gw-splash/iptables.py at master · ffrgb/gw-splash · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
from subprocess import call

class IPTables(object):
    def __init__(self):
        self.destination = '10.142.0.1'
        self.destinationv6 = '[2a01:4f8:100:57ff::1]'
        self.port = '5000'
        self.mark = '99'
        self.chain = 'portal'
        self.iface = 'bat0'

    def __start(self, iptables, destination):
        call([iptables, '-N', self.chain, '-t', 'mangle'])
        call([iptables, '-t', 'mangle', '-A', 'PREROUTING', '-i', self.iface, '-j', self.chain])
        call([iptables, '-t', 'mangle', '-A', self.chain, '-j', 'MARK', '--set-mark', self.mark])
        call([iptables, '-t', 'nat', '-A', 'PREROUTING', '-i',self.iface , '-m', 'mark', '--mark', self.mark, '-p', 'tcp', '--dport', '80', '-j', 'DNAT', '--to-destination', destination+':'+self.port])
        call([iptables, '-t', 'filter', '-A', 'FORWARD', '-m', 'mark', '--mark', self.mark, '-j', 'DROP'])

    def __shutdown(self, iptables, destination):
        call([iptables, '-t', 'mangle', '-D', 'PREROUTING', '-i', self.iface, '-j', self.chain])
        call([iptables, '-t', 'mangle', '-F', self.chain])
        call([iptables, '-t', 'mangle', '-X', self.chain])
        call([iptables, '-t', 'filter', '-D', 'FORWARD', '-m', 'mark', '--mark', self.mark, '-j', 'DROP'])
        call([iptables, '-t', 'nat', '-D', 'PREROUTING', '-i',self.iface , '-m', 'mark', '--mark', self.mark, '-p', 'tcp', '--dport', '80', '-j', 'DNAT', '--to-destination', destination+':'+self.port])

    def __unlockMAC(self, iptables, mac):
        if not call([iptables, '-t', 'mangle', '-I', self.chain, '-m', 'mac', '--mac-source', mac, '-j', 'RETURN']):
            return True
        else:
            return False

    def __lockMAC(self, iptables, mac):
        res = call([iptables, '-t', 'mangle', '-D', self.chain, '-m', 'mac', '--mac-source', mac, '-j', 'RETURN'])
        if res:
            return True
        else:
            return False
    def unlockDNS(self, ip):
        if not call(['iptables', '-t', 'mangle', '-I', self.chain, '-d', ip, '-j', 'RETURN']):
            return False

    def unlockDHCP(self, ip):
        if not call(['iptables', '-t', 'mangle', '-I', self.chain, '-d', ip, '-p udp', '--dport', '67:68', '--sport', '67:68', '-j', 'RETURN']):
            return False

    def start(self):
        self.__start('iptables', self.destination)
        self.__start('ip6tables', self.destinationv6)

    def shutdown(self):
        self.__shutdown('iptables', self.destination)
        self.__shutdown('ip6tables', self.destinationv6)

    def unlockMAC(self, mac):
        if self.__unlockMAC('iptables', mac) and self.__unlockMAC('ip6tables', mac):
            return True
        else:
            return False

    def lockMAC(self, mac):
        self.__lockMAC('iptables', mac)
        self.__lockMAC('ip6tables', mac)

if __name__ == '__main__':
    pass