├── myfw.sh ├── README.md ├── Makefile ├── myfw.mod.c └── firewall.cpp /myfw.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | clear; 3 | make clean; 4 | make; 5 | rmmod myfw; 6 | insmod myfw.ko; 7 | dmesg -c; 8 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # simple-firewall-based-on-Netfilter- 2 | 基于Netfilter的防火墙:可根据规则拦截记录流量包,具有NAT功能 3 | 4 | 分为用户态程序和内核态程序: 5 | 6 | 执行myfw.sh,编译插入内核模块 7 | 编译执行firwwall.cpp,执行用户态程序 8 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | KERN_DIR = /lib/modules/$(shell uname -r)/build 2 | myfw-objs := myfw_mod.o #file2.o file3.o 3 | obj-m += myfw.o 4 | 5 | all: 6 | make -C $(KERN_DIR) M=$(shell pwd) modules 7 | clean: 8 | make -C $(KERN_DIR) M=$(shell pwd) modules clean 9 | rm -rf modules.order 10 | rm -f *.symvers 11 | -------------------------------------------------------------------------------- /myfw.mod.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | 5 | MODULE_INFO(vermagic, VERMAGIC_STRING); 6 | 7 | __visible struct module __this_module 8 | __attribute__((section(".gnu.linkonce.this_module"))) = { 9 | .name = KBUILD_MODNAME, 10 | .init = init_module, 11 | #ifdef CONFIG_MODULE_UNLOAD 12 | .exit = cleanup_module, 13 | #endif 14 | .arch = MODULE_ARCH_INIT, 15 | }; 16 | 17 | static const struct modversion_info ____versions[] 18 | __used 19 | __attribute__((section("__versions"))) = { 20 | { 0x59caa4c3, __VMLINUX_SYMBOL_STR(module_layout) }, 21 | { 0x754d539c, __VMLINUX_SYMBOL_STR(strlen) }, 22 | { 0x81ba77be, __VMLINUX_SYMBOL_STR(device_destroy) }, 23 | { 0x2e08777f, __VMLINUX_SYMBOL_STR(nf_register_hook) }, 24 | { 0x7485e15e, __VMLINUX_SYMBOL_STR(unregister_chrdev_region) }, 25 | { 0x7d11c268, __VMLINUX_SYMBOL_STR(jiffies) }, 26 | { 0xe2d5255a, __VMLINUX_SYMBOL_STR(strcmp) }, 27 | { 0x27e1a049, __VMLINUX_SYMBOL_STR(printk) }, 28 | { 0x98d4495f, __VMLINUX_SYMBOL_STR(netlink_kernel_release) }, 29 | { 0x1ab099dd, __VMLINUX_SYMBOL_STR(device_create) }, 30 | { 0xb01fce, __VMLINUX_SYMBOL_STR(netlink_unicast) }, 31 | { 0xbe7b5971, __VMLINUX_SYMBOL_STR(init_net) }, 32 | { 0x1172c8f, __VMLINUX_SYMBOL_STR(__alloc_skb) }, 33 | { 0xf0fdf6cb, __VMLINUX_SYMBOL_STR(__stack_chk_fail) }, 34 | { 0xbdfb6dbb, __VMLINUX_SYMBOL_STR(__fentry__) }, 35 | { 0xc18a7bdb, __VMLINUX_SYMBOL_STR(nf_unregister_hook) }, 36 | { 0xfda649ed, __VMLINUX_SYMBOL_STR(__netlink_kernel_create) }, 37 | { 0x69acdf38, __VMLINUX_SYMBOL_STR(memcpy) }, 38 | { 0x268f87ce, __VMLINUX_SYMBOL_STR(class_destroy) }, 39 | { 0x28318305, __VMLINUX_SYMBOL_STR(snprintf) }, 40 | { 0xe113bbbc, __VMLINUX_SYMBOL_STR(csum_partial) }, 41 | { 0x9ffdebf7, __VMLINUX_SYMBOL_STR(__nlmsg_put) }, 42 | { 0xd7bd463f, __VMLINUX_SYMBOL_STR(__class_create) }, 43 | { 0x29537c9e, __VMLINUX_SYMBOL_STR(alloc_chrdev_region) }, 44 | { 0xe914e41e, __VMLINUX_SYMBOL_STR(strcpy) }, 45 | }; 46 | 47 | static const char __module_depends[] 48 | __used 49 | __attribute__((section(".modinfo"))) = 50 | "depends="; 51 | 52 | 53 | MODULE_INFO(srcversion, "D6AEA6D30C01D5DBF84CEB0"); 54 | -------------------------------------------------------------------------------- /firewall.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include 10 | #include 11 | #include 12 | #include 13 | 14 | #define NETLINK_TEST 29 15 | #define TEST_PID 100 16 | #define MAX_PAYLOAD 1024 17 | #define MAX_RULE_NUM 50 18 | #define MAX_LOG_NUM 100 19 | #define MAX_CONNECTION_NUM 101 20 | #define MAX_NAT_NUM 100 21 | #define TCP 6 22 | #define UDP 17 23 | #define ICMP 1 24 | #define ANY -1 25 | // definition of Rules 26 | typedef struct { 27 | char src_ip[20]; 28 | char dst_ip[20]; 29 | int src_port; 30 | int dst_port; 31 | char protocol; 32 | bool action; 33 | bool log; 34 | }Rule; 35 | static Rule rules[MAX_RULE_NUM]; 36 | static int rnum = 0; //rules num 37 | 38 | typedef struct { 39 | unsigned nat_ip; 40 | int firewall_port; 41 | int nat_port; 42 | }NatEntry; 43 | static NatEntry NatTable[MAX_NAT_NUM]; 44 | static int nnum = 0; 45 | unsigned net_ip, net_mask, firewall_ip; 46 | int firewall_port = 20000; 47 | 48 | //definition of Logs 49 | typedef struct { 50 | unsigned src_ip; 51 | unsigned dst_ip; 52 | int src_port; 53 | int dst_port; 54 | char protocol; 55 | bool action; 56 | }Log; 57 | static Log logs[MAX_LOG_NUM]; 58 | static int lnum = 0; //logs num 59 | 60 | //definition of Connections 61 | typedef struct { 62 | unsigned src_ip; 63 | int src_port; 64 | unsigned dst_ip; 65 | int dst_port; 66 | char protocol; 67 | unsigned long t; 68 | }Connection; 69 | static Connection cons[MAX_CONNECTION_NUM]; 70 | static Connection cons2[MAX_CONNECTION_NUM]; 71 | static int cnum = 0; 72 | /*-----------------------------------------tools----------------------------------*/ 73 | unsigned ipstr_to_num(const char *ip_str) { 74 | int count = 0; 75 | unsigned tmp = 0, ip = 0, i; 76 | for (i = 0; i < strlen(ip_str); i++) { 77 | if (ip_str[i] == '.') { 78 | ip = ip | (tmp << (8 * (3 - count))); 79 | tmp = 0; 80 | count++; 81 | continue; 82 | } 83 | tmp *= 10; 84 | tmp += ip_str[i] - '0'; 85 | } 86 | ip = ip | tmp; 87 | return ip; 88 | } 89 | char * addr_from_net(char * buff, __be32 addr) { 90 | __u8 *p = (__u8*)&addr; 91 | snprintf(buff, 16, "%u.%u.%u.%u", 92 | (__u32)p[3], (__u32)p[2], (__u32)p[1], (__u32)p[0]); 93 | return buff; 94 | } 95 | 96 | 97 | /*-----------------------------------------nelink---------------------------------*/ 98 | //create a socket 99 | int netlink_create_socket(void) 100 | { 101 | return socket(AF_NETLINK, SOCK_RAW, NETLINK_TEST); 102 | } 103 | int netlink_bind(int sock_fd) 104 | { 105 | struct sockaddr_nl addr; 106 | memset(&addr, 0, sizeof(struct sockaddr_nl)); 107 | addr.nl_family = AF_NETLINK; 108 | addr.nl_pid = TEST_PID; 109 | addr.nl_groups = 0; 110 | return bind(sock_fd, (struct sockaddr *)&addr, sizeof(struct sockaddr_nl)); 111 | } 112 | int netlink_send_message(int sock_fd, const unsigned char *message, int len, unsigned int pid = 0, unsigned int group = 0) 113 | { 114 | struct nlmsghdr *nlh = NULL; 115 | struct sockaddr_nl dest_addr; 116 | struct iovec iov; 117 | struct msghdr msg; 118 | if (!message) 119 | return -1; 120 | 121 | nlh = (struct nlmsghdr *)malloc(NLMSG_SPACE(len)); 122 | if (!nlh) { 123 | perror("malloc nlh error!\n"); 124 | return -2; 125 | } 126 | nlh->nlmsg_len = NLMSG_SPACE(len); 127 | nlh->nlmsg_pid = TEST_PID; 128 | nlh->nlmsg_flags = 0; 129 | 130 | memcpy(NLMSG_DATA(nlh), message, len); 131 | iov.iov_base = (void *)nlh; 132 | iov.iov_len = nlh->nlmsg_len; 133 | 134 | memset(&dest_addr, 0, sizeof(struct sockaddr_nl)); 135 | dest_addr.nl_family = AF_NETLINK; 136 | dest_addr.nl_pid = pid; 137 | dest_addr.nl_groups = group; 138 | 139 | memset(&msg, 0, sizeof(struct msghdr)); 140 | msg.msg_name = (void *)&dest_addr; 141 | msg.msg_namelen = sizeof(struct sockaddr_nl); 142 | msg.msg_iov = &iov; 143 | msg.msg_iovlen = 1; 144 | 145 | if (sendmsg(sock_fd, &msg, 0) < 0) 146 | { 147 | perror("send error!\n"); 148 | free(nlh); 149 | return -3; 150 | } 151 | free(nlh); 152 | return 0; 153 | } 154 | 155 | int netlink_recv_message(int sock_fd, unsigned char *message, int *len) 156 | { 157 | struct nlmsghdr *nlh; 158 | struct sockaddr_nl source_addr; 159 | struct iovec iov; 160 | struct msghdr msg; 161 | if (!message || !len) 162 | return -1; 163 | nlh = (struct nlmsghdr *)malloc(NLMSG_SPACE(MAX_PAYLOAD)); 164 | if (!nlh) { 165 | perror("malloc nlh error!\n"); 166 | return -2; 167 | } 168 | iov.iov_base = (void *)nlh; 169 | iov.iov_len = NLMSG_SPACE(MAX_PAYLOAD); 170 | memset(&source_addr, 0, sizeof(struct sockaddr_nl)); 171 | memset(&msg, 0, sizeof(struct msghdr)); 172 | msg.msg_name = (void *)&source_addr; 173 | msg.msg_namelen = sizeof(struct sockaddr_nl); 174 | msg.msg_iov = &iov; 175 | msg.msg_iovlen = 1; 176 | if (recvmsg(sock_fd, &msg, 0) < 0) 177 | { 178 | perror("recvmsg error!\n"); 179 | return -3; 180 | } 181 | *len = nlh->nlmsg_len - NLMSG_SPACE(0); 182 | memcpy(message, (unsigned char *)NLMSG_DATA(nlh), *len); 183 | free(nlh); 184 | return 0; 185 | } 186 | /*----------------------------------------tools-----------------------------------*/ 187 | void print_IP(unsigned int src_ip) 188 | { 189 | unsigned char src_i[4]; 190 | int i; 191 | for (i = 0; i < 4; i++) 192 | { 193 | src_i[3 - i] = src_ip % 256; 194 | src_ip /= 256; 195 | } 196 | printf("%d.%d.%d.%d", src_i[0], src_i[1], src_i[2], src_i[3]); 197 | } 198 | void sprint_IP(char output[], unsigned int src_ip) 199 | { 200 | unsigned char src_i[4]; 201 | int i; 202 | for (i = 0; i < 4; i++) 203 | { 204 | src_i[3 - i] = src_ip % 256; 205 | src_ip /= 256; 206 | } 207 | sprintf(output, "%d.%d.%d.%d", src_i[0], src_i[1], src_i[2], src_i[3]); 208 | } 209 | void Convert(unsigned &ip, unsigned &mask, const char *ip_range) 210 | { 211 | char tmp_ip[20]; 212 | int p = -1, count = 0; 213 | unsigned len = 0, tmp = 0, i; 214 | ip = 0, mask = 0; 215 | strcpy(tmp_ip, ip_range); 216 | for (i = 0; i < strlen(tmp_ip); i++) { 217 | if (p != -1) { 218 | len *= 10; 219 | len += tmp_ip[i] - '0'; 220 | } 221 | else if (tmp_ip[i] == '/') 222 | p = i; 223 | } 224 | if (p != -1) { 225 | tmp_ip[p] = '\0'; 226 | mask = 0xFFFFFFFF << (32 - len); 227 | } 228 | else mask = 0xFFFFFFFF; 229 | for (i = 0; i < strlen(tmp_ip); i++) { 230 | if (tmp_ip[i] == '.') { 231 | ip = ip | (tmp << (8 * (3 - count))); 232 | tmp = 0; 233 | count++; 234 | continue; 235 | } 236 | tmp *= 10; 237 | tmp += tmp_ip[i] - '0'; 238 | } 239 | ip = ip | tmp; 240 | } 241 | /*-----------------------------------------Rules---------------------------------------*/ 242 | bool AddRule(const char *src_ip, const char *dst_ip, 243 | int src_port, int dst_port, 244 | char protocol, 245 | bool action, bool log) 246 | { 247 | if (rnum < 100) { 248 | strcpy(rules[rnum].src_ip, src_ip); 249 | strcpy(rules[rnum].dst_ip, dst_ip); 250 | rules[rnum].src_port = src_port; 251 | rules[rnum].dst_port = dst_port; 252 | rules[rnum].protocol = protocol; 253 | rules[rnum].action = action; 254 | rules[rnum].log = log; 255 | rnum++; 256 | return true; 257 | } 258 | return false; 259 | } 260 | bool DelRule(int pos) 261 | { 262 | if (pos >= rnum || pos < 0) 263 | return false; 264 | memcpy(rules + pos, rules + pos + 1, sizeof(Rule)*(rnum - pos)); 265 | rnum--; 266 | return true; 267 | } 268 | int SendRules() 269 | { 270 | int sock_fd; 271 | unsigned char buf[MAX_RULE_NUM * sizeof(Rule) + 10]; 272 | int len; 273 | sock_fd = netlink_create_socket(); 274 | if (sock_fd == -1) 275 | { 276 | perror("send rules socket error!"); 277 | return -1; 278 | } 279 | if (netlink_bind(sock_fd) < 0) 280 | { 281 | perror("rules bind error!"); 282 | close(sock_fd); 283 | exit(EXIT_FAILURE); 284 | } 285 | buf[0] = 0; 286 | buf[1] = rnum; 287 | memcpy(buf + 2, rules, rnum * sizeof(Rule)); 288 | netlink_send_message(sock_fd, (const unsigned char *)buf, rnum * sizeof(Rule) + 2); 289 | close(sock_fd); 290 | return 1; 291 | } 292 | void PrintRules() 293 | { 294 | printf("|----------------------------------------------------------------------------|\n"); 295 | printf("| src_ip | dst_ip |src_port|dst_port|protocol| action | log |\n"); 296 | printf("|----------------------------------------------------------------------------|\n"); 297 | for (int i = 0; i < rnum; i++) { 298 | printf("|%15.20s|%15.20s|%8d|%8d|%8hhd|%8d|%8d|\n", rules[i].src_ip, rules[i].dst_ip, rules[i].src_port, rules[i].dst_port, rules[i].protocol, rules[i].action, rules[i].log); 299 | printf("|----------------------------------------------------------------------------|\n"); 300 | } 301 | return; 302 | } 303 | /*------------------------------NAT RULES--------------------------*/ 304 | bool AddNatRule(unsigned nat_ip, int nat_port, int firewall_port) 305 | { 306 | if (nnum < 100) 307 | { 308 | NatTable[nnum].nat_ip = nat_ip; 309 | NatTable[nnum].nat_port = nat_port; 310 | NatTable[nnum].firewall_port = firewall_port; 311 | nnum++; 312 | return true; 313 | } 314 | return false; 315 | } 316 | bool DelNatRule(int pos) 317 | { 318 | if (pos >= nnum || pos < 0) 319 | return false; 320 | memcpy(rules + pos, rules + pos + 1, sizeof(Rule)*(nnum - pos)); 321 | nnum--; 322 | return true; 323 | } 324 | int SendNatRules() 325 | { 326 | int sock_fd; 327 | unsigned char buf[MAX_NAT_NUM * sizeof(NatEntry) + 20]; 328 | sock_fd = netlink_create_socket(); 329 | if (sock_fd == -1) 330 | { 331 | perror("send nat rules socket error!"); 332 | return -1; 333 | } 334 | if (netlink_bind(sock_fd) < 0) 335 | { 336 | perror("send nat rules bind error!"); 337 | close(sock_fd); 338 | exit(EXIT_FAILURE); 339 | } 340 | buf[0] = 1; 341 | buf[1] = nnum; 342 | memcpy(buf + 2, &net_ip, sizeof(unsigned)); 343 | memcpy(buf + 6, &net_mask, sizeof(unsigned)); 344 | memcpy(buf + 10, &firewall_ip, sizeof(unsigned)); 345 | memcpy(buf + 14, NatTable, nnum * sizeof(NatEntry)); 346 | netlink_send_message(sock_fd, (const unsigned char *)buf, nnum * sizeof(NatEntry) + 14); 347 | close(sock_fd); 348 | return 1; 349 | 350 | } 351 | 352 | void SetNat(unsigned net, unsigned mask, unsigned firewall) 353 | { 354 | net_ip = net; 355 | net_mask = mask; 356 | firewall_ip = firewall; 357 | } 358 | void PrintNatRules() { 359 | printf("|-----------------------------------------------------|\n"); 360 | printf("| nat_ip | firewall_port | nat_port |\n"); 361 | printf("|-----------------------------------------------------|\n"); 362 | for (int i = 0; i < nnum; i++) { 363 | char buff[20], buff2[20]; 364 | printf("|%15.20s|%20d|%16d|\n", addr_from_net(buff2, NatTable[i].nat_ip), NatTable[i].firewall_port, NatTable[i].nat_port); 365 | printf("|-----------------------------------------------------|\n"); 366 | } 367 | return; 368 | } 369 | 370 | /*----------------------------------------Log---------------------------------------*/ 371 | int GetLogs() 372 | { 373 | int sock_fd; 374 | int len; 375 | unsigned char a[2]; 376 | unsigned char buf[MAX_LOG_NUM * sizeof(Log)]; 377 | sock_fd = netlink_create_socket(); 378 | if (sock_fd == -1) 379 | { 380 | perror("Get logs create socke error!"); 381 | return -1; 382 | } 383 | if (netlink_bind(sock_fd) < 0) 384 | { 385 | perror("Get logs bind error!"); 386 | close(sock_fd); 387 | exit(EXIT_FAILURE); 388 | } 389 | a[0] = 2; 390 | netlink_send_message(sock_fd, (const unsigned char *)a, 1); 391 | if (netlink_recv_message(sock_fd, buf, &len) == 0) 392 | { 393 | printf("recvln:%d\n", len); 394 | memcpy(logs, buf, len); 395 | lnum = len / sizeof(Log); 396 | } 397 | close(sock_fd); 398 | return 1; 399 | } 400 | void PrintLogs() 401 | { 402 | printf("Logs:\n"); 403 | printf("|-------------------------------------------------------------------|\n"); 404 | printf("| src_ip | dst_ip |src_port|dst_port|protocol| action |\n"); 405 | printf("|-------------------------------------------------------------------|\n"); 406 | for (int i = 0; i < lnum; i++) { 407 | char buff[20], buff2[20]; 408 | printf("|%15.20s|%15.20s|%8d|%8d|%8hhd|%8d|\n", addr_from_net(buff, logs[i].src_ip), addr_from_net(buff2, logs[i].dst_ip), logs[i].src_port, logs[i].dst_port, logs[i].protocol, logs[i].action); 409 | printf("|-------------------------------------------------------------------|\n"); 410 | } 411 | } 412 | 413 | /*-----------------------------------------Status list--------------------------------------*/ 414 | int GetConnections() 415 | { 416 | int sock_fd; 417 | int len; 418 | unsigned char a[2]; 419 | unsigned char buf[MAX_CONNECTION_NUM * sizeof(Connection)]; 420 | sock_fd = netlink_create_socket(); 421 | if (sock_fd == -1) 422 | { 423 | perror("Get connection create socke error!"); 424 | return -1; 425 | } 426 | if (netlink_bind(sock_fd) < 0) 427 | { 428 | perror("Get connection bind error!"); 429 | close(sock_fd); 430 | exit(EXIT_FAILURE); 431 | } 432 | a[0] = 3; 433 | netlink_send_message(sock_fd, (const unsigned char *)a, 1); 434 | if (netlink_recv_message(sock_fd, buf, &len) == 0) 435 | { 436 | printf("recvln:%d\n", len); 437 | memcpy(cons, buf, len); 438 | cnum = len / sizeof(Connection); 439 | } 440 | close(sock_fd); 441 | return 1; 442 | } 443 | void PrintConnections() { 444 | printf("Connections:\n"); 445 | printf("|----------------------------------------------------------|\n"); 446 | printf("| src_ip | dst_ip |src_port|dst_port|protocol|\n"); 447 | printf("|----------------------------------------------------------|\n"); 448 | for (int i = 0; i < cnum; i++) { 449 | char buff[20], buff2[20]; 450 | printf("|%15.20s|%15.20s|%8hu|%8hu|%8hhd|\n", addr_from_net(buff, cons[i].src_ip), addr_from_net(buff2, cons[i].dst_ip), cons[i].src_port, cons[i].dst_port, cons[i].protocol); 451 | printf("|----------------------------------------------------------|\n"); 452 | } 453 | } 454 | void PrintMenu() 455 | { 456 | printf("\n\n\n"); 457 | printf("1. add a rule\n"); 458 | printf("2. del a rule\n"); 459 | printf("3. print rules\n"); 460 | printf("4. send rules\n"); 461 | printf("5. set NAT\n"); 462 | printf("6. add a nat rule\n"); 463 | printf("7. del a nat rule\n"); 464 | printf("8. print NAT rules\n"); 465 | printf("9. send nat rules\n"); 466 | printf("10. print logs\n"); 467 | printf("11. print connections\n"); 468 | printf("input your choice(1-10) or 0 to quit:\n"); 469 | } 470 | int main() 471 | { 472 | printf("*-----------------welcome to use MyFW------------------*\n"); 473 | int op; 474 | while (true) { 475 | PrintMenu(); 476 | scanf("%d", &op); 477 | if (op == 0) 478 | { 479 | printf("exit!\n"); 480 | getchar(); 481 | break; 482 | } 483 | else 484 | { 485 | switch (op) 486 | { 487 | case 1: 488 | { 489 | printf("0 for refuse or no,1 for yes or permit\n"); 490 | char input[20]; 491 | char src_ip[20] = "any", dst_ip[20] = "any"; 492 | int src_port = -1, dst_port = -1; 493 | char protocol = -1; 494 | bool action = false; 495 | bool log = false; 496 | printf("src_ip(or any):"); 497 | scanf("%s", input); 498 | if (strcmp(input, "any")) 499 | strncpy(src_ip, input, strlen(input)); 500 | printf("\n"); 501 | printf("dst_ip(or any):"); 502 | scanf("%s", input); 503 | if (strcmp(input, "any")) 504 | strncpy(dst_ip, input, strlen(input)); 505 | printf("\n"); 506 | printf("src_port(or any):"); 507 | scanf("%s", input); 508 | if (strcmp(input, "any")) 509 | src_port = atoi(input); 510 | printf("\n"); 511 | printf("dst_port(or any):"); 512 | scanf("%s", input); 513 | if (strcmp(input, "any")) 514 | dst_port = atoi(input); 515 | printf("\n"); 516 | printf("protocol(6 for TCP,17 for UDP,1 for ICMP, or any):"); 517 | scanf("%s", input); 518 | if (strcmp(input, "any")) 519 | protocol = atoi(input); 520 | printf("\n"); 521 | 522 | printf("action(0 for no,1 for yes)"); 523 | scanf("%s", input); 524 | action = atoi(input); 525 | printf("\n"); 526 | printf("log(0 for no,1 for yes)"); 527 | scanf("%s", input); 528 | log = atoi(input); 529 | printf("\n"); 530 | AddRule(src_ip, dst_ip, src_port, dst_port, protocol, action, log); 531 | break; 532 | } 533 | case 2: 534 | { 535 | printf("input which rule you want to delete(0-%d):", rnum - 1); 536 | int pos; 537 | scanf("%d", &pos); 538 | printf("\n"); 539 | if (DelRule(pos)) 540 | printf("successful delete rule:%d\n", pos); 541 | else 542 | printf("select error\n"); 543 | break; 544 | } 545 | case 3: 546 | { 547 | PrintRules(); 548 | break; 549 | } 550 | case 4: 551 | { 552 | printf("send rules:\n"); 553 | SendRules(); 554 | printf("send end!\n"); 555 | break; 556 | } 557 | case 5: 558 | { 559 | char net_ip[20], firewall_ip[20]; 560 | unsigned int mask; 561 | printf("net ip:"); 562 | scanf("%s", net_ip); 563 | printf("\n"); 564 | printf("net mask:"); 565 | scanf("%x", &mask); 566 | printf("\n"); 567 | printf("firewall ip:"); 568 | scanf("%s", firewall_ip); 569 | printf("\n"); 570 | printf("net ip:%s\nnet mask:%x\nfirewall ip:%s\n", net_ip, net_mask, firewall_ip); 571 | SetNat(ipstr_to_num(net_ip), mask, ipstr_to_num(firewall_ip)); 572 | printf("Set Nat success!\n"); 573 | break; 574 | } 575 | case 6: 576 | { 577 | char nat_ip[20]; 578 | int nat_port, firewall_port; 579 | printf("nat ip:"); 580 | scanf("%s", nat_ip); 581 | printf("\n"); 582 | printf("nat port:"); 583 | scanf("%d", &nat_port); 584 | printf("\n"); 585 | printf("firewall port:"); 586 | scanf("%d", &firewall_port); 587 | printf("\n"); 588 | if (AddNatRule(ipstr_to_num(nat_ip), nat_port, firewall_port)) 589 | printf("Add nat rule success!\n"); 590 | else 591 | printf("Nat rules full!\n"); 592 | break; 593 | } 594 | case 7: 595 | { 596 | printf("input which nat rule you want to delete(0-%d):", nnum - 1); 597 | int pos; 598 | scanf("%d", &pos); 599 | printf("\n"); 600 | if (DelNatRule(pos)) 601 | printf("successful delete nat rule:%d\n", pos); 602 | else 603 | printf("select error\n"); 604 | break; 605 | } 606 | case 8: 607 | { 608 | PrintNatRules(); 609 | break; 610 | } 611 | case 9: 612 | { 613 | printf("send nat rules:\n"); 614 | SendNatRules(); 615 | printf("send end!\n"); 616 | break; 617 | } 618 | case 10: 619 | { 620 | if (GetLogs() == 1) 621 | { 622 | printf("get logs success!\n"); 623 | PrintLogs(); 624 | } 625 | else 626 | printf("get logs error!\n"); 627 | break; 628 | } 629 | case 11: 630 | { 631 | if (GetConnections() == 1) 632 | { 633 | printf("get connections success!\n"); 634 | PrintConnections(); 635 | } 636 | else 637 | printf("get connections error!\n"); 638 | break; 639 | } 640 | default: 641 | printf("check your choice and reinput\n"); 642 | break; 643 | 644 | } 645 | } 646 | } 647 | ////PrintMenu(); 648 | //AddRule("any", "127.0.0.1", ANY, ANY, ANY, 1, 0); 649 | //AddRule("127.0.0.1", "any", ANY, ANY, ANY, 1, 0); 650 | //AddRule("192.168.152.1", "any", ANY, ANY, ANY, 1, 1); 651 | //AddRule("any", "192.168.152.1", ANY, ANY, ANY, 1, 1); 652 | //AddRule("192.168.164.1", "any", -1, -1, -1, 1, 1); 653 | //AddRule("any", "192.168.164.1", -1, -1, -1, 1, 1); 654 | //AddRule("192.168.164.0/24", "any", ANY, ANY, ANY, 1, 1); 655 | //AddRule("any", "192.168.164.0/24", ANY, ANY, ANY, 1, 1); 656 | //AddRule("any", "any", -1, -1, -1, 1, 0); 657 | //////AddRule("192.168.1.1", "any", -1, -1, -1, 1, 0); 658 | //PrintRules(); 659 | //printf("sending\n"); 660 | //SendRules(); 661 | //printf("send end\n"); 662 | 663 | //char firewall_ip[20] = "192.168.152.1"; 664 | //char nat_ip[20] = "192.168.164.2"; 665 | //int firewall_port = 8888; 666 | //int nat_port = 80; 667 | //SetNat(ipstr_to_num("192.168.164.0"), 0xffffff00, ipstr_to_num("192.168.152.1")); 668 | //AddNatRule(ipstr_to_num(nat_ip), nat_port, firewall_port); 669 | //PrintNatRules(); 670 | //SendNatRules(); 671 | 672 | //GetLogs(); 673 | //PrintLogs(); 674 | return 0; 675 | } 676 | --------------------------------------------------------------------------------