📄 rule.java
字号:
} catch (ArrayIndexOutOfBoundsException ignore) {} } if (usage > 0) addString("Count "+Integer.toString(usage)); if (bytes > 8*GIGA) addString(Long.toString(bytes / GIGA)+" GB"); else if (bytes > 8*MEGA) addString(Long.toString(bytes / MEGA)+" MB"); else if (bytes > 8*KILO) addString(Long.toString(bytes / KILO)+" KB"); else if (bytes > 0) addString(Long.toString(bytes)+" Bytes"); break; default: addString("Unknown column!"); break; } // switch return returnArray(); } // print address information // For active rules, the address array is used // For the rule editor, address macros are used private void print_addr(int idx, int cnt, Host firewall, ManageDomain mgDomain) { StringBuffer sb; boolean tcp_or_udp = false; if (idx <= SF_FIRSTMACRO) { Macro m; if (mgDomain != null) m = Macro.getMacro(idx, mgDomain.Macros); else m = null; if (m != null && m.macroName.length() > 0) { addString(m.macroName); switch (m.macroType) { case Macro.MACRO_INSIDE: addString(" Inside"); break; case Macro.MACRO_OUTSIDE: addString(" Outside"); break; case Macro.MACRO_ADDRESSLIST: String str[] = m.addresses.printAddresses(); for (int i=0; i < str.length; i++) addString(" "+str[i]); break; case Macro.MACRO_OWNADDR: addString(" Own addresses"); break; } if (m.port != Macro.MACRO_FIRSTPORT || m.prend != Macro.MACRO_LASTPORT) { if (m.port == m.prend) addString(" Port "+m.port); else addString(" Ports "+m.port+".."+m.prend); } } else addString("Macro "+(Math.abs(idx)-SF_FIRSTMACRO_ABS)); return; } if (firewall == null) { if (idx != 0) addString("ERROR!"); return; } if (((fw_flags & SF_FW_PROT) == SF_FW_CHECK_PROTOCOL) && (protocol == IPPROTO_TCP || protocol == IPPROTO_UDP)) tcp_or_udp = true; if ((fw_flags & SF_FW_SRC_NEG) != 0) addString("all except:"); for (int i = idx; i < (idx+cnt); i++) { sb = new StringBuffer(); if (firewall.mask[i][0] != 0 || firewall.mask[i][1] != 0 || firewall.mask[i][2] != 0 || firewall.mask[i][3] != 0) { addString(Utils.printIP(firewall.addr[i])); sb.append(" "); if (firewall.mask[i][0] != -1 || firewall.mask[i][1] != -1 || firewall.mask[i][2] != -1 || firewall.mask[i][3] != -1) addString(" mask "+Utils.printIP(firewall.mask[i])); } if (tcp_or_udp && firewall.port[i] != 0 && firewall.prend[i] != -1) { sb.append("port "+Long.toString(Utils.unsign(firewall.port[i]))); if (firewall.port[i] != firewall.prend[i]) sb.append(".."+Long.toString(Utils.unsign(firewall.prend[i]))); addString(sb.toString()); } } } // String array construction private void addString(String s) { if (stringCount == stringArraySize) return; stringArray[stringCount] = s; stringCount++; } // String array construction private String[] returnArray() { String str[] = new String[stringCount]; for (int i=0; i < stringCount; i++) { str[i] = stringArray[i]; stringArray[i] = null; } stringCount = 0; return str; } // temporary variables for output generation private static final int stringArraySize = 100; private String stringArray[] = new String[stringArraySize]; private int stringCount = 0; /** * Print the rule in configuration file format. This method is called when * generating a configuration file for a firewall. * @param ps Stream to write the output to * @param mgDomain Manage domain object holding the global configuration data. * @param host Firewall the configuration file is generated for */ public void printRule(PrintWriter ps, ManageDomain mgDomain, Host host) { ps.println("# "+comment); if (!active) { ps.println("# rule inactive - skipped..."); ps.println(); return; } switch (fw_rc) { case FW_ACCEPT: ps.println("accept"); break; case SF_RC_OBSERVE: ps.println("observe"); break; case FW_BLOCK: ps.println("block"); break; case SF_RC_TREJECT: ps.println("reject with tcp_reset"); break; case SF_RC_BEST: ps.println("reject with best"); break; case SF_RC_ECHO: ps.println("reject with echo_reply"); break; case SF_RC_RNET: ps.println("reject with icmp_net_unreachable"); break; case FW_REJECT: ps.println("reject with icmp_host_unreachable"); break; case SF_RC_RPROTO: ps.println("reject with icmp_protocol_unreachable"); break; case SF_RC_RPORT: ps.println("reject with icmp_port_unreachable"); break; default: ps.println("# ERROR: unknown return code "+fw_rc); ps.println(); return; } boolean comma = false; if ((fw_flags & SF_FW_CHECK_OPT) != 0) { ps.println(" options"); if ((fw_flags & SF_FW_OPT_RR) != 0) comma = printComma(ps, " ", comma, "record_route"); if ((fw_flags & SF_FW_OPT_TS) != 0) comma = printComma(ps, " ", comma, "timestamp"); if ((fw_flags & SF_FW_OPT_SEC) != 0) comma = printComma(ps, " ", comma, "security"); if ((fw_flags & SF_FW_OPT_LSR) != 0) comma = printComma(ps, " ", comma, "loose_source_route"); if ((fw_flags & SF_FW_OPT_SSR) != 0) comma = printComma(ps, " ", comma, "strict_source_route"); if ((fw_flags & SF_FW_OPT_SATID) != 0) comma = printComma(ps, " ", comma, "sat_id"); } if ((fw_flags & SF_FW_CHECK_TTL) != 0) { StringBuffer sb = new StringBuffer("ttl "); switch (fw_flags & SF_FW_TTL) { case SF_FW_TTL_EQUAL: sb.append("= "); break; case SF_FW_TTL_LESS: sb.append("< "); break; case SF_FW_TTL_GREATER: sb.append("> "); break; case SF_FW_TTL_NOTEQUAL: sb.append("!= "); break; } sb.append(ttl); comma = printComma(ps, " ", comma, sb.toString()); } comma = false; // protocol int protflags = fw_flags & SF_FW_PROT; if (protflags == SF_FW_PROT_ALL) { ps.println(" all"); } else if (protflags == SF_FW_PROT_RIP) { ps.println(" rip "); printAddrConfig(ps, 4, mgDomain, host, fw_rip_idx); } else if (protflags == SF_FW_CHECK_PROTOCOL) { switch (protocol) { case IPPROTO_ICMP: ps.println(" icmp"); if ((fw_flags & SF_TYPE_MASK) != SF_ICMP_ALLTYPES) { if ((fw_flags & SF_ICMP_ECHOREPLY) != 0) comma = printComma(ps, " ", comma, "echo_reply"); if ((fw_flags & SF_ICMP_DEST_UNREACH) != 0) comma = printComma(ps, " ", comma, "destination_unreachable"); if ((fw_flags & SF_ICMP_SOURCE_QUENCH) != 0) comma = printComma(ps, " ", comma, "source_quench"); if ((fw_flags & SF_ICMP_REDIRECT) != 0) comma = printComma(ps, " ", comma, "redirect"); if ((fw_flags & SF_ICMP_ECHO) != 0) comma = printComma(ps, " ", comma, "echo_request"); if ((fw_flags & SF_ICMP_TIME_EXCEEDED) != 0) comma = printComma(ps, " ", comma, "time_exceeded"); if ((fw_flags & SF_ICMP_PARAMETERPROB) != 0) comma = printComma(ps, " ", comma, "parameter_problem"); if ((fw_flags & SF_ICMP_TIMESTAMP) != 0) comma = printComma(ps, " ", comma, "timestamp_request"); if ((fw_flags & SF_ICMP_TIMESTAMPREPLY) != 0) comma = printComma(ps, " ", comma, "timestamp_reply"); if ((fw_flags & SF_ICMP_INFO_REQUEST) != 0) comma = printComma(ps, " ", comma, "information_request"); if ((fw_flags & SF_ICMP_INFO_REPLY) != 0) comma = printComma(ps, " ", comma, "information_reply"); if ((fw_flags & SF_ICMP_ADDRESS) != 0) comma = printComma(ps, " ", comma, "address_mask_request"); if ((fw_flags & SF_ICMP_ADDRESSREPLY) != 0) comma = printComma(ps, " ", comma, "address_mask_reply"); } break; case IPPROTO_IGMP: ps.println(" igmp"); if ((fw_flags & SF_TYPE_MASK) != SF_IGMP_ALLTYPES) { if ((fw_flags & SF_IGMP_HOST_MEMBERSHIP_QUERY) != 0) comma = printComma(ps, " ", comma, "host_membership_query"); if ((fw_flags & SF_IGMP_HOST_MEMBERSHIP_REPORT) != 0) comma = printComma(ps, " ", comma, "host_membership_report"); if ((fw_flags & SF_IGMP_HOST_LEAVE_MESSAGE) != 0) comma = printComma(ps, " ", comma, "host_leave_message"); } break; case IPPROTO_TCP: ps.println(" tcp"); break; case IPPROTO_UDP: ps.println(" udp"); break; default: ps.print(" "+Integer.toString(protocol)); if (protocol <= MAX_PROTOCOL) ps.print(" /* "+protocols[protocol]+" */"); else ps.print(" /* Protocol "+Integer.toString(protocol)+" */"); ps.println(); break; } // switch (protocol) } if ((protflags == SF_FW_PROT_ALL || (protflags == SF_FW_CHECK_PROTOCOL && protocol == IPPROTO_TCP)) && fw_rc == FW_ACCEPT) { if ((fw_flags & SF_FTP_NO_ACTIVE) != 0 && (fw_flags & SF_FTP_NO_PASSIVE) != 0) comma = printComma(ps, " ", comma, "ftp_none"); else if ((fw_flags & SF_FTP_NO_ACTIVE) != 0) comma = printComma(ps, " ", comma, "ftp_passive"); else if ((fw_flags & SF_FTP_NO_PASSIVE) != 0) comma = printComma(ps, " ", comma, "ftp_active"); else comma = printComma(ps, " ", comma, "ftp_all"); if ((fw_flags & SF_FTP_DATA_LOG) != 0) comma = printComma(ps, " ", comma, "ftp_log_data_conn"); } comma = false; if (fw_src_idx <= SF_FIRSTMACRO) { ps.print(" from "); printAddrConfig(ps, 4, mgDomain, host, fw_src_idx); } if (fw_dst_idx <= SF_FIRSTMACRO) { ps.print(" to "); printAddrConfig(ps, 4, mgDomain, host, fw_dst_idx); } ps.println(" notification_level "+level_num+";"); ps.println(); } //printRule private boolean printComma(PrintWriter ps, String s1, boolean comma, String s2) { ps.print(s1); if (comma) ps.print(","); ps.println(s2); return true; } private void printPorts(PrintWriter ps, Macro m) { if (m.port != Macro.MACRO_FIRSTPORT || m.prend != Macro.MACRO_LASTPORT) { ps.print("port "+m.port); if (m.port != m.prend) ps.print(" .. "+m.prend); } } private void printAddrConfig(PrintWriter ps, int indent, ManageDomain mgDomain, Host host, int idx) { String indentString = new String(); for (int i=0; i < indent; i++) indentString += " "; if (idx <= SF_FIRSTMACRO) { Macro m = Macro.getMacro(idx, mgDomain.Macros); if (m == null) { ps.println(indentString+"/* ERROR: Macro "+(Math.abs(idx)-SF_FIRSTMACRO_ABS)+" not found! */"); return; } ps.println("/* "+m.macroName+" */"); switch (m.macroType) { case Macro.MACRO_INSIDE: ps.print(indentString+"inside "); printPorts(ps, m); ps.println(); break; case Macro.MACRO_OUTSIDE: ps.print(indentString+"outside "); printPorts(ps, m); ps.println(); break; case Macro.MACRO_PORTS_ONLY: ps.print(indentString); printPorts(ps, m); ps.println(); break; case Macro.MACRO_ADDRESSLIST: m.addresses.printAddressesFormatted(ps, indent, m.port, m.prend); break; case Macro.MACRO_OWNADDR:⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -