📄 802477eca61d001c1390b202b6bd942d
字号:
package deng;
import java.io.*;
import java.util.ArrayList;
import javax.swing.JOptionPane;
public class FilesIO {
static int i=0;
public static void writeRuleToScript(Rule rule,PrintWriter pw){
String strRule="";
String[] direction=rule.getDirection();
for(int i=0;i<direction.length;i++){
if(direction[i]!=null)
{
strRule="iptables -A "+direction[i]+" -p "+rule.getProtocol()+" -s "+rule.getIP()+" -d "+rule.getDip()
+" --sport "+rule.getSport()+" --dport "+rule.getDport()+" -j "+rule.getStrategy();
pw.println(strRule);
}
}
}
public static boolean writeAllRulesToScript(MyArrayList ruleList){
File file=new File("\\etc\\rc.d\\filter-firewall");
//File file=new File("E:\\FireWall");
FileOutputStream fos=null;
PrintWriter pw=null;
boolean flag=false;
if(file.exists()){
try {
file=new File("\\etc\\rc.d\\filter-firewall\\RuleScript.txt");
//file=new File("E:\\FireWall\\RuleScript.txt");
fos=new FileOutputStream(file);
pw=new PrintWriter(fos);
writeIniRuleToScript(pw);
for(int i=0;i<ruleList.size();i++){
Rule rule=(Rule)ruleList.get(i);
writeRuleToScript(rule,pw);
}
flag=true;
} catch (IOException e) {
e.printStackTrace();
flag=false;
JOptionPane.showMessageDialog(null,"向脚本文件中写入时出错!" );
}
}else{
try {
file.mkdirs();
file=new File("\\etc\\rc.d\\filter-firewall\\RuleScript.txt");
//file=new File("E:\\FireWall\\RuleScript.txt");
fos=new FileOutputStream(file,true);
pw=new PrintWriter(fos);
writeIniRuleToScript(pw);
for(int i=0;i<ruleList.size();i++){
Rule rule=(Rule)ruleList.get(i);
writeRuleToScript(rule,pw);
}
flag=true;
} catch (IOException e) {
e.printStackTrace();
flag=false;
JOptionPane.showMessageDialog(null,"向脚本文件中写入时出错!" );
}
}
try{
if(pw!=null)
pw.close();
}catch(Exception e){
e.printStackTrace();
flag=false;
JOptionPane.showMessageDialog(null,"无法关闭资源!" );
}
return flag;
}
public static void writeIniRuleToScript(PrintWriter pw){
String [] iniRules={"#!/bash/sh",
"echo \"1\" > /proc/sys/net/ipv4/ip_forward #缺省情况下,IP转发都处于不可用状态,将其设置为可用状态",
"echo \"1\" > /proc/sys/net/ipv4/ip_dynaddr #使IP的动态分配功能可用",
"/sbin/depmod -a # 整理核心支持模块之清单",
"/sbin/modprobe ip_tables",
"/sbin/modprobe ip_nat",
"iptables -F # 清除所有已设定之规则,回复到不设防状态",
"iptables -X",
"iptables -Z #将封包计数器归零。封包计数器是用来计算同一封包出现次数,是过滤阻断式攻击不可或缺的工具",
"iptables -t nat -F",
"iptables -t nat -X",
"iptables -P INPUT DROP # 定义安全政策为正面表列。未符合过滤条件之封包,预设的处理方式",
"iptables -P OUTPUT DROP",
"iptables -P FORWARD DROP",
"iptables -t nat -P PREROUTING DROP #地址伪装的默认规则",
"iptables -t nat -P POSTROUTING DROP",
"iptables -A INPUT -i eth0 -j ACCEPT #假设ppp0是拨号连接外部的网络接口,eth0是内部接口",
"iptables -A OUTPUT -o ! eth0 -j ACCEPT ",
"iptables -A FORWARD -i ppp0 -j ACCEPT ",
"iptables -A FORWARD -o eth0 -j ACCEPT ",
"iptables -A OUTPUT -o ppp0 -p tcp --dport 80 -j ACCEPT #允许内部访问www服务",
"iptables -A OUTPUT -p tcp --sport 80 -j ACCEPT",
"iptables -A OUTPUT -o ppp0 -p tcp --dport 21 -j ACCEPT #允许ftp下载",
"iptables -A OUTPUT -o ppp0 -p tcp --dport 20 -j ACCEPT",
"iptables -A FORWARD -i ppp0 -p tcp --dport 21 -j ACCEPT ",
"iptables -A FORWARD -o eth0 -p tcp --dport 21 -j ACCEPT ",
"# 从 WAN 进入防火墙主机的所有封包,检查是否为响应封包,若是则予以放行",
"iptables -A INPUT -p ALL -m state --state ESTABLISHED,RELATED -j ACCEPT ",
"# 从 WAN 要到 LAN 的封包仅放行回应封包",
"iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT ",
"iptables -A INPUT -p udp --sport 53 -j ACCEPT #DNS端口",
"#更改所有来自192.168.100.0/24的数据包的源ip地址为198.199.37.3",
"iptables -t nat -A POSTROUTING -s 192.168.100.0/24 -o ppp0 -j SNAT --to 198.199.37.3",
"#更改所有来自192.168.133.0/24的数据包的源ip地址为198.199.37.3",
"iptables -t nat -A POSTROUTING -s 192.168.133.0/24 -o ppp0 -j SNAT --to 198.199.37.3",
"iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE --to-ports 1024:31000"
//"iptables -t nat -A POSTROUTING -p tcp -o eth0 -j SNAT --to 192.168.10.5-192.168.10.100:1024-32000",
};
for(int i=0;i<iniRules.length;i++){
pw.println(iniRules[i]);
}
}
public static boolean saveRuleListToFile(MyArrayList ruleList){
File file=new File("\\etc\\rc.d\\filter-firewall");
//File file=new File("E:\\FireWall");
FileOutputStream fos=null;
ObjectOutputStream oos=null;
boolean flag=true;
if(file.exists()){
try {
file=new File("\\etc\\rc.d\\filter-firewall\\RuleList.txt");
//file=new File("E:\\FireWall\\RuleList.txt");
fos=new FileOutputStream(file);
oos=new ObjectOutputStream(fos);
oos.writeObject(ruleList);
i++;//记录保存的次数
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
flag=false;
JOptionPane.showMessageDialog(null,"向文件中保存数据时出错!" );
}
}else{
try {
file.mkdirs();
file=new File("\\etc\\rc.d\\filter-firewall\\RuleList.txt");
//file=new File("E:\\FireWall\\RuleList.txt");
fos=new FileOutputStream(file);
oos=new ObjectOutputStream(fos);
oos.writeObject(ruleList);
i++;//记录保存的次数
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
flag=false;
JOptionPane.showMessageDialog(null,"向文件中保存数据时出错!" );
}
}
try{
if(oos!=null)oos.close();
}catch(Exception ee){
ee.printStackTrace();
flag=false;
JOptionPane.showMessageDialog(null,"无法关闭资源!" );
}
return flag;
}
public static MyArrayList readRuleListFromFile(String URL){
File file=new File(URL);
MyArrayList myArrayList=new MyArrayList();
FileInputStream fis=null;
ObjectInputStream ois=null;
if(file.exists()){
try {
fis=new FileInputStream(file);
ois=new ObjectInputStream(fis);
myArrayList=(MyArrayList)ois.readObject();
} catch (Exception e) {
e.printStackTrace();
JOptionPane.showMessageDialog(null,"从文件中读取数据时出错!" );
}
}else if(i>0){
JOptionPane.showMessageDialog(null,"注意!找不到所需的RuleList文件,可能被删除!" );
}
try{
if(ois!=null)ois.close();
}catch(Exception ee){
ee.printStackTrace();
JOptionPane.showMessageDialog(null,"无法关闭资源!" );
}
return myArrayList;
}
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -