onkelbeh
/
fwbuilder
mirror of https://github.com/fwbuilder/fwbuilder
1
0
Fork 0
Code Issues Releases Wiki Activity

ip(6)-tables-translaste for nftables transition 

Replace ip(6)tables with ip(6)tables-translate to enable transition to
nftables and extend lifetime of software.
Add nftables compatible configlets for reset and stop of firewall.
This commit is contained in:
haubentaucher 2023-05-03 09:09:08 +02:00
parent 0f4bb17113
commit b148847230
12 changed files with 2047 additions and 1719 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
src/iptlib/CompilerDriver_ipt_run.cpp
View File

@ -708,18 +708,33 @@ QString CompilerDriver_ipt::run(const std::string &cluster_id,
Configlet stop_action(fw, "linux24", "stop_action");
stop_action.collapseEmptyStrings(true);
stop_action.setVariable("have_ipv4", have_ipv4);
stop_action.setVariable("have_ipv6", have_ipv6);
if (options->getBool("use_iptables_translate")) {
Configlet stop_action(fw, "linux24", "stop_action_nft");
if (XMLTools::version_compare(fw_version, "1.4.20") >= 0)
stop_action.setVariable("opt_wait", "-w");
else
stop_action.setVariable("opt_wait", "");
stop_action.collapseEmptyStrings(true);
stop_action.setVariable("have_ipv4", have_ipv4);
stop_action.setVariable("have_ipv6", have_ipv6);
script_skeleton.setVariable("stop_action", stop_action.expand());
if (XMLTools::version_compare(fw_version, "1.4.20") >= 0)
stop_action.setVariable("opt_wait", "-w");
else
stop_action.setVariable("opt_wait", "");
script_skeleton.setVariable("stop_action", stop_action.expand());
} else {
Configlet stop_action(fw, "linux24", "stop_action");
stop_action.collapseEmptyStrings(true);
stop_action.setVariable("have_ipv4", have_ipv4);
stop_action.setVariable("have_ipv6", have_ipv6);
if (XMLTools::version_compare(fw_version, "1.4.20") >= 0)
stop_action.setVariable("opt_wait", "-w");
else
stop_action.setVariable("opt_wait", "");
script_skeleton.setVariable("stop_action", stop_action.expand());
}
Configlet status_action(fw, "linux24", "status_action");
status_action.collapseEmptyStrings(true);

34
src/iptlib/NATCompiler_PrintRule.cpp
View File

@ -115,6 +115,7 @@ void NATCompiler_ipt::PrintRule::initialize()
string NATCompiler_ipt::PrintRule::_createChain(const string &chain)
{
NATCompiler_ipt *ipt_comp = dynamic_cast<NATCompiler_ipt*>(compiler);
FWOptions* options = ipt_comp->fw->getOptionsObject();
ostringstream res;
if (!minus_n_tracker_initialized) initializeMinusNTracker();
@ -128,7 +129,12 @@ string NATCompiler_ipt::PrintRule::_createChain(const string &chain)
else
opt_wait = "";
string ipt_cmd = (ipt_comp->ipv6) ? "$IP6TABLES " : "$IPTABLES ";
string ipt_cmd;// = (ipt_comp->ipv6) ? "$IP6TABLES " : "$IPTABLES ";
if(options->getBool("use_iptables_translate")) {
ipt_cmd = (ipt_comp->ipv6) ? "$IP6TABLES_TRANSLATE " : "$($IPTABLES_TRANSLATE ";
} else {
ipt_cmd = (ipt_comp->ipv6) ? "$IP6TABLES " : "$IPTABLES ";
}
res << ipt_cmd << opt_wait << "-t nat -N " << chain << endl;
(*(ipt_comp->minus_n_commands))[chain] = true;
}
@ -138,7 +144,15 @@ string NATCompiler_ipt::PrintRule::_createChain(const string &chain)
string NATCompiler_ipt::PrintRule::_startRuleLine()
{
NATCompiler_ipt *ipt_comp = dynamic_cast<NATCompiler_ipt*>(compiler);
string res = (ipt_comp->ipv6) ? "$IP6TABLES " : "$IPTABLES ";
FWOptions* options = ipt_comp->fw->getOptionsObject();
string res;// = (ipt_comp->ipv6) ? "$IP6TABLES " : "$IPTABLES ";
if(options->getBool("use_iptables_translate")) {
res = (ipt_comp->ipv6) ? "$IP6TABLES_TRANSLATE " : "$($IPTABLES_TRANSLATE ";
} else {
res = (ipt_comp->ipv6) ? "$IP6TABLES " : "$IPTABLES ";
}
string opt_wait;
@ -147,12 +161,24 @@ string NATCompiler_ipt::PrintRule::_startRuleLine()
else
opt_wait = "";
return res + opt_wait + string("-t nat -A ");
res += opt_wait + string("-t nat -A ");
return res;
}
string NATCompiler_ipt::PrintRule::_endRuleLine()
{
return string("\n");
NATCompiler_ipt *ipt_comp = dynamic_cast<NATCompiler_ipt*>(compiler);
FWOptions* options = ipt_comp->fw->getOptionsObject();
string res;
if(options->getBool("use_iptables_translate")) {
res = ")\n";
} else {
res = "\n";
}
return res;
}
string NATCompiler_ipt::PrintRule::_printRuleLabel(NATRule *rule)

27
src/iptlib/OSConfigurator_linux24.cpp
View File

@ -347,7 +347,7 @@ string OSConfigurator_linux24::printShellFunctions(bool have_ipv6)
configlet.setVariable("need_ipset", using_ipset);
configlet.setVariable("need_iptables_restore",
options->getBool("use_iptables_restore"));
options->getBool(" "));
configlet.setVariable("need_ip6tables_restore",
have_ipv6 && options->getBool("use_iptables_restore"));
@ -358,13 +358,29 @@ string OSConfigurator_linux24::printShellFunctions(bool have_ipv6)
* Generate commands to reset all tables and chains and set
* default policy
*/
Configlet reset_iptables(fw, "linux24", "reset_iptables");
if (XMLTools::version_compare(version, "1.4.20") >= 0)
if (options->getBool("use_iptables_translate")) {
qDebug("%s", "iptables-translate!");
Configlet reset_iptables(fw, "linux24", "reset_iptables_nft");
if (XMLTools::version_compare(version, "1.4.20") >= 0)
reset_iptables.setVariable("opt_wait", "-w");
else
reset_iptables.setVariable("opt_wait", "");
output.push_back(reset_iptables.expand());
} else {
Configlet reset_iptables(fw, "linux24", "reset_iptables");
if (XMLTools::version_compare(version, "1.4.20") >= 0)
reset_iptables.setVariable("opt_wait", "-w");
else
reset_iptables.setVariable("opt_wait", "");
output.push_back(reset_iptables.expand());
}
/* if (XMLTools::version_compare(version, "1.4.20") >= 0)
reset_iptables.setVariable("opt_wait", "-w");
else
reset_iptables.setVariable("opt_wait", "");
output.push_back(reset_iptables.expand());
output.push_back(reset_iptables.expand());*/
Configlet addr_conf(fw, "linux24", "update_addresses");
output.push_back(addr_conf.expand());
@ -441,9 +457,12 @@ string OSConfigurator_linux24::printPathForAllTools(const string &os)
{
ostringstream res;
//qDebug("%s", os_data.getVariableName(OSData_ipt::tools(*i)))
list<int>::const_iterator i;
const list<int> &all_tools = os_data.getAllTools();
for (i=all_tools.begin(); i!=all_tools.end(); ++i)
//qDebug("%s", os_data.getVariableName(OSData_ipt::tools(*i)).c_str());
res << os_data.getVariableName(OSData_ipt::tools(*i))
<< "=\""
<< getPathForATool(os, OSData_ipt::tools(*i))

6
src/iptlib/OSData_ipt.cpp
View File

@ -37,6 +37,8 @@ OSData_ipt::OSData_ipt(const std::string &ho)
attribute_names[IP6TABLES] = "path_ip6tables";
attribute_names[IPTABLES_RESTORE] = "path_iptables_restore";
attribute_names[IP6TABLES_RESTORE] = "path_ip6tables_restore";
attribute_names[IPTABLES_TRANSLATE] = "path_iptables_translate";
attribute_names[IP6TABLES_TRANSLATE] = "path_ip6tables_translate";
attribute_names[IP] = "path_ip";
attribute_names[IFCONFIG] = "path_ifconfig";
attribute_names[VCONFIG] = "path_vconfig";
@ -51,6 +53,8 @@ OSData_ipt::OSData_ipt(const std::string &ho)
variable_names[IP6TABLES] = "IP6TABLES";
variable_names[IPTABLES_RESTORE] = "IPTABLES_RESTORE";
variable_names[IP6TABLES_RESTORE] = "IP6TABLES_RESTORE";
variable_names[IPTABLES_TRANSLATE] = "IPTABLES_TRANSLATE";
variable_names[IP6TABLES_TRANSLATE] = "IP6TABLES_TRANSLATE";
variable_names[IP] = "IP";
variable_names[IFCONFIG] = "IFCONFIG";
variable_names[VCONFIG] = "VCONFIG";
@ -65,6 +69,8 @@ OSData_ipt::OSData_ipt(const std::string &ho)
all_tools.push_back(IP6TABLES);
all_tools.push_back(IPTABLES_RESTORE);
all_tools.push_back(IP6TABLES_RESTORE);
all_tools.push_back(IPTABLES_TRANSLATE);
all_tools.push_back(IP6TABLES_TRANSLATE);
all_tools.push_back(IP);
all_tools.push_back(IFCONFIG);
all_tools.push_back(VCONFIG);

2
src/iptlib/OSData_ipt.h
View File

@ -48,6 +48,8 @@ class OSData_ipt {
IP6TABLES,
IPTABLES_RESTORE,
IP6TABLES_RESTORE,
IPTABLES_TRANSLATE,
IP6TABLES_TRANSLATE,
IP,
IFCONFIG,
VCONFIG,

57
src/iptlib/PolicyCompiler_PrintRule.cpp
View File

@ -131,6 +131,7 @@ string PolicyCompiler_ipt::PrintRule::_createChain(const string &chain)
{
string res;
PolicyCompiler_ipt *ipt_comp = dynamic_cast<PolicyCompiler_ipt*>(compiler);
FWOptions* options = ipt_comp->fw->getOptionsObject();
if (!minus_n_tracker_initialized) initializeMinusNTracker();
@ -143,8 +144,12 @@ string PolicyCompiler_ipt::PrintRule::_createChain(const string &chain)
else
opt_wait = "";
res = string((ipt_comp->ipv6) ? "$IP6TABLES " : "$IPTABLES ") +
opt_wait + "-N " + chain;
if(options->getBool("use_iptables_translate")) {
res = (ipt_comp->ipv6) ? "$IP6TABLES_TRANSLATE " : "$($IPTABLES_TRANSLATE ";
} else {
res = (ipt_comp->ipv6) ? "$IP6TABLES " : "$IPTABLES ";
}
res+= opt_wait + "-N " + chain;
if (ipt_comp->my_table != "filter") res += " -t " + ipt_comp->my_table;
res += "\n";
(*(ipt_comp->minus_n_commands))[chain] = true;
@ -153,9 +158,17 @@ string PolicyCompiler_ipt::PrintRule::_createChain(const string &chain)
}
string PolicyCompiler_ipt::PrintRule::_startRuleLine()
{
{
PolicyCompiler_ipt *ipt_comp = dynamic_cast<PolicyCompiler_ipt*>(compiler);
string res = (ipt_comp->ipv6) ? "$IP6TABLES " : "$IPTABLES ";
FWOptions* options = ipt_comp->fw->getOptionsObject();
string res;// = (ipt_comp->ipv6) ? "$IP6TABLES " : "$IPTABLES ";
if(options->getBool("use_iptables_translate")) {
res = (ipt_comp->ipv6) ? "$IP6TABLES_TRANSLATE " : "$($IPTABLES_TRANSLATE ";
} else {
res = (ipt_comp->ipv6) ? "$IP6TABLES " : "$IPTABLES ";
}
string opt_wait;
if (XMLTools::version_compare(version, "1.4.20")>=0)
@ -173,7 +186,17 @@ string PolicyCompiler_ipt::PrintRule::_startRuleLine()
string PolicyCompiler_ipt::PrintRule::_endRuleLine()
{
return string("\n");
PolicyCompiler_ipt *ipt_comp = dynamic_cast<PolicyCompiler_ipt*>(compiler);
FWOptions* options = ipt_comp->fw->getOptionsObject();
string res;
if(options->getBool("use_iptables_translate")) {
res = ")\n";
} else {
res = "\n";
}
return res;
}
string PolicyCompiler_ipt::PrintRule::_printRuleLabel(PolicyRule *rule)
@ -378,20 +401,20 @@ string PolicyCompiler_ipt::PrintRule::_printModules(PolicyRule *rule)
}
#if (QT_VERSION >= QT_VERSION_CHECK(5, 15, 0))
QStringList comm = QString(rule->getComment().c_str()).split("\n", Qt::SkipEmptyParts);
#if (QT_VERSION >= QT_VERSION_CHECK(5, 15, 0))
QStringList comm = QString(rule->getComment().c_str()).split("\n", Qt::SkipEmptyParts);
#else
QStringList comm = QString(rule->getComment().c_str()).split("\n", QString::SkipEmptyParts);
QStringList comm = QString(rule->getComment().c_str()).split("\n", QString::SkipEmptyParts);
#endif
if(!comm.isEmpty()) {
ostr << "-m comment --comment " << '"';
foreach(QString line, comm)
{
ostr << " " << line.toStdString();
}
ostr << '"';
//res << "# " << endl;
}
if(!comm.isEmpty()) {
ostr << "-m comment --comment " << '"';
foreach(QString line, comm)
{
ostr << " " << line.toStdString();
}
ostr << '"';
//res << "# " << endl;
}
return ostr.str();
}

2
src/libgui/iptAdvancedDialog.cpp
View File

@ -163,6 +163,8 @@ iptAdvancedDialog::iptAdvancedDialog(QWidget *parent,FWObject *o)
data.registerOption(m_dialog->loadModules, fwoptions, "load_modules");
data.registerOption(m_dialog->iptablesRestoreActivation,
fwoptions, "use_iptables_restore");
data.registerOption(m_dialog->iptablesTranslateActivation,
fwoptions, "use_iptables_translate");
data.registerOption(m_dialog->ipt_fw_dir, fwoptions, "firewall_dir");
data.registerOption(m_dialog->ipt_user, fwoptions, "admUser");
data.registerOption(m_dialog->altAddress, fwoptions, "altAddress");

2950
src/libgui/iptadvanceddialog_q.ui
View File

File diff suppressed because it is too large Load Diff

6
src/libgui/linux24AdvancedDialog.cpp
View File

@ -178,6 +178,12 @@ linux24AdvancedDialog::linux24AdvancedDialog(QWidget *parent,FWObject *o)
data.registerOption( m_dialog->linux24_path_ip6tables_restore,
fwopt,
"linux24_path_ip6tables_restore");
data.registerOption( m_dialog->linux24_path_iptables_translate,
fwopt,
"linux24_path_iptables_translate");
data.registerOption( m_dialog->linux24_path_ip6tables_translate,
fwopt,
"linux24_path_ip6tables_translate");
data.registerOption(m_dialog->conntrack_max,
fwopt,

540
src/libgui/linux24advanceddialog_q.ui
View File

@ -9,14 +9,70 @@
<rect>
<x>0</x>
<y>0</y>
<width>493</width>
<height>566</height>
<width>479</width>
<height>694</height>
</rect>
</property>
<property name="windowTitle">
<string>Linux 2.4: advanced settings</string>
</property>
<layout class="QGridLayout">
<item row="1" column="0">
<layout class="QHBoxLayout">
<item>
<widget class="QPushButton" name="buttonHelp">
<property name="text">
<string>Help</string>
</property>
</widget>
</item>
<item>
<spacer>
<property name="orientation">
<enum>Qt::Horizontal</enum>
</property>
<property name="sizeType">
<enum>QSizePolicy::Expanding</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>151</width>
<height>27</height>
</size>
</property>
</spacer>
</item>
<item>
<widget class="QPushButton" name="buttonOk">
<property name="text">
<string>&amp;OK</string>
</property>
<property name="shortcut">
<string/>
</property>
<property name="autoDefault">
<bool>true</bool>
</property>
<property name="default">
<bool>true</bool>
</property>
</widget>
</item>
<item>
<widget class="QPushButton" name="buttonCancel">
<property name="text">
<string>&amp;Cancel</string>
</property>
<property name="shortcut">
<string/>
</property>
<property name="autoDefault">
<bool>true</bool>
</property>
</widget>
</item>
</layout>
</item>
<item row="0" column="0">
<widget class="QTabWidget" name="tabWidget">
<property name="tabShape">
@ -30,7 +86,16 @@
<string>Options</string>
</attribute>
<layout class="QGridLayout">
<property name="margin">
<property name="leftMargin">
<number>12</number>
</property>
<property name="topMargin">
<number>12</number>
</property>
<property name="rightMargin">
<number>12</number>
</property>
<property name="bottomMargin">
<number>12</number>
</property>
<item row="0" column="0" colspan="2">
@ -427,7 +492,16 @@
<string>TCP</string>
</attribute>
<layout class="QGridLayout">
<property name="margin">
<property name="leftMargin">
<number>12</number>
</property>
<property name="topMargin">
<number>12</number>
</property>
<property name="rightMargin">
<number>12</number>
</property>
<property name="bottomMargin">
<number>12</number>
</property>
<item row="1" column="0" colspan="4">
@ -758,32 +832,55 @@
<string>Path</string>
</attribute>
<layout class="QGridLayout" name="linux24Advanced_gridLayout_1">
<item row="0" column="1">
<spacer>
<property name="orientation">
<enum>Qt::Vertical</enum>
<item row="3" column="0">
<widget class="QLabel" name="label">
<property name="layoutDirection">
<enum>Qt::LeftToRight</enum>
</property>
<property name="sizeType">
<enum>QSizePolicy::Fixed</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>20</width>
<height>20</height>
</size>
</property>
</spacer>
</item>
<item row="1" column="0" colspan="4">
<widget class="QLabel" name="label456">
<property name="text">
<string>Specify directory path and a file name for each utility on your firewall machine. Leave these empty if you want to use default values.</string>
<string>ip6tables:</string>
</property>
<property name="alignment">
<set>Qt::AlignCenter</set>
<set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set>
</property>
</widget>
</item>
<item row="8" column="0">
<widget class="QLabel" name="label455">
<property name="text">
<string>ifenslave:</string>
</property>
<property name="alignment">
<set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set>
</property>
<property name="wordWrap">
<bool>true</bool>
<bool>false</bool>
</property>
</widget>
</item>
<item row="13" column="0">
<widget class="QLabel" name="label_2">
<property name="layoutDirection">
<enum>Qt::LeftToRight</enum>
</property>
<property name="text">
<string>ip6tables-restore:</string>
</property>
<property name="alignment">
<set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set>
</property>
</widget>
</item>
<item row="7" column="0">
<widget class="QLabel" name="label455_4">
<property name="text">
<string>brctl:</string>
</property>
<property name="alignment">
<set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set>
</property>
<property name="wordWrap">
<bool>false</bool>
</property>
</widget>
</item>
@ -800,48 +897,6 @@
</property>
</widget>
</item>
<item row="2" column="1" colspan="2">
<widget class="QLineEdit" name="linux24_path_iptables">
<property name="minimumSize">
<size>
<width>300</width>
<height>0</height>
</size>
</property>
</widget>
</item>
<item row="3" column="0">
<widget class="QLabel" name="label">
<property name="layoutDirection">
<enum>Qt::LeftToRight</enum>
</property>
<property name="text">
<string>ip6tables:</string>
</property>
<property name="alignment">
<set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set>
</property>
</widget>
</item>
<item row="3" column="1" colspan="2">
<widget class="QLineEdit" name="linux24_path_ip6tables"/>
</item>
<item row="4" column="0">
<widget class="QLabel" name="label454">
<property name="text">
<string>ip:</string>
</property>
<property name="alignment">
<set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set>
</property>
<property name="wordWrap">
<bool>false</bool>
</property>
</widget>
</item>
<item row="4" column="1" colspan="2">
<widget class="QLineEdit" name="linux24_path_ip"/>
</item>
<item row="5" column="0">
<widget class="QLabel" name="label455_2">
<property name="text">
@ -855,135 +910,7 @@
</property>
</widget>
</item>
<item row="5" column="1" colspan="2">
<widget class="QLineEdit" name="linux24_path_logger"/>
</item>
<item row="6" column="0">
<widget class="QLabel" name="label455_3">
<property name="text">
<string>vconfig:</string>
</property>
<property name="alignment">
<set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set>
</property>
<property name="wordWrap">
<bool>false</bool>
</property>
</widget>
</item>
<item row="6" column="1" colspan="2">
<widget class="QLineEdit" name="linux24_path_vconfig"/>
</item>
<item row="7" column="0">
<widget class="QLabel" name="label455_4">
<property name="text">
<string>brctl:</string>
</property>
<property name="alignment">
<set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set>
</property>
<property name="wordWrap">
<bool>false</bool>
</property>
</widget>
</item>
<item row="7" column="1" colspan="2">
<widget class="QLineEdit" name="linux24_path_brctl"/>
</item>
<item row="8" column="0">
<widget class="QLabel" name="label455">
<property name="text">
<string>ifenslave:</string>
</property>
<property name="alignment">
<set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set>
</property>
<property name="wordWrap">
<bool>false</bool>
</property>
</widget>
</item>
<item row="8" column="1" colspan="2">
<widget class="QLineEdit" name="linux24_path_ifenslave"/>
</item>
<item row="9" column="0">
<widget class="QLabel" name="label458">
<property name="text">
<string>modprobe:</string>
</property>
<property name="alignment">
<set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set>
</property>
<property name="wordWrap">
<bool>false</bool>
</property>
</widget>
</item>
<item row="9" column="1" colspan="2">
<widget class="QLineEdit" name="linux24_path_modprobe"/>
</item>
<item row="10" column="0">
<widget class="QLabel" name="label459">
<property name="text">
<string>lsmod:</string>
</property>
<property name="alignment">
<set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set>
</property>
<property name="wordWrap">
<bool>false</bool>
</property>
</widget>
</item>
<item row="10" column="1" colspan="2">
<widget class="QLineEdit" name="linux24_path_lsmod"/>
</item>
<item row="11" column="0">
<widget class="QLabel" name="label_8">
<property name="text">
<string>ipset:</string>
</property>
<property name="alignment">
<set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set>
</property>
</widget>
</item>
<item row="11" column="1" colspan="2">
<widget class="QLineEdit" name="linux24_path_ipset"/>
</item>
<item row="12" column="0">
<widget class="QLabel" name="label453_2">
<property name="text">
<string>iptables-restore:</string>
</property>
<property name="alignment">
<set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set>
</property>
<property name="wordWrap">
<bool>false</bool>
</property>
</widget>
</item>
<item row="12" column="1" colspan="2">
<widget class="QLineEdit" name="linux24_path_iptables_restore"/>
</item>
<item row="13" column="0">
<widget class="QLabel" name="label_2">
<property name="layoutDirection">
<enum>Qt::LeftToRight</enum>
</property>
<property name="text">
<string>ip6tables-restore:</string>
</property>
<property name="alignment">
<set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set>
</property>
</widget>
</item>
<item row="13" column="1" colspan="2">
<widget class="QLineEdit" name="linux24_path_ip6tables_restore"/>
</item>
<item row="14" column="2">
<item row="16" column="1">
<spacer>
<property name="orientation">
<enum>Qt::Vertical</enum>
@ -999,6 +926,173 @@
</property>
</spacer>
</item>
<item row="0" column="1">
<spacer>
<property name="orientation">
<enum>Qt::Vertical</enum>
</property>
<property name="sizeType">
<enum>QSizePolicy::Fixed</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>20</width>
<height>20</height>
</size>
</property>
</spacer>
</item>
<item row="2" column="1" colspan="2">
<widget class="QLineEdit" name="linux24_path_iptables">
<property name="minimumSize">
<size>
<width>300</width>
<height>0</height>
</size>
</property>
</widget>
</item>
<item row="4" column="0">
<widget class="QLabel" name="label454">
<property name="text">
<string>ip:</string>
</property>
<property name="alignment">
<set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set>
</property>
<property name="wordWrap">
<bool>false</bool>
</property>
</widget>
</item>
<item row="11" column="0">
<widget class="QLabel" name="label_8">
<property name="text">
<string>ipset:</string>
</property>
<property name="alignment">
<set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set>
</property>
</widget>
</item>
<item row="12" column="0">
<widget class="QLabel" name="label453_2">
<property name="text">
<string>iptables-restore:</string>
</property>
<property name="alignment">
<set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set>
</property>
<property name="wordWrap">
<bool>false</bool>
</property>
</widget>
</item>
<item row="6" column="0">
<widget class="QLabel" name="label455_3">
<property name="text">
<string>vconfig:</string>
</property>
<property name="alignment">
<set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set>
</property>
<property name="wordWrap">
<bool>false</bool>
</property>
</widget>
</item>
<item row="1" column="0" colspan="4">
<widget class="QLabel" name="label456">
<property name="text">
<string>Specify directory path and a file name for each utility on your firewall machine. Leave these empty if you want to use default values.</string>
</property>
<property name="alignment">
<set>Qt::AlignCenter</set>
</property>
<property name="wordWrap">
<bool>true</bool>
</property>
</widget>
</item>
<item row="9" column="0">
<widget class="QLabel" name="label458">
<property name="text">
<string>modprobe:</string>
</property>
<property name="alignment">
<set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set>
</property>
<property name="wordWrap">
<bool>false</bool>
</property>
</widget>
</item>
<item row="10" column="0">
<widget class="QLabel" name="label459">
<property name="text">
<string>lsmod:</string>
</property>
<property name="alignment">
<set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set>
</property>
<property name="wordWrap">
<bool>false</bool>
</property>
</widget>
</item>
<item row="14" column="0">
<widget class="QLabel" name="label_9">
<property name="text">
<string>iptables-translate:</string>
</property>
</widget>
</item>
<item row="15" column="0">
<widget class="QLabel" name="label_10">
<property name="text">
<string>ip6tables-translate:</string>
</property>
</widget>
</item>
<item row="3" column="1" colspan="3">
<widget class="QLineEdit" name="linux24_path_ip6tables"/>
</item>
<item row="4" column="1" colspan="3">
<widget class="QLineEdit" name="linux24_path_ip"/>
</item>
<item row="5" column="1" colspan="3">
<widget class="QLineEdit" name="linux24_path_logger"/>
</item>
<item row="6" column="1" colspan="3">
<widget class="QLineEdit" name="linux24_path_vconfig"/>
</item>
<item row="7" column="1" colspan="3">
<widget class="QLineEdit" name="linux24_path_brctl"/>
</item>
<item row="15" column="1" colspan="3">
<widget class="QLineEdit" name="linux24_path_ip6tables_translate"/>
</item>
<item row="14" column="1" colspan="3">
<widget class="QLineEdit" name="linux24_path_iptables_translate"/>
</item>
<item row="13" column="1" colspan="3">
<widget class="QLineEdit" name="linux24_path_ip6tables_restore"/>
</item>
<item row="12" column="1" colspan="3">
<widget class="QLineEdit" name="linux24_path_iptables_restore"/>
</item>
<item row="11" column="1" colspan="3">
<widget class="QLineEdit" name="linux24_path_ipset"/>
</item>
<item row="10" column="1" colspan="3">
<widget class="QLineEdit" name="linux24_path_lsmod"/>
</item>
<item row="9" column="1" colspan="3">
<widget class="QLineEdit" name="linux24_path_modprobe"/>
</item>
<item row="8" column="1" colspan="3">
<widget class="QLineEdit" name="linux24_path_ifenslave"/>
</item>
</layout>
</widget>
<widget class="QWidget" name="tab">
@ -1289,62 +1383,6 @@ Explanation of this parameter can be found at&lt;br&gt;
</widget>
</widget>
</item>
<item row="1" column="0">
<layout class="QHBoxLayout">
<item>
<widget class="QPushButton" name="buttonHelp">
<property name="text">
<string>Help</string>
</property>
</widget>
</item>
<item>
<spacer>
<property name="orientation">
<enum>Qt::Horizontal</enum>
</property>
<property name="sizeType">
<enum>QSizePolicy::Expanding</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>151</width>
<height>27</height>
</size>
</property>
</spacer>
</item>
<item>
<widget class="QPushButton" name="buttonOk">
<property name="text">
<string>&amp;OK</string>
</property>
<property name="shortcut">
<string/>
</property>
<property name="autoDefault">
<bool>true</bool>
</property>
<property name="default">
<bool>true</bool>
</property>
</widget>
</item>
<item>
<widget class="QPushButton" name="buttonCancel">
<property name="text">
<string>&amp;Cancel</string>
</property>
<property name="shortcut">
<string/>
</property>
<property name="autoDefault">
<bool>true</bool>
</property>
</widget>
</item>
</layout>
</item>
</layout>
</widget>
<layoutdefault spacing="6" margin="11"/>

71
src/res/configlets/linux24/reset_iptables_nft Normal file
View File

@ -0,0 +1,71 @@
## -*- mode: shell-script; -*-
##
## To be able to make changes to the part of configuration created
## from this configlet you need to copy this file to the directory
## fwbuilder/configlets/linux24/ in your home directory and modify it.
## Double "##" comments are removed during processing but single "#"
## comments are be retained and appear in the generated script. Empty
## lines are removed as well.
##
## Configlets support simple macro language with these constructs:
## {{$var}} is variable expansion
## {{if var}} is conditional operator.
##
reset_iptables_v4() {
local list
$IPTABLES {{$opt_wait}} -P OUTPUT DROP
$IPTABLES {{$opt_wait}} -P INPUT DROP
$IPTABLES {{$opt_wait}} -P FORWARD DROP
while read table; do
list=$($IPTABLES {{$opt_wait}} -t $table -L -n)
printf "%s" "$list" | while read c chain rest; do
if test "X$c" = "XChain" ; then
$IPTABLES {{$opt_wait}} -t $table -F $chain
fi
done
$IPTABLES {{$opt_wait}} -t $table -X
done < /proc/net/ip_tables_names
nft flush ruleset
nft add table ip filter # create table
nft add chain ip filter INPUT { type filter hook input priority 0 \; } # create chain
nft add chain ip filter OUTPUT { type filter hook output priority 0 \; } # create chain
nft add chain ip filter FORWARD { type filter hook forward priority 0 \; } # create chain
nft add table ip nat # create table
nft add chain ip nat PREROUTING { type nat hook prerouting priority 0 \; } # create chain
nft add chain ip nat POSTROUTING { type nat hook postrouting priority 0 \; } # create chain
}
reset_iptables_v6() {
local list
$IP6TABLES {{$opt_wait}} -P OUTPUT DROP
$IP6TABLES {{$opt_wait}} -P INPUT DROP
$IP6TABLES {{$opt_wait}} -P FORWARD DROP
while read table; do
list=$($IP6TABLES {{$opt_wait}} -t $table -L -n)
printf "%s" "$list" | while read c chain rest; do
if test "X$c" = "XChain" ; then
$IP6TABLES {{$opt_wait}} -t $table -F $chain
fi
done
$IP6TABLES {{$opt_wait}} -t $table -X
done < /proc/net/ip6_tables_names
nft flush ruleset
nft add table ip6 filter # create table
nft add chain ip6 filter INPUT { type filter hook input priority 0 \; } # create chain
nft add chain ip6 filter OUTPUT { type filter hook output priority 0 \; } # create chain
nft add chain ip6 filter FORWARD { type filter hook forward priority 0 \; } # create chain
nft add table ip6 nat # create table
nft add chain ip6 nat PREROUTING { type nat hook prerouting priority 0 \; } # create chain
nft add chain ip6 nat POSTROUTING { type nat hook postrouting priority 0 \; } # create chain
}

40
src/res/configlets/linux24/stop_action_nft Normal file
View File

@ -0,0 +1,40 @@
## -*- mode: shell-script; -*-
##
## To be able to make changes to the part of configuration created
## from this configlet you need to copy this file to the directory
## fwbuilder/configlets/sveasoft/ in your home directory and modify it.
## Double "##" comments are removed during processing but single "#"
## comments are be retained and appear in the generated script. Empty
## lines are removed as well.
##
## Configlets support simple macro language with these constructs:
## {{$var}} is variable expansion
## {{if var}} is conditional operator.
##
## This configlet defines commands executed when iptables script is ran
## with command line argument "stop". By default it resets iptables
## tables and chains using function reset_all and sets all chains
## default policy to ACCEPT
stop_action() {
reset_all
{{if have_ipv4}}
$IPTABLES {{$opt_wait}} -P OUTPUT ACCEPT
$IPTABLES {{$opt_wait}} -P INPUT ACCEPT
$IPTABLES {{$opt_wait}} -P FORWARD ACCEPT
nft add chain ip filter INPUT '{ policy accept; }'
nft add chain ip filter OUTPUT '{ policy accept; }'
nft add chain ip filter FORWARD '{ policy accept; }'
{{endif}}
{{if have_ipv6}}
$IP6TABLES {{$opt_wait}} -P OUTPUT ACCEPT
$IP6TABLES {{$opt_wait}} -P INPUT ACCEPT
$IP6TABLES {{$opt_wait}} -P FORWARD ACCEPT
nft add chain ip6 filter INPUT '{ policy accept; }'
nft add chain ip6 filter OUTPUT '{ policy accept; }'
nft add chain ip6 filter FORWARD '{ policy accept; }'
{{endif}}
}