1 package iotruntime.master;
3 import java.io.InputStream;
4 import java.io.InputStreamReader;
5 import java.io.BufferedReader;
6 import java.io.BufferedWriter;
7 import java.io.FileWriter;
8 import java.io.PrintWriter;
9 import java.io.IOException;
10 import java.util.HashMap;
13 /** Class RouterConfig is a class that configures the router
14 * in our compute node network with the relevant netfilter
16 * it uses ssh to contact the router and writes policy into it
18 * To make the implementation faster, we use "iptables-restore"
19 * that doesn't require "iptables" command to be invoked many
20 * times - each invocation of "iptables" will load the existing
21 * table from the kernel space before appending the new rule.
23 * @author Rahmadi Trimananda <rahmadi.trimananda @ uci.edu>
27 public final class RouterConfig {
30 * RouterConfig constants
32 private static final String STR_SSH_USERNAME_ROUTER = "root";
33 private static final String STR_SSH_USERNAME_HOST = "iotuser";
34 private static final String STR_POLICY_FILE_EXT = ".policy";
37 * RouterConfig properties
39 private Map<String, PrintWriter> mapHostToFile;
40 private Map<String, String> mapMACtoIPAdd;
45 public RouterConfig() {
46 // This maps hostname to file PrintWriter
48 mapMACtoIPAdd = new HashMap<String, String>();
52 * renewPrintWriter() renews the mapHostToFile object that lists all PrintWriters
56 public void renewPrintWriter() {
58 mapHostToFile = new HashMap<String, PrintWriter>();
62 * getPrintWriter() gets the right PrintWriter object to print policies to the right file
64 * @param strConfigHost String hostname to be configured
67 private PrintWriter getPrintWriter(String strConfigHost) {
69 // Return object if existing
70 if (mapHostToFile.containsKey(strConfigHost)) {
71 return mapHostToFile.get(strConfigHost);
73 // Simply create a new one if it doesn't exist
76 fw = new FileWriter(strConfigHost + STR_POLICY_FILE_EXT);
77 } catch (IOException ex) {
80 PrintWriter pwConfig = new PrintWriter(new BufferedWriter(fw));
81 pwConfig.println("*filter"); // Print header for iptables-restore
82 mapHostToFile.put(strConfigHost, pwConfig);
88 * close() closes all PrintWriter objects
94 for(PrintWriter pwConfig: mapHostToFile.values()) {
95 pwConfig.println("COMMIT"); // Add "COMMIT" statement to end the list for iptables-restore
101 * sendRouterPolicies() deploys policies on router
103 * @param strConfigHost String hostname to be configured
106 public void sendRouterPolicies(String strConfigHost) {
108 String strCmdSend = "scp " + strConfigHost + STR_POLICY_FILE_EXT + " " +
109 STR_SSH_USERNAME_ROUTER + "@" + strConfigHost + ":~;";
110 //System.out.println(strCmdSend);
111 deployPolicies(strCmdSend);
112 String strCmdDeploy = "ssh " + STR_SSH_USERNAME_ROUTER + "@" + strConfigHost +
113 " iptables-restore < ~/" + strConfigHost + STR_POLICY_FILE_EXT + "; rm ~/" + strConfigHost +
114 STR_POLICY_FILE_EXT + "; ";// +
115 // TODO: delete these later when we apply tight initial conditions (reject everything but SSH commands)
116 //"iptables -F startup_filter_tcp; iptables -F startup_filter_udp; " +
117 //"iptables -t filter -D FORWARD -j startup_filter_tcp; iptables -t filter -D FORWARD -j startup_filter_udp;";
118 //System.out.println(strCmdDeploy);
119 deployPolicies(strCmdDeploy);
123 * sendHostPolicies() deploys policies on host
125 * @param strConfigHost String hostname to be configured
128 public void sendHostPolicies(String strConfigHost) {
130 String strCmdSend = "scp " + strConfigHost + STR_POLICY_FILE_EXT + " " +
131 STR_SSH_USERNAME_HOST + "@" + strConfigHost + ":~;";
132 //System.out.println(strCmdSend);
133 deployPolicies(strCmdSend);
134 String strCmdDeploy = "ssh " + STR_SSH_USERNAME_HOST + "@" + strConfigHost +
135 " sudo iptables-restore < ~/" + strConfigHost + STR_POLICY_FILE_EXT + "; rm ~/" + strConfigHost +
136 STR_POLICY_FILE_EXT + ";";
137 //System.out.println(strCmdDeploy);
138 deployPolicies(strCmdDeploy);
142 * deployPolicies() method configures the policies
144 * @param strCommand String that contains command line
147 private void deployPolicies(String strCommand) {
150 Runtime runtime = Runtime.getRuntime();
151 Process process = runtime.exec(strCommand);
153 } catch (IOException ex) {
154 System.out.println("RouterConfig: IOException: " + ex.getMessage());
155 ex.printStackTrace();
156 } catch (InterruptedException ex) {
157 System.out.println("RouterConfig: InterruptException: " + ex.getMessage());
158 ex.printStackTrace();
163 * getAddressListObject() method returns the map from this class
165 * This method is useful for MAC policy class so that it doesn't have
166 * to query the router again
168 public Map<String, String> getAddressListObject() {
170 return mapMACtoIPAdd;
174 * getAddressList() method gets list of IP addresses
176 * This method sends an inquiry to the router to look for
177 * the list of DHCP leased addresses and their mapping to MAC
180 * @param strRouterAddress String that contains address of router
182 public void getAddressList(String strRouterAddress) {
184 //HashMap<String,String> hmMACToIPAdd = new HashMap<String,String>();
186 // We can replace "cat /tmp/dhcp.leases" with "cat /proc/net/arp"
187 String cmd = "ssh " + STR_SSH_USERNAME_ROUTER + "@" + strRouterAddress +
188 " cat /tmp/dhcp.leases";
189 Runtime runtime = Runtime.getRuntime();
190 Process process = runtime.exec(cmd);
192 InputStream inStream = process.getInputStream();
193 InputStreamReader isReader = new InputStreamReader(inStream);
194 BufferedReader bReader = new BufferedReader(isReader);
195 String strRead = null;
196 while((strRead = bReader.readLine()) != null){
197 String[] str = strRead.split(" ");
198 mapMACtoIPAdd.put(str[1], str[2]);
200 } catch (IOException ex) {
201 System.out.println("RouterConfig: IOException: " + ex.getMessage());
202 ex.printStackTrace();
207 * getIPFromMACAddress() method gets IP from MAC address
209 * @return String String that contains IP address from the MAC-IP mapping
211 public String getIPFromMACAddress(String strMACAddress) {
213 String strIPAddress = mapMACtoIPAdd.get(strMACAddress);
214 if (strIPAddress == null) {
215 throw new Error("RouterConfig: MAC address " + strMACAddress + " not found on the list! Please check if device is present in /tmp/dhcp.leases!");
221 * configureRouterMainPolicies() method configures the router
223 * This method configures the router's main policies
224 * This method creates a command line using 'ssh' and 'iptables'
225 * to access the router and create Netfilter statements
227 * @param strConfigHost String hostname to be configured
228 * @param strFirstHost String first host
229 * @param strSecondHost String second host
230 * @param strProtocol String protocol TCP/UDP
231 * @param iSrcPort Integer source port number
232 * @param iDstPort Integer destination port number
235 public void configureRouterMainPolicies(String strConfigHost, String strFirstHost,
236 String strSecondHost, String strProtocol, int iSrcPort, int iDstPort) {
238 PrintWriter pwConfig = getPrintWriter(strConfigHost);
239 pwConfig.println("-I FORWARD -j ACCEPT -s " + strFirstHost + " -d " +
240 strSecondHost + " -p " + strProtocol + " --dport " + iDstPort);
241 pwConfig.println("-I FORWARD -j ACCEPT -s " + strFirstHost + " -d " +
242 strSecondHost + " -p " + strProtocol + " --sport " + iSrcPort);
243 pwConfig.println("-I FORWARD -j ACCEPT -s " + strSecondHost + " -d " +
244 strFirstHost + " -p " + strProtocol + " --sport " + iDstPort);
245 pwConfig.println("-I FORWARD -j ACCEPT -s " + strSecondHost + " -d " +
246 strFirstHost + " -p " + strProtocol + " --dport " + iSrcPort);
250 * configureRouterMainPolicies() method configures the router
252 * This method configures the router's main policies
253 * This method creates a command line using 'ssh' and 'iptables'
254 * to access the router and create Netfilter statements
256 * @param strConfigHost String hostname to be configured
257 * @param strFirstHost String first host
258 * @param strSecondHost String second host
259 * @param strProtocol String protocol TCP/UDP
260 * @param iPort Integer port number
263 public void configureRouterMainPolicies(String strConfigHost, String strFirstHost,
264 String strSecondHost, String strProtocol, int iPort) {
266 PrintWriter pwConfig = getPrintWriter(strConfigHost);
267 pwConfig.println("-I FORWARD -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
268 " -p " + strProtocol + " --dport " + iPort);
269 pwConfig.println("-I FORWARD -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
270 " -p " + strProtocol + " --sport " + iPort);
271 pwConfig.println("-I FORWARD -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
272 " -p " + strProtocol + " --dport " + iPort);
273 pwConfig.println("-I FORWARD -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
274 " -p " + strProtocol + " --sport " + iPort);
278 * configureRouterMainPolicies() method configures the router
280 * This method is the same as the first configureRouterMainPolicies(),
281 * but it doesn't specify a certain port for the communication
283 * @param strConfigHost String hostname to be configured
284 * @param strFirstHost String first host
285 * @param strSecondHost String second host
286 * @param strProtocol String protocol TCP/UDP
289 public void configureRouterMainPolicies(String strConfigHost, String strFirstHost,
290 String strSecondHost, String strProtocol) {
292 PrintWriter pwConfig = getPrintWriter(strConfigHost);
293 pwConfig.println("-I FORWARD -j ACCEPT -s " + strFirstHost +
294 " -d " + strSecondHost + " -p " + strProtocol);
295 pwConfig.println("-I FORWARD -j ACCEPT -s " + strSecondHost +
296 " -d " + strFirstHost + " -p " + strProtocol);
301 * configureRouterMainPolicies() method configures the router
303 * This method is the same as the first configureRouterMainPolicies(),
304 * but it doesn't specify a certain port and protocol for the communication
306 * @param strConfigHost String hostname to be configured
307 * @param strFirstHost String first host
308 * @param strSecondHost String second host
311 public void configureRouterMainPolicies(String strConfigHost, String strFirstHost, String strSecondHost) {
313 PrintWriter pwConfig = getPrintWriter(strConfigHost);
314 pwConfig.println("-I FORWARD -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost);
315 pwConfig.println("-I FORWARD -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost);
320 * configureHostMainPolicies() method configures the host
322 * This method configures the host with router's policies
324 * @param strConfigHost String hostname to be configured
325 * @param strFirstHost String first host
326 * @param strSecondHost String second host
327 * @param strProtocol String protocol TCP/UDP
328 * @param iSrcPort Integer source port number
329 * @param iDstPort Integer destination port number
332 public void configureHostMainPolicies(String strConfigHost, String strFirstHost,
333 String strSecondHost, String strProtocol, int iSrcPort, int iDstPort) {
335 PrintWriter pwConfig = getPrintWriter(strConfigHost);
336 pwConfig.println("-I INPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
337 " -p " + strProtocol + " --dport " + iDstPort);
338 pwConfig.println("-I INPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
339 " -p " + strProtocol + " --sport " + iSrcPort);
340 pwConfig.println("-I INPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
341 " -p " + strProtocol + " --sport " + iDstPort);
342 pwConfig.println("-I INPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
343 " -p " + strProtocol + " --dport " + iSrcPort);
344 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
345 " -p " + strProtocol + " --dport " + iDstPort);
346 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
347 " -p " + strProtocol + " --sport " + iSrcPort);
348 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
349 " -p " + strProtocol + " --sport " + iDstPort);
350 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
351 " -p " + strProtocol + " --dport " + iSrcPort);
356 * configureHostMainPolicies() method configures the host
358 * This method configures the host with router's policies
360 * @param strConfigHost String hostname to be configured
361 * @param strFirstHost String first host
362 * @param strSecondHost String second host
363 * @param strProtocol String protocol TCP/UDP
364 * @param iPort Integer port number
367 public void configureHostMainPolicies(String strConfigHost, String strFirstHost,
368 String strSecondHost, String strProtocol, int iPort) {
370 PrintWriter pwConfig = getPrintWriter(strConfigHost);
371 pwConfig.println("-I INPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
372 " -p " + strProtocol + " --dport " + iPort);
373 pwConfig.println("-I INPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
374 " -p " + strProtocol + " --sport " + iPort);
375 pwConfig.println("-I INPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
376 " -p " + strProtocol + " --dport " + iPort);
377 pwConfig.println("-I INPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
378 " -p " + strProtocol + " --sport " + iPort);
379 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
380 " -p " + strProtocol + " --dport " + iPort);
381 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
382 " -p " + strProtocol + " --sport " + iPort);
383 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
384 " -p " + strProtocol + " --dport " + iPort);
385 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
386 " -p " + strProtocol + " --sport " + iPort);
390 * configureHostMainPolicies() method configures the host
392 * This method is the same as the first configureHostMainPolicies(),
393 * but it doesn't specify a certain port for the communication
395 * @param strConfigHost String hostname to be configured
396 * @param strFirstHost String first host
397 * @param strSecondHost String second host
398 * @param strProtocol String protocol TCP/UDP
401 public void configureHostMainPolicies(String strConfigHost, String strFirstHost,
402 String strSecondHost, String strProtocol) {
404 PrintWriter pwConfig = getPrintWriter(strConfigHost);
405 pwConfig.println("-I INPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
406 " -p " + strProtocol);
407 pwConfig.println("-I INPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
408 " -p " + strProtocol);
409 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
410 " -p " + strProtocol);
411 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
412 " -p " + strProtocol);
416 * configureHostMainPolicies() method configures the host
418 * This method is the same as the first configureHostMainPolicies(),
419 * but it doesn't specify a certain port and protocol for the communication
421 * @param strConfigHost String hostname to be configured
422 * @param strFirstHost String first host
423 * @param strSecondHost String second host
426 public void configureHostMainPolicies(String strConfigHost, String strFirstHost, String strSecondHost) {
428 PrintWriter pwConfig = getPrintWriter(strConfigHost);
429 pwConfig.println("-I INPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost);
430 pwConfig.println("-I INPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost);
431 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost);
432 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost);
437 * configureRouterHTTPPolicies() method configures the router
439 * This method configures the router's basic policies
440 * This method creates a command line using 'ssh' and 'iptables'
441 * to access the router and create Netfilter statements
443 * @param strConfigHost String hostname to be configured
444 * @param strFirstHost String first host address (source)
445 * @param strSecondHost String second host address (destination)
448 public void configureRouterHTTPPolicies(String strConfigHost, String strFirstHost, String strSecondHost) {
450 PrintWriter pwConfig = getPrintWriter(strConfigHost);
452 pwConfig.println("-I FORWARD -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
453 " -p tcp --dport http");
454 pwConfig.println("-I FORWARD -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
455 " -p tcp --sport http");
456 pwConfig.println("-I FORWARD -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
457 " -p tcp --dport http");
458 pwConfig.println("-I FORWARD -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
459 " -p tcp --sport http");
461 pwConfig.println("-I FORWARD -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
462 " -p tcp --dport https");
463 pwConfig.println("-I FORWARD -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
464 " -p tcp --sport https");
465 pwConfig.println("-I FORWARD -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
466 " -p tcp --dport https");
467 pwConfig.println("-I FORWARD -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
468 " -p tcp --sport https");
474 * configureRouterICMPPolicies() method configures the router
476 * This method configures the router's basic policies
477 * This method creates a command line using 'ssh' and 'iptables'
478 * to access the router and create Netfilter statements
480 * @param strConfigHost String hostname to be configured
483 public void configureRouterICMPPolicies(String strConfigHost) {
485 PrintWriter pwConfig = getPrintWriter(strConfigHost);
487 pwConfig.println("-A FORWARD -j ACCEPT -p icmp");
488 pwConfig.println("-A INPUT -j ACCEPT -p icmp");
489 pwConfig.println("-A OUTPUT -j ACCEPT -p icmp");
493 * configureRouterICMPPolicies() method configures the router
495 * This method configures the router's basic policies
496 * This method creates a command line using 'ssh' and 'iptables'
497 * to access the router and create Netfilter statements
499 * @param strConfigHost String hostname to be configured
500 * @param strMonitorHost String monitor address
503 public void configureRouterICMPPolicies(String strConfigHost, String strMonitorHost) {
505 PrintWriter pwConfig = getPrintWriter(strConfigHost);
507 pwConfig.println("-A FORWARD -j ACCEPT -p icmp");
508 pwConfig.println("-A INPUT -j ACCEPT -s " + strMonitorHost +
509 " -d " + strConfigHost + " -p icmp");
510 pwConfig.println("-A INPUT -j ACCEPT -s " + strConfigHost +
511 " -d " + strMonitorHost + " -p icmp");
512 pwConfig.println("-A OUTPUT -j ACCEPT -s " + strMonitorHost +
513 " -d " + strConfigHost + " -p icmp");
514 pwConfig.println("-A OUTPUT -j ACCEPT -s " + strConfigHost +
515 " -d " + strMonitorHost + " -p icmp");
519 * configureRouterSSHPolicies() method configures the router
521 * This method configures the router's basic policies
522 * This method creates a command line using 'ssh' and 'iptables'
523 * to access the router and create Netfilter statements
525 * @param strConfigHost String hostname to be configured
526 * @param strMonitorHost String monitor address
529 public void configureRouterSSHPolicies(String strConfigHost, String strMonitorHost) {
531 PrintWriter pwConfig = getPrintWriter(strConfigHost);
532 // Allow SSH - port 22 (only from monitor host)
533 pwConfig.println("-A INPUT -j ACCEPT -s " +
534 strMonitorHost + " -d " + strConfigHost + " -p tcp --dport ssh");
535 pwConfig.println("-A INPUT -j ACCEPT -s " +
536 strMonitorHost + " -d " + strConfigHost + " -p tcp --sport ssh");
537 pwConfig.println("-A INPUT -j ACCEPT -s " +
538 strConfigHost + " -d " + strMonitorHost + " -p tcp --dport ssh");
539 pwConfig.println("-A INPUT -j ACCEPT -s " +
540 strConfigHost + " -d " + strMonitorHost + " -p tcp --sport ssh");
541 pwConfig.println("-A OUTPUT -j ACCEPT -s " +
542 strMonitorHost + " -d " + strConfigHost + " -p tcp --dport ssh");
543 pwConfig.println("-A OUTPUT -j ACCEPT -s " +
544 strMonitorHost + " -d " + strConfigHost + " -p tcp --sport ssh");
545 pwConfig.println("-A OUTPUT -j ACCEPT -s " +
546 strConfigHost + " -d " + strMonitorHost + " -p tcp --dport ssh");
547 pwConfig.println("-A OUTPUT -j ACCEPT -s " +
548 strConfigHost + " -d " + strMonitorHost + " -p tcp --sport ssh");
549 pwConfig.println("-A FORWARD -j ACCEPT -p tcp --dport ssh");
550 pwConfig.println("-A FORWARD -j ACCEPT -p tcp --sport ssh");
555 * configureRouterDHCPPolicies() method configures the router
557 * This method configures the router's basic policies
558 * This method creates a command line using 'ssh' and 'iptables'
559 * to access the router and create Netfilter statements
561 * @param strConfigHost String hostname to be configured
564 public void configureRouterDHCPPolicies(String strConfigHost) {
566 PrintWriter pwConfig = getPrintWriter(strConfigHost);
567 // Allow DHCP renew - BOOTP Client port 68 / BOOTP Server port 67
568 pwConfig.println("-A INPUT -j ACCEPT -p udp --dport bootpc");
569 pwConfig.println("-A INPUT -j ACCEPT -p udp --sport bootpc");
570 pwConfig.println("-A OUTPUT -j ACCEPT -p udp --dport bootps");
571 pwConfig.println("-A OUTPUT -j ACCEPT -p udp --sport bootps");
575 * configureRouterDNSPolicies() method configures the router
577 * This method configures the router's basic policies
578 * This method creates a command line using 'ssh' and 'iptables'
579 * to access the router and create Netfilter statements
581 * @param strConfigHost String hostname to be configured
584 public void configureRouterDNSPolicies(String strConfigHost) {
586 PrintWriter pwConfig = getPrintWriter(strConfigHost);
587 // Allow DNS UDP and TCP port 53
588 pwConfig.println("-A INPUT -j ACCEPT -p tcp --dport domain");
589 pwConfig.println("-A INPUT -j ACCEPT -p tcp --sport domain");
590 pwConfig.println("-A OUTPUT -j ACCEPT -p tcp --dport domain");
591 pwConfig.println("-A OUTPUT -j ACCEPT -p tcp --sport domain");
592 pwConfig.println("-A INPUT -j ACCEPT -p udp --dport domain");
593 pwConfig.println("-A INPUT -j ACCEPT -p udp --sport domain");
594 pwConfig.println("-A OUTPUT -j ACCEPT -p udp --dport domain");
595 pwConfig.println("-A OUTPUT -j ACCEPT -p udp --sport domain");
599 * configureRejectPolicies() method configures the router
601 * This method configures the router's basic policies
602 * This method creates a command line using 'ssh' and 'iptables'
603 * to access the router and create Netfilter statements
605 * @param strConfigHost String hostname to be configured
608 public void configureRejectPolicies(String strConfigHost) {
610 PrintWriter pwConfig = getPrintWriter(strConfigHost);
611 // Reject every other thing
612 pwConfig.println("-A FORWARD -j REJECT");
613 pwConfig.println("-A INPUT -j REJECT");
614 pwConfig.println("-A OUTPUT -j REJECT");
618 * configureRouterNATPolicy() method configures the router
620 * This method configures the NAT policy separately.
621 * Somehow SSH in Java is not able to combine other commands for
622 * iptables rules configuration and NAT configuration.
624 * @param strConfigHost String hostname to be configured
627 public void configureRouterNATPolicy(String strConfigHost) {
629 PrintWriter pwConfig = getPrintWriter(strConfigHost);
631 pwConfig.println("-t nat -A POSTROUTING -o eth0 -j MASQUERADE");
635 * configureHostHTTPPolicies() method configures the host
637 * This method configures the host with HTTP policies
639 * @param strConfigHost String hostname to be configured
640 * @param strFirstHost String first host address (source)
641 * @param strSecondHost String second host address (destination)
644 public void configureHostHTTPPolicies(String strConfigHost, String strFirstHost, String strSecondHost) {
646 PrintWriter pwConfig = getPrintWriter(strConfigHost);
648 pwConfig.println("-I INPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
649 " -p tcp --dport http");
650 pwConfig.println("-I INPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
651 " -p tcp --sport http");
652 pwConfig.println("-I INPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
653 " -p tcp --dport http");
654 pwConfig.println("-I INPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
655 " -p tcp --sport http");
656 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
657 " -p tcp --dport http");
658 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
659 " -p tcp --sport http");
660 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
661 " -p tcp --dport http");
662 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
663 " -p tcp --sport http");
665 pwConfig.println("-I INPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
666 " -p tcp --dport https");
667 pwConfig.println("-I INPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
668 " -p tcp --sport https");
669 pwConfig.println("-I INPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
670 " -p tcp --dport https");
671 pwConfig.println("-I INPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
672 " -p tcp --sport https");
673 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
674 " -p tcp --dport https");
675 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
676 " -p tcp --sport https");
677 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
678 " -p tcp --dport https");
679 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
680 " -p tcp --sport https");
684 * configureHostICMPPolicies() method configures the host
686 * This method configures the host with router's policies
688 * @param strConfigHost String hostname to be configured
691 public void configureHostICMPPolicies(String strConfigHost) {
693 PrintWriter pwConfig = getPrintWriter(strConfigHost);
695 pwConfig.println("-A INPUT -j ACCEPT -p icmp");
696 pwConfig.println("-A OUTPUT -j ACCEPT -p icmp");
700 * configureHostSQLPolicies() method configures the host
702 * This method configures the host with router's policies
704 * @param strConfigHost String hostname to be configured
707 public void configureHostSQLPolicies(String strConfigHost) {
709 PrintWriter pwConfig = getPrintWriter(strConfigHost);
711 pwConfig.println("-A INPUT -j ACCEPT -p tcp --dport mysql");
712 pwConfig.println("-A INPUT -j ACCEPT -p tcp --sport mysql");
713 pwConfig.println("-A OUTPUT -j ACCEPT -p tcp --dport mysql");
714 pwConfig.println("-A OUTPUT -j ACCEPT -p tcp --sport mysql");
718 * configureHostICMPPolicies() method configures the host
720 * This method configures the host with router's policies
722 * @param strConfigHost String hostname to be configured
723 * @param strMonitorHost String monitor address
726 public void configureHostICMPPolicies(String strConfigHost, String strMonitorHost) {
728 PrintWriter pwConfig = getPrintWriter(strConfigHost);
730 pwConfig.println("-A INPUT -j ACCEPT -s " + strMonitorHost +
731 " -d " + strConfigHost + " -p icmp");
732 pwConfig.println("-A INPUT -j ACCEPT -s " + strConfigHost +
733 " -d " + strMonitorHost + " -p icmp");
734 pwConfig.println("-A OUTPUT -j ACCEPT -s " + strMonitorHost +
735 " -d " + strConfigHost + " -p icmp");
736 pwConfig.println("-A OUTPUT -j ACCEPT -s " + strConfigHost +
737 " -d " + strMonitorHost + " -p icmp");
742 * configureHostSSHPolicies() method configures the host
744 * This method configures the host with router's policies
746 * @param strConfigHost String hostname to be configured
749 public void configureHostSSHPolicies(String strConfigHost) {
751 PrintWriter pwConfig = getPrintWriter(strConfigHost);
752 // Allow SSH - port 22
753 pwConfig.println("-A INPUT -j ACCEPT -p tcp --dport ssh");
754 pwConfig.println("-A INPUT -j ACCEPT -p tcp --sport ssh");
755 pwConfig.println("-A OUTPUT -j ACCEPT -p tcp --dport ssh");
756 pwConfig.println("-A OUTPUT -j ACCEPT -p tcp --sport ssh");
757 pwConfig.println("-A FORWARD -j ACCEPT -p tcp --dport ssh");
758 pwConfig.println("-A FORWARD -j ACCEPT -p tcp --sport ssh");
763 * configureHostSSHPolicies() method configures the host
765 * This method configures the host with router's policies
767 * @param strConfigHost String hostname to be configured
768 * @param strMonitorHost String monitor address
771 public void configureHostSSHPolicies(String strConfigHost, String strMonitorHost) {
773 PrintWriter pwConfig = getPrintWriter(strConfigHost);
774 // Allow SSH - port 22
775 pwConfig.println("-A INPUT -j ACCEPT -s " +
776 strMonitorHost + " -d " + strConfigHost + " -p tcp --dport ssh");
777 pwConfig.println("-A INPUT -j ACCEPT -s " +
778 strMonitorHost + " -d " + strConfigHost + " -p tcp --sport ssh");
779 pwConfig.println("-A INPUT -j ACCEPT -s " +
780 strConfigHost + " -d " + strMonitorHost + " -p tcp --dport ssh");
781 pwConfig.println("-A INPUT -j ACCEPT -s " +
782 strConfigHost + " -d " + strMonitorHost + " -p tcp --sport ssh");
783 pwConfig.println("-A OUTPUT -j ACCEPT -s " +
784 strMonitorHost + " -d " + strConfigHost + " -p tcp --dport ssh");
785 pwConfig.println("-A OUTPUT -j ACCEPT -s " +
786 strMonitorHost + " -d " + strConfigHost + " -p tcp --sport ssh");
787 pwConfig.println("-A OUTPUT -j ACCEPT -s " +
788 strConfigHost + " -d " + strMonitorHost + " -p tcp --dport ssh");
789 pwConfig.println("-A OUTPUT -j ACCEPT -s " +
790 strConfigHost + " -d " + strMonitorHost + " -p tcp --sport ssh");
795 * configureHostDHCPPolicies() method configures the host
797 * This method configures the host with router's policies
799 * @param strConfigHost String hostname to be configured
802 public void configureHostDHCPPolicies(String strConfigHost) {
804 PrintWriter pwConfig = getPrintWriter(strConfigHost);
805 // Allow DHCP renew - BOOTP Client port 68 / BOOTP Server port 67
806 pwConfig.println("-A INPUT -j ACCEPT -p udp --dport bootpc");
807 pwConfig.println("-A INPUT -j ACCEPT -p udp --sport bootpc");
808 pwConfig.println("-A OUTPUT -j ACCEPT -p udp --dport bootps");
809 pwConfig.println("-A OUTPUT -j ACCEPT -p udp --sport bootps");
814 * configureHostDNSPolicies() method configures the host
816 * This method configures the host with router's policies
818 * @param strConfigHost String hostname to be configured
821 public void configureHostDNSPolicies(String strConfigHost) {
823 PrintWriter pwConfig = getPrintWriter(strConfigHost);
824 // Allow DNS UDP and TCP port 53
825 pwConfig.println("-A INPUT -j ACCEPT -p tcp --dport domain");
826 pwConfig.println("-A INPUT -j ACCEPT -p tcp --sport domain");
827 pwConfig.println("-A OUTPUT -j ACCEPT -p tcp --dport domain");
828 pwConfig.println("-A OUTPUT -j ACCEPT -p tcp --sport domain");
829 pwConfig.println("-A INPUT -j ACCEPT -p udp --dport domain");
830 pwConfig.println("-A INPUT -j ACCEPT -p udp --sport domain");
831 pwConfig.println("-A OUTPUT -j ACCEPT -p udp --dport domain");
832 pwConfig.println("-A OUTPUT -j ACCEPT -p udp --sport domain");