📄 scriptwriter.c
字号:
"ICMP_TIMESTAMPING=%s\n", test_bool (PREFS_FW_ICMP_TIMESTAMPING)); fprintf (f, "# Allow Address Masking Requests\n" "ICMP_MASKING=%s\n", test_bool (PREFS_FW_ICMP_MASKING)); fprintf (f, "# Allow Redirection Requests\n" "ICMP_REDIRECTION=%s\n", test_bool (PREFS_FW_ICMP_REDIRECTION)); fprintf (f, "# Allow Source Quench Requests\n" "ICMP_SOURCE_QUENCHES=%s\n", test_bool (PREFS_FW_ICMP_SOURCE_QUENCHES)); fprintf (f, "\n"); fprintf (f, "# --(Broadcast Traffic)--\n" "# Block external broadcast traffic\n" "BLOCK_EXTERNAL_BROADCAST=%s\n", test_bool (PREFS_FW_BLOCK_EXTERNAL_BROADCAST)); fprintf (f, "# Block internal broadcast traffic\n" "BLOCK_INTERNAL_BROADCAST=%s\n", test_bool (PREFS_FW_BLOCK_INTERNAL_BROADCAST)); fprintf (f, "\n"); fprintf (f, "# --(Traffic Validation)--\n" "# Block non-routable traffic on the public interfaces\n" "BLOCK_NON_ROUTABLES=%s\n", test_bool (PREFS_FW_BLOCK_NON_ROUTABLES)); fprintf (f, "\n"); fprintf (f, "# --(Logging)--\n" "# System log level\n" "LOG_LEVEL=info\n"); fprintf (f, "\n"); fclose (f);}/* [ script_exists ] * Return true if script has been generated */gbooleanscript_exists (void){ struct stat statd; gint retval; retval = stat (FIRESTARTER_FIREWALL_SCRIPT, &statd); // When installing from RPM the script might already exist but the size will be 0 return (retval != -1 && statd.st_size != 0);}static gbooleanfile_exists (const gchar *path){ return g_file_test (path, G_FILE_TEST_EXISTS);}static gbooleandhclient_is_running (void){ gboolean exists; gchar *path = g_strconcat ("/var/run/dhclient-", preferences_get_string (PREFS_FW_EXT_IF), ".pid", NULL); exists = file_exists (path); g_free (path); return exists;}static gbooleandhcpcd_is_running (void){ gboolean exists; gchar *path; if (file_exists ("/etc/slackware-version")) { path = g_strconcat ("/etc/dhcpc/dhcpcd-", preferences_get_string (PREFS_FW_EXT_IF), ".pid", NULL); } else { path = g_strconcat ("/var/run/dhcpcd-", preferences_get_string (PREFS_FW_EXT_IF), ".pid", NULL); } exists = file_exists (path); g_free (path); return exists;}static voidappend_hook_to_script (FILE *f){ gchar buf[512]; GList *list = NULL; GList *link; while (fgets (buf, 512, f) != NULL) { if (strstr (buf, FIRESTARTER_HOOK)) return; else list = g_list_append (list, g_strdup (buf)); } rewind (f); fprintf (f, FIRESTARTER_HOOK); link = list; while (link != NULL) { fprintf (f, link->data); g_free (link->data); link = link->next; } g_list_free (list);}static voidremove_hook (gchar *path){ FILE *f; gchar buf[512]; GList *list = NULL; GList *link = NULL; gint pos = 0; f = fopen (path, "r"); if (f == NULL) { perror (g_strconcat ("Could not remove firestarter hook in ", path, NULL)); return; } while (fgets (buf, 512, f) != NULL) { list = g_list_append (list, g_strdup (buf)); if (strstr (buf, FIRESTARTER_HOOK)) link = g_list_nth (list, pos); pos++; } fclose (f); if (link != NULL) { GList *newlist; newlist = g_list_remove_link (list, link); g_free (link->data); f = fopen (path, "w"); if (f == NULL) { perror (g_strconcat ("Could not remove firestarter hook in ", path, NULL)); return; } link = newlist; while (link != NULL) { fprintf (f, link->data); g_free (link->data); link = link->next; } g_list_free (newlist); fclose (f); }}static voidadd_hook (gchar *path){ FILE *f; printf ("Adding Firestarter startup hook to %s\n", path); if (file_exists (path)) { f = fopen (path, "r+"); if (f == NULL) { perror ("Could not append firestarter hook"); return; } append_hook_to_script (f); fclose (f); } else { f = fopen (path, "w"); if (f == NULL) { perror ("Could not write firestarter hook"); return; } fprintf (f, FIRESTARTER_HOOK); fclose (f); }}voidscriptwriter_write_ppp_hook (void){ if (!file_exists ("/etc/ppp")) { printf ("No ppp detected on system. Not adding starting hook\n"); return; } add_hook (PPP_HOOK_FILE); chmod (PPP_HOOK_FILE, 0755);}voidscriptwriter_remove_ppp_hook (void){ if (!file_exists ("/etc/ppp/ip-up.local")) { return; } remove_hook (PPP_HOOK_FILE);}voidscriptwriter_write_dhcp_hook (void){ /* Red Hat 8+, some Mandrake 9 configurations use dhclient */ if (dhclient_is_running ()) { gchar *path = g_strdup ("/etc/dhclient-exit-hooks"); add_hook (path); g_free (path); /* Slackware uses DHCPCD, but it's path is different */ } else if (dhcpcd_is_running () && file_exists ("/etc/slackware-version")) { gchar *path = g_strconcat ("/etc/dhcpc/dhcpcd-", preferences_get_string (PREFS_FW_EXT_IF), ".exe", NULL); add_hook (path); g_free (path); /* Most other distributions use DHCPCD */ } else if (dhcpcd_is_running ()) { gchar *path = g_strconcat ("/etc/dhcpcd/dhcpcd-", preferences_get_string (PREFS_FW_EXT_IF), ".exe", NULL); add_hook (path); g_free (path); }}voidscriptwriter_remove_dhcp_hook (void){ gchar *path; /* Red Hat, Fedora, SuSE, Mandrake dhclient */ if (file_exists ("/etc/dhclient-exit-hooks")) { path = g_strdup ("/etc/dhclient-exit-hooks"); remove_hook (path); g_free (path); } /* Slackware DHCPD */ path = g_strconcat ("/etc/dhcpc/dhcpcd-", preferences_get_string (PREFS_FW_EXT_IF), ".exe", NULL); if (file_exists (path)) { remove_hook (path); } g_free (path); /* Old DHCPCD */ path = g_strconcat ("/etc/dhcpcd/dhcpcd-", preferences_get_string (PREFS_FW_EXT_IF), ".exe", NULL); if (file_exists (path)) { remove_hook (path); } g_free (path);}/* [ check_file ] * Check that file exists, if not, create */static voidcheck_file (const gchar *path){ FILE *file = NULL; if ((fopen (path, "r") == NULL) && (errno == ENOENT)) { if ((file = fopen (path, "w")) != NULL) { chmod (path, 00440); fclose (file); } }}/* [ create_rules_files ] * Create the empty modrules and user scripts, unless already exists. */static voidcreate_rules_files (void){ check_file (FIRESTARTER_CONTROL_SCRIPT); check_file (FIRESTARTER_FIREWALL_SCRIPT); check_file (FIRESTARTER_CONFIGURATION_SCRIPT); check_file (FIRESTARTER_SYSCTL_SCRIPT); check_file (FIRESTARTER_USER_PRE_SCRIPT); check_file (FIRESTARTER_USER_POST_SCRIPT); check_file (FIRESTARTER_NON_ROUTABLES_SCRIPT); check_file (FIRESTARTER_FILTER_HOSTS_SCRIPT); check_file (FIRESTARTER_FILTER_PORTS_SCRIPT); check_file (FIRESTARTER_INBOUND_SETUP); check_file (FIRESTARTER_OUTBOUND_SETUP); check_file (POLICY_IN_ALLOW_FROM); check_file (POLICY_IN_ALLOW_SERVICE); check_file (POLICY_IN_FORWARD); check_file (POLICY_OUT_DENY_TO); check_file (POLICY_OUT_DENY_FROM); check_file (POLICY_OUT_DENY_SERVICE); check_file (POLICY_OUT_ALLOW_TO); check_file (POLICY_OUT_ALLOW_FROM); check_file (POLICY_OUT_ALLOW_SERVICE);}/* [ scriptwriter_output_scripts ] * Creates all of the firestarter scripts */voidscriptwriter_output_scripts (void){ /* Creating the directories for scripts if they are missing */ mkdir (FIRESTARTER_RULES_DIR "/firestarter", 00700); mkdir (POLICY_IN_DIR, 00700); mkdir (POLICY_OUT_DIR, 00700); /* Write the firewall configuration */ scriptwriter_output_configuration (); /* Write the firewall control script */ scriptwriter_output_firestarter_script (); /* Write main firewall script */ write_netfilter_script (); /* Create all of the rule file stubs */ create_rules_files (); /* Start firewall on ppp interface up */ if (preferences_get_bool (PREFS_START_ON_DIAL_OUT)) scriptwriter_write_ppp_hook (); else scriptwriter_remove_ppp_hook (); /* Start firewall on DCHP lease renewal */ if (preferences_get_bool (PREFS_START_ON_DHCP)) scriptwriter_write_dhcp_hook (); else scriptwriter_remove_dhcp_hook ();}/* Check that the scripts on the system and the scripts that could be generated by this version of the program match */gbooleanscriptwriter_versions_match (void){ FILE *f; gchar buf[512]; gchar *version; gboolean current; if (!file_exists (FIRESTARTER_FIREWALL_SCRIPT)) return FALSE; f = fopen (FIRESTARTER_FIREWALL_SCRIPT, "r"); fgets (buf, 512, f); version = get_text_between (buf, "Firestarter ", ","); current = g_str_equal (version, VERSION); g_free (version); fclose (f); return current;}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -