABLES -A INPUT -p tcp -m tcp --syn -j Flood-Scan\n"; rulesList += "$IPTABLES -A Flood-Scan -m limit --limit 1/s --limit-burst 20 -j RETURN\n"; rulesList += "$IPTABLES -A Flood-Scan -j DROP\n"; } if (((QCheckBox *) namedWidgets["iCheckSyn"])->isChecked()) rulesList += "$IPTABLES -A INPUT -p tcp -m tcp ! --syn -m conntrack --ctstate NEW -j DROP\n"; if (((QCheckBox *) namedWidgets["iCheckSynFin"])->isChecked()) rulesList += "$IPTABLES -A INPUT -p tcp -m tcp --tcp-flags SYN,FIN SYN,FIN -j DROP\n"; if ( ((QCheckBox*) namedWidgets["iConntrackAllSame"])->isChecked() ) { if ( ((QCheckBox*) namedWidgets["iConntrackAllEstablished"])->isChecked() ) rulesList += "$IPTABLES -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT\n"; if ( ((QCheckBox*) namedWidgets["iConntrackAllRelated"])->isChecked() ) rulesList += "$IPTABLES -A INPUT -m conntrack --ctstate RELATED -j ACCEPT\n"; if ( ((QCheckBox*) namedWidgets["iConntrackAllNew"])->isChecked() ) rulesList += "$IPTABLES -A INPUT -m conntrack --ctstate NEW -j ACCEPT\n"; } else { if ( ((QCheckBox*) namedWidgets["iConntrackTcpEstablished"])->isChecked() ) rulesList += "$IPTABLES -A INPUT -p tcp -m conntrack --ctstate ESTABLISHED -j ACCEPT\n"; if ( ((QCheckBox*) namedWidgets["iConntrackTcpRelated"])->isChecked() ) rulesList += "$IPTABLES -A INPUT -p tcp -m conntrack --ctstate RELATED -j ACCEPT\n"; if ( ((QCheckBox*) namedWidgets["iConntrackTcpNew"])->isChecked() ) rulesList += "$IPTABLES -A INPUT -p tcp -m conntrack --ctstate NEW -j ACCEPT\n"; if ( ((QCheckBox*) namedWidgets["iConntrackUdpEstablished"])->isChecked() ) rulesList += "$IPTABLES -A INPUT -p udp -m conntrack --ctstate ESTABLISHED -j ACCEPT\n"; if ( ((QCheckBox*) namedWidgets["iConntrackUdpRelated"])->isChecked() ) rulesList += "$IPTABLES -A INPUT -p udp -m conntrack --ctstate RELATED -j ACCEPT\n"; if ( ((QCheckBox*) namedWidgets["iConntrackUdpNew"])->isChecked() ) rulesList += "$IPTABLES -A INPUT -p udp -m conntrack --ctstate NEW -j ACCEPT\n"; if ( ((QCheckBox*) namedWidgets["iConntrackICMPEstablished"])->isChecked() ) rulesList += "$IPTABLES -A INPUT -p icmp -m conntrack --ctstate ESTABLISHED -j ACCEPT\n"; if ( ((QCheckBox*) namedWidgets["iConntrackICMPRelated"])->isChecked() ) rulesList += "$IPTABLES -A INPUT -p icmp -m conntrack --ctstate RELATED -j ACCEPT\n"; if ( ((QCheckBox*) namedWidgets["iConntrackICMPNew"])->isChecked() ) rulesList += "$IPTABLES -A INPUT -p icmp -m conntrack --ctstate NEW -j ACCEPT\n"; } KListView* services = (KListView*) namedWidgets["iPorts"]; QListViewItem* service = services->firstChild(); while (service) { // columns: portNumber, protoName, action, portName QString portNumber = service->text(0), protocol = service->text(1), action = service->text(2), portName = service->text(3); action == i18n("Accept") ? action = "ACCEPT" : action = "DROP"; if (protocol == i18n("TCP & UDP") || protocol == i18n("TCP")) rulesList += QString("$IPTABLES -A INPUT -p tcp -m tcp --dport %1 -j %2\n").arg(portNumber).arg(action); if (protocol == i18n("TCP & UDP") || protocol == i18n("UDP")) rulesList += QString("$IPTABLES -A INPUT -p udp -m udp --dport %1 -j %2\n").arg(portNumber).arg(action); if (protocol == i18n("ICMP")) rulesList += QString("$IPTABLES -A INPUT -p icmp -m icmp --icmp-type %1 -j %2\n").arg(portName).arg(action); service = service->nextSibling(); } KListView* forwards = (KListView*) namedWidgets["forwardsList"]; QListViewItem* forward = forwards->firstChild(); while (forward) { QString direction = forward->text(0), localPort = forward->text(1), destination = forward->text(2); direction == i18n("Incoming") ? rulesList += QString("$IPTABLES -t nat -A PREROUTING -p tcp -m tcp --dport %1 -j DNAT --to %2\n").arg(localPort).arg(destination) : rulesList += QString("$IPTABLES -t nat -A OUTPUT -p tcp -m tcp --dport %1 -j DNAT --to %2\n").arg(localPort).arg(destination); forward = forward->nextSibling(); } } this->hide(); rulesDialog = new RulesDialog(this,(char*) 0, &rulesList); rulesDialog->show(); connect(rulesDialog, SIGNAL(closeClicked()), this, SLOT(slotShownRules())); }