1 package iotruntime.master;
3 import java.io.InputStream;
4 import java.io.InputStreamReader;
5 import java.io.BufferedReader;
6 import java.io.BufferedWriter;
7 import java.io.FileWriter;
8 import java.io.PrintWriter;
9 import java.io.IOException;
10 import java.nio.file.Files;
11 import java.nio.file.Paths;
12 import java.nio.charset.StandardCharsets;
13 import java.util.HashMap;
16 /** Class RouterConfig is a class that configures the router
17 * in our compute node network with the relevant netfilter
19 * it uses ssh to contact the router and writes policy into it
21 * To make the implementation faster, we use "iptables-restore"
22 * that doesn't require "iptables" command to be invoked many
23 * times - each invocation of "iptables" will load the existing
24 * table from the kernel space before appending the new rule.
26 * We write the core policy repeatedly for each benchmark, while
27 * the header "*filter" and tail (a bunch of closing rules and
28 * REJECT rules) are written into a different file.
29 * They are merged and deployed for every benchmark bootstrapped
32 * @author Rahmadi Trimananda <rahmadi.trimananda @ uci.edu>
36 public final class RouterConfig {
39 * RouterConfig constants
41 private static final String STR_SSH_USERNAME_ROUTER = "root";
42 private static final String STR_SSH_USERNAME_RASPBERRYPI = "pi";
43 private static final String STR_SSH_USERNAME_HOST = "iotuser";
44 private static final String STR_POLICY_FILE_ALL = "_all";
45 private static final String STR_POLICY_FILE_EXT = ".policy";
46 private static final String STR_INCOMPLETE = "(incomplete)";
49 * RouterConfig properties
51 private Map<String, PrintWriter> mapHostToFile;
52 private Map<String, PrintWriter> mapHostToMainFile;
53 private Map<String, String> mapMACtoIPAdd;
58 public RouterConfig() {
59 // This maps hostname to file PrintWriter
61 mapMACtoIPAdd = new HashMap<String, String>();
65 * renewPrintWriter() renews the mapHostToFile object that lists all PrintWriters
69 public void renewPrintWriter() {
71 mapHostToFile = new HashMap<String, PrintWriter>();
75 * renewMainPrintWriter() renews the mapHostToMainFile object that lists all main PrintWriters
79 public void renewMainPrintWriter() {
81 mapHostToMainFile = new HashMap<String, PrintWriter>();
85 * initMainPolicy() initializes the main PrintWriter object to print the entire policies
87 * @param strConfigHost String hostname to be configured
90 public void initMainPolicy(String strConfigHost) {
92 PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
93 pwConfig.println("*filter"); // Print header for iptables-restore
97 * getMainPrintWriter() gets the main PrintWriter object to print the entire policies
99 * @param strHost String hostname to be configured
100 * @return PrintWriter
102 private PrintWriter getMainPrintWriter(String strHost) {
104 String strConfigHost = strHost + STR_POLICY_FILE_ALL;
105 // Return object if existing
106 if (mapHostToMainFile.containsKey(strConfigHost)) {
107 return mapHostToMainFile.get(strConfigHost);
109 // Simply create a new one if it doesn't exist
110 FileWriter fw = null;
112 fw = new FileWriter(strConfigHost + STR_POLICY_FILE_EXT);
113 } catch (IOException ex) {
114 ex.printStackTrace();
116 PrintWriter pwConfig = new PrintWriter(new BufferedWriter(fw));
117 mapHostToMainFile.put(strConfigHost, pwConfig);
123 * getPrintWriter() gets the right PrintWriter object to print policies to the right file
125 * @param strConfigHost String hostname to be configured
126 * @return PrintWriter
128 private PrintWriter getPrintWriter(String strConfigHost) {
130 // Return object if existing
131 if (mapHostToFile.containsKey(strConfigHost)) {
132 return mapHostToFile.get(strConfigHost);
134 // Simply create a new one if it doesn't exist
135 FileWriter fw = null;
137 fw = new FileWriter(strConfigHost + STR_POLICY_FILE_EXT);
138 } catch (IOException ex) {
139 ex.printStackTrace();
141 PrintWriter pwConfig = new PrintWriter(new BufferedWriter(fw));
142 //pwConfig.println("*filter"); // Print header for iptables-restore
143 mapHostToFile.put(strConfigHost, pwConfig);
149 * readFile() read the entire file and return a string
151 * @return String String that contains the content of the file
153 public String readFile(String filePath) {
155 String retStr = null;
157 retStr = new String(Files.readAllBytes(Paths.get(filePath)), StandardCharsets.UTF_8);
158 } catch (IOException ex) {
159 ex.printStackTrace();
165 * combineRouterPolicies() method combines the core router policies into the main file
167 * @param strConfigHost String hostname to be configured
170 public void combineRouterPolicies(String strConfigHost) {
172 PrintWriter pwConfigAll = getMainPrintWriter(strConfigHost);
173 PrintWriter pwConfig = getPrintWriter(strConfigHost);
175 String strPolicyList = readFile(strConfigHost + STR_POLICY_FILE_EXT);
176 pwConfigAll.print(strPolicyList);
180 * closeMain() closes all main PrintWriter objects
184 public void closeMain() {
186 for(PrintWriter pwConfig: mapHostToMainFile.values()) {
187 pwConfig.println("COMMIT"); // Add "COMMIT" statement to end the list for iptables-restore
193 * close() closes all PrintWriter objects
197 public void close() {
199 for(PrintWriter pwConfig: mapHostToFile.values()) {
205 * sendRouterPolicies() deploys policies on router
207 * @param strConfigHost String hostname to be configured
210 public void sendRouterPolicies(String strConfigHost) {
212 String strCmdSend = "scp " + strConfigHost + STR_POLICY_FILE_ALL + STR_POLICY_FILE_EXT + " " +
213 STR_SSH_USERNAME_ROUTER + "@" + strConfigHost + ":~;";
214 //System.out.println(strCmdSend);
215 deployPolicies(strCmdSend);
216 String strCmdDeploy = "ssh " + STR_SSH_USERNAME_ROUTER + "@" + strConfigHost +
217 " iptables-restore < ~/" + strConfigHost + STR_POLICY_FILE_ALL + STR_POLICY_FILE_EXT + "; rm ~/" + strConfigHost +
218 STR_POLICY_FILE_ALL + STR_POLICY_FILE_EXT + "; ";
219 //System.out.println(strCmdDeploy);
220 deployPolicies(strCmdDeploy);
224 * sendHostPolicies() deploys policies on host
226 * @param strConfigHost String hostname to be configured
229 public void sendHostPolicies(String strConfigHost) {
231 String strCmdSend = "scp " + strConfigHost + STR_POLICY_FILE_ALL + STR_POLICY_FILE_EXT + " " +
232 STR_SSH_USERNAME_HOST + "@" + strConfigHost + ":~;";
233 //System.out.println(strCmdSend);
234 deployPolicies(strCmdSend);
235 String strCmdDeploy = "ssh " + STR_SSH_USERNAME_HOST + "@" + strConfigHost +
236 " sudo iptables-restore < ~/" + strConfigHost + STR_POLICY_FILE_ALL + STR_POLICY_FILE_EXT + "; rm ~/" + strConfigHost +
237 STR_POLICY_FILE_ALL + STR_POLICY_FILE_EXT + ";";
238 //System.out.println(strCmdDeploy);
239 deployPolicies(strCmdDeploy);
243 * deployPolicies() method configures the policies
245 * @param strCommand String that contains command line
248 private void deployPolicies(String strCommand) {
251 Runtime runtime = Runtime.getRuntime();
252 Process process = runtime.exec(strCommand);
254 } catch (IOException ex) {
255 System.out.println("RouterConfig: IOException: " + ex.getMessage());
256 ex.printStackTrace();
257 } catch (InterruptedException ex) {
258 System.out.println("RouterConfig: InterruptException: " + ex.getMessage());
259 ex.printStackTrace();
264 * getAddressListObject() method returns the map from this class
266 * This method is useful for MAC policy class so that it doesn't have
267 * to query the router again
269 public Map<String, String> getAddressListObject() {
271 return mapMACtoIPAdd;
275 * getAddressListTmp() method gets list of IP addresses from /tmp/dhcp.leases
277 * This method sends an inquiry to the router to look for
278 * the list of DHCP leased addresses and their mapping to MAC
281 * @param strRouterAddress String that contains address of router
283 public void getAddressListTmp(String strRouterAddress) {
286 // We can replace "cat /tmp/dhcp.leases" with "cat /proc/net/arp"
287 String cmd = "ssh " + STR_SSH_USERNAME_ROUTER + "@" + strRouterAddress +
288 " cat /tmp/dhcp.leases";
289 Runtime runtime = Runtime.getRuntime();
290 Process process = runtime.exec(cmd);
292 InputStream inStream = process.getInputStream();
293 InputStreamReader isReader = new InputStreamReader(inStream);
294 BufferedReader bReader = new BufferedReader(isReader);
295 String strRead = null;
296 while((strRead = bReader.readLine()) != null){
297 String[] str = strRead.split(" ");
298 mapMACtoIPAdd.put(str[1], str[2]);
300 } catch (IOException ex) {
301 System.out.println("RouterConfig: IOException: " + ex.getMessage());
302 ex.printStackTrace();
307 * getAddressListArp() method gets list of IP addresses from arp command
309 * This method sends an inquiry to the router to look for
310 * the list of DHCP leased addresses and their mapping to MAC
313 * @param strRouterAddress String that contains address of router
315 public void getAddressListArp(String strRouterAddress) {
318 // We replace with "cat /usr/sbin/arp"
319 String cmd = "ssh " + STR_SSH_USERNAME_RASPBERRYPI + "@" + strRouterAddress +
321 Runtime runtime = Runtime.getRuntime();
322 Process process = runtime.exec(cmd);
324 InputStream inStream = process.getInputStream();
325 InputStreamReader isReader = new InputStreamReader(inStream);
326 BufferedReader bReader = new BufferedReader(isReader);
327 String strRead = null;
328 while((strRead = bReader.readLine()) != null) {
329 String[] str = strRead.split("\\s+");
330 // Skip if "(incomplete)" is seen!
331 if (str[1].equals(STR_INCOMPLETE))
333 mapMACtoIPAdd.put(str[2], str[0]);
335 } catch (IOException ex) {
336 System.out.println("RouterConfig: IOException: " + ex.getMessage());
337 ex.printStackTrace();
342 * getIPFromMACAddress() method gets IP from MAC address
344 * @return String String that contains IP address from the MAC-IP mapping
346 public String getIPFromMACAddress(String strMACAddress) {
348 String strIPAddress = mapMACtoIPAdd.get(strMACAddress);
349 if (strIPAddress == null) {
350 throw new Error("RouterConfig: MAC address " + strMACAddress + " not found on the list! Please check if device is present in /tmp/dhcp.leases!");
356 * configureRouterMainPolicies() method configures the router
358 * This method configures the router's main policies
359 * This method creates a command line using 'ssh' and 'iptables'
360 * to access the router and create Netfilter statements
362 * @param strConfigHost String hostname to be configured
363 * @param strFirstHost String first host
364 * @param strSecondHost String second host
365 * @param strProtocol String protocol TCP/UDP
366 * @param iSrcPort Integer source port number
367 * @param iDstPort Integer destination port number
370 public void configureRouterMainPolicies(String strConfigHost, String strFirstHost,
371 String strSecondHost, String strProtocol, int iSrcPort, int iDstPort) {
373 PrintWriter pwConfig = getPrintWriter(strConfigHost);
374 pwConfig.println("-I FORWARD -j ACCEPT -s " + strFirstHost + " -d " +
375 strSecondHost + " -p " + strProtocol + " --dport " + iDstPort);
376 pwConfig.println("-I FORWARD -j ACCEPT -s " + strFirstHost + " -d " +
377 strSecondHost + " -p " + strProtocol + " --sport " + iSrcPort);
378 pwConfig.println("-I FORWARD -j ACCEPT -s " + strSecondHost + " -d " +
379 strFirstHost + " -p " + strProtocol + " --sport " + iDstPort);
380 pwConfig.println("-I FORWARD -j ACCEPT -s " + strSecondHost + " -d " +
381 strFirstHost + " -p " + strProtocol + " --dport " + iSrcPort);
385 * configureRouterMainPolicies() method configures the router
387 * This method configures the router's main policies
388 * This method creates a command line using 'ssh' and 'iptables'
389 * to access the router and create Netfilter statements
391 * @param strConfigHost String hostname to be configured
392 * @param strFirstHost String first host
393 * @param strSecondHost String second host
394 * @param strProtocol String protocol TCP/UDP
395 * @param iPort Integer port number
398 public void configureRouterMainPolicies(String strConfigHost, String strFirstHost,
399 String strSecondHost, String strProtocol, int iPort) {
401 PrintWriter pwConfig = getPrintWriter(strConfigHost);
402 pwConfig.println("-I FORWARD -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
403 " -p " + strProtocol + " --dport " + iPort);
404 pwConfig.println("-I FORWARD -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
405 " -p " + strProtocol + " --sport " + iPort);
406 pwConfig.println("-I FORWARD -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
407 " -p " + strProtocol + " --dport " + iPort);
408 pwConfig.println("-I FORWARD -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
409 " -p " + strProtocol + " --sport " + iPort);
413 * configureRouterMainPolicies() method configures the router
415 * This method is the same as the first configureRouterMainPolicies(),
416 * but it doesn't specify a certain port for the communication
418 * @param strConfigHost String hostname to be configured
419 * @param strFirstHost String first host
420 * @param strSecondHost String second host
421 * @param strProtocol String protocol TCP/UDP
424 public void configureRouterMainPolicies(String strConfigHost, String strFirstHost,
425 String strSecondHost, String strProtocol) {
427 PrintWriter pwConfig = getPrintWriter(strConfigHost);
428 pwConfig.println("-I FORWARD -j ACCEPT -s " + strFirstHost +
429 " -d " + strSecondHost + " -p " + strProtocol);
430 pwConfig.println("-I FORWARD -j ACCEPT -s " + strSecondHost +
431 " -d " + strFirstHost + " -p " + strProtocol);
436 * configureRouterMainPolicies() method configures the router
438 * This method is the same as the first configureRouterMainPolicies(),
439 * but it doesn't specify a certain port and protocol for the communication
441 * @param strConfigHost String hostname to be configured
442 * @param strFirstHost String first host
443 * @param strSecondHost String second host
446 public void configureRouterMainPolicies(String strConfigHost, String strFirstHost, String strSecondHost) {
448 PrintWriter pwConfig = getPrintWriter(strConfigHost);
449 pwConfig.println("-I FORWARD -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost);
450 pwConfig.println("-I FORWARD -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost);
455 * configureHostMainPolicies() method configures the host
457 * This method configures the host with router's policies
459 * @param strConfigHost String hostname to be configured
460 * @param strFirstHost String first host
461 * @param strSecondHost String second host
462 * @param strProtocol String protocol TCP/UDP
463 * @param iSrcPort Integer source port number
464 * @param iDstPort Integer destination port number
467 public void configureHostMainPolicies(String strConfigHost, String strFirstHost,
468 String strSecondHost, String strProtocol, int iSrcPort, int iDstPort) {
470 PrintWriter pwConfig = getPrintWriter(strConfigHost);
471 pwConfig.println("-I INPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
472 " -p " + strProtocol + " --dport " + iDstPort);
473 pwConfig.println("-I INPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
474 " -p " + strProtocol + " --sport " + iSrcPort);
475 pwConfig.println("-I INPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
476 " -p " + strProtocol + " --sport " + iDstPort);
477 pwConfig.println("-I INPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
478 " -p " + strProtocol + " --dport " + iSrcPort);
479 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
480 " -p " + strProtocol + " --dport " + iDstPort);
481 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
482 " -p " + strProtocol + " --sport " + iSrcPort);
483 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
484 " -p " + strProtocol + " --sport " + iDstPort);
485 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
486 " -p " + strProtocol + " --dport " + iSrcPort);
491 * configureHostMainPolicies() method configures the host
493 * This method configures the host with router's policies
495 * @param strConfigHost String hostname to be configured
496 * @param strFirstHost String first host
497 * @param strSecondHost String second host
498 * @param strProtocol String protocol TCP/UDP
499 * @param iPort Integer port number
502 public void configureHostMainPolicies(String strConfigHost, String strFirstHost,
503 String strSecondHost, String strProtocol, int iPort) {
505 PrintWriter pwConfig = getPrintWriter(strConfigHost);
506 pwConfig.println("-I INPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
507 " -p " + strProtocol + " --dport " + iPort);
508 pwConfig.println("-I INPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
509 " -p " + strProtocol + " --sport " + iPort);
510 pwConfig.println("-I INPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
511 " -p " + strProtocol + " --dport " + iPort);
512 pwConfig.println("-I INPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
513 " -p " + strProtocol + " --sport " + iPort);
514 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
515 " -p " + strProtocol + " --dport " + iPort);
516 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
517 " -p " + strProtocol + " --sport " + iPort);
518 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
519 " -p " + strProtocol + " --dport " + iPort);
520 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
521 " -p " + strProtocol + " --sport " + iPort);
525 * configureHostMainPolicies() method configures the host
527 * This method is the same as the first configureHostMainPolicies(),
528 * but it doesn't specify a certain port for the communication
530 * @param strConfigHost String hostname to be configured
531 * @param strFirstHost String first host
532 * @param strSecondHost String second host
533 * @param strProtocol String protocol TCP/UDP
536 public void configureHostMainPolicies(String strConfigHost, String strFirstHost,
537 String strSecondHost, String strProtocol) {
539 PrintWriter pwConfig = getPrintWriter(strConfigHost);
540 pwConfig.println("-I INPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
541 " -p " + strProtocol);
542 pwConfig.println("-I INPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
543 " -p " + strProtocol);
544 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
545 " -p " + strProtocol);
546 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
547 " -p " + strProtocol);
551 * configureHostMainPolicies() method configures the host
553 * This method is the same as the first configureHostMainPolicies(),
554 * but it doesn't specify a certain port and protocol for the communication
556 * @param strConfigHost String hostname to be configured
557 * @param strFirstHost String first host
558 * @param strSecondHost String second host
561 public void configureHostMainPolicies(String strConfigHost, String strFirstHost, String strSecondHost) {
563 PrintWriter pwConfig = getPrintWriter(strConfigHost);
564 pwConfig.println("-I INPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost);
565 pwConfig.println("-I INPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost);
566 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost);
567 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost);
572 * configureRouterHTTPPolicies() method configures the router
574 * This method configures the router's basic policies
575 * This method creates a command line using 'ssh' and 'iptables'
576 * to access the router and create Netfilter statements
578 * @param strConfigHost String hostname to be configured
579 * @param strFirstHost String first host address (source)
580 * @param strSecondHost String second host address (destination)
583 public void configureRouterHTTPPolicies(String strConfigHost, String strFirstHost, String strSecondHost) {
585 PrintWriter pwConfig = getPrintWriter(strConfigHost);
587 pwConfig.println("-I FORWARD -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
588 " -p tcp --dport http");
589 pwConfig.println("-I FORWARD -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
590 " -p tcp --sport http");
591 pwConfig.println("-I FORWARD -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
592 " -p tcp --dport http");
593 pwConfig.println("-I FORWARD -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
594 " -p tcp --sport http");
596 pwConfig.println("-I FORWARD -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
597 " -p tcp --dport https");
598 pwConfig.println("-I FORWARD -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
599 " -p tcp --sport https");
600 pwConfig.println("-I FORWARD -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
601 " -p tcp --dport https");
602 pwConfig.println("-I FORWARD -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
603 " -p tcp --sport https");
609 * configureRouterICMPPolicies() method configures the router
611 * This method configures the router's basic policies
612 * This method creates a command line using 'ssh' and 'iptables'
613 * to access the router and create Netfilter statements
615 * @param strConfigHost String hostname to be configured
618 public void configureRouterICMPPolicies(String strConfigHost) {
620 PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
622 pwConfig.println("-A FORWARD -j ACCEPT -p icmp");
623 pwConfig.println("-A INPUT -j ACCEPT -p icmp");
624 pwConfig.println("-A OUTPUT -j ACCEPT -p icmp");
628 * configureRouterICMPPolicies() method configures the router
630 * This method configures the router's basic policies
631 * This method creates a command line using 'ssh' and 'iptables'
632 * to access the router and create Netfilter statements
634 * @param strConfigHost String hostname to be configured
635 * @param strMonitorHost String monitor address
638 public void configureRouterICMPPolicies(String strConfigHost, String strMonitorHost) {
640 PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
642 pwConfig.println("-A FORWARD -j ACCEPT -p icmp");
643 pwConfig.println("-A INPUT -j ACCEPT -s " + strMonitorHost +
644 " -d " + strConfigHost + " -p icmp");
645 pwConfig.println("-A INPUT -j ACCEPT -s " + strConfigHost +
646 " -d " + strMonitorHost + " -p icmp");
647 pwConfig.println("-A OUTPUT -j ACCEPT -s " + strMonitorHost +
648 " -d " + strConfigHost + " -p icmp");
649 pwConfig.println("-A OUTPUT -j ACCEPT -s " + strConfigHost +
650 " -d " + strMonitorHost + " -p icmp");
654 * configureRouterSSHPolicies() method configures the router
656 * This method configures the router's basic policies
657 * This method creates a command line using 'ssh' and 'iptables'
658 * to access the router and create Netfilter statements
660 * @param strConfigHost String hostname to be configured
661 * @param strMonitorHost String monitor address
664 public void configureRouterSSHPolicies(String strConfigHost, String strMonitorHost) {
666 PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
667 // Allow SSH - port 22 (only from monitor host)
668 pwConfig.println("-A INPUT -j ACCEPT -s " +
669 strMonitorHost + " -d " + strConfigHost + " -p tcp --dport ssh");
670 pwConfig.println("-A INPUT -j ACCEPT -s " +
671 strMonitorHost + " -d " + strConfigHost + " -p tcp --sport ssh");
672 pwConfig.println("-A INPUT -j ACCEPT -s " +
673 strConfigHost + " -d " + strMonitorHost + " -p tcp --dport ssh");
674 pwConfig.println("-A INPUT -j ACCEPT -s " +
675 strConfigHost + " -d " + strMonitorHost + " -p tcp --sport ssh");
676 pwConfig.println("-A OUTPUT -j ACCEPT -s " +
677 strMonitorHost + " -d " + strConfigHost + " -p tcp --dport ssh");
678 pwConfig.println("-A OUTPUT -j ACCEPT -s " +
679 strMonitorHost + " -d " + strConfigHost + " -p tcp --sport ssh");
680 pwConfig.println("-A OUTPUT -j ACCEPT -s " +
681 strConfigHost + " -d " + strMonitorHost + " -p tcp --dport ssh");
682 pwConfig.println("-A OUTPUT -j ACCEPT -s " +
683 strConfigHost + " -d " + strMonitorHost + " -p tcp --sport ssh");
688 * configureRouterDHCPPolicies() method configures the router
690 * This method configures the router's basic policies
691 * This method creates a command line using 'ssh' and 'iptables'
692 * to access the router and create Netfilter statements
694 * @param strConfigHost String hostname to be configured
697 public void configureRouterDHCPPolicies(String strConfigHost) {
699 PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
700 // Allow DHCP renew - BOOTP Client port 68 / BOOTP Server port 67
701 pwConfig.println("-A INPUT -j ACCEPT -p udp --dport bootpc");
702 pwConfig.println("-A INPUT -j ACCEPT -p udp --sport bootpc");
703 pwConfig.println("-A OUTPUT -j ACCEPT -p udp --dport bootps");
704 pwConfig.println("-A OUTPUT -j ACCEPT -p udp --sport bootps");
708 * configureRouterDNSPolicies() method configures the router
710 * This method configures the router's basic policies
711 * This method creates a command line using 'ssh' and 'iptables'
712 * to access the router and create Netfilter statements
714 * @param strConfigHost String hostname to be configured
717 public void configureRouterDNSPolicies(String strConfigHost) {
719 PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
720 // Allow DNS UDP and TCP port 53
721 pwConfig.println("-A INPUT -j ACCEPT -p tcp --dport domain");
722 pwConfig.println("-A INPUT -j ACCEPT -p tcp --sport domain");
723 pwConfig.println("-A OUTPUT -j ACCEPT -p tcp --dport domain");
724 pwConfig.println("-A OUTPUT -j ACCEPT -p tcp --sport domain");
725 pwConfig.println("-A INPUT -j ACCEPT -p udp --dport domain");
726 pwConfig.println("-A INPUT -j ACCEPT -p udp --sport domain");
727 pwConfig.println("-A OUTPUT -j ACCEPT -p udp --dport domain");
728 pwConfig.println("-A OUTPUT -j ACCEPT -p udp --sport domain");
732 * configureRejectPolicies() method configures the router
734 * This method configures the router's basic policies
735 * This method creates a command line using 'ssh' and 'iptables'
736 * to access the router and create Netfilter statements
738 * @param strConfigHost String hostname to be configured
741 public void configureRejectPolicies(String strConfigHost) {
743 PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
744 // Reject every other thing
745 pwConfig.println("-A FORWARD -j REJECT");
746 pwConfig.println("-A INPUT -j REJECT");
747 pwConfig.println("-A OUTPUT -j REJECT");
751 * configureRouterNATPolicy() method configures the router
753 * This method configures the NAT policy separately.
754 * Somehow SSH in Java is not able to combine other commands for
755 * iptables rules configuration and NAT configuration.
757 * @param strConfigHost String hostname to be configured
760 public void configureRouterNATPolicy(String strConfigHost) {
762 PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
764 pwConfig.println("-t nat -A POSTROUTING -o eth0 -j MASQUERADE");
765 // Add the following 2 lines
766 pwConfig.println("-A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT");
767 pwConfig.println("-A FORWARD -i wlan0 -o eth0 -j ACCEPT");
771 * configureHostHTTPPolicies() method configures the host
773 * This method configures the host with HTTP policies
775 * @param strConfigHost String hostname to be configured
776 * @param strFirstHost String first host address (source)
777 * @param strSecondHost String second host address (destination)
780 public void configureHostHTTPPolicies(String strConfigHost, String strFirstHost, String strSecondHost) {
782 PrintWriter pwConfig = getPrintWriter(strConfigHost);
784 pwConfig.println("-I INPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
785 " -p tcp --dport http");
786 pwConfig.println("-I INPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
787 " -p tcp --sport http");
788 pwConfig.println("-I INPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
789 " -p tcp --dport http");
790 pwConfig.println("-I INPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
791 " -p tcp --sport http");
792 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
793 " -p tcp --dport http");
794 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
795 " -p tcp --sport http");
796 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
797 " -p tcp --dport http");
798 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
799 " -p tcp --sport http");
801 pwConfig.println("-I INPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
802 " -p tcp --dport https");
803 pwConfig.println("-I INPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
804 " -p tcp --sport https");
805 pwConfig.println("-I INPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
806 " -p tcp --dport https");
807 pwConfig.println("-I INPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
808 " -p tcp --sport https");
809 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
810 " -p tcp --dport https");
811 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
812 " -p tcp --sport https");
813 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
814 " -p tcp --dport https");
815 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
816 " -p tcp --sport https");
820 * configureHostICMPPolicies() method configures the host
822 * This method configures the host with router's policies
824 * @param strConfigHost String hostname to be configured
827 public void configureHostICMPPolicies(String strConfigHost) {
829 PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
831 pwConfig.println("-A INPUT -j ACCEPT -p icmp");
832 pwConfig.println("-A OUTPUT -j ACCEPT -p icmp");
836 * configureHostSQLPolicies() method configures the host
838 * This method configures the host with router's policies
840 * @param strConfigHost String hostname to be configured
843 public void configureHostSQLPolicies(String strConfigHost) {
845 PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
847 pwConfig.println("-A INPUT -j ACCEPT -p tcp --dport mysql");
848 pwConfig.println("-A INPUT -j ACCEPT -p tcp --sport mysql");
849 pwConfig.println("-A OUTPUT -j ACCEPT -p tcp --dport mysql");
850 pwConfig.println("-A OUTPUT -j ACCEPT -p tcp --sport mysql");
854 * configureHostICMPPolicies() method configures the host
856 * This method configures the host with router's policies
858 * @param strConfigHost String hostname to be configured
859 * @param strMonitorHost String monitor address
862 public void configureHostICMPPolicies(String strConfigHost, String strMonitorHost) {
864 PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
866 pwConfig.println("-A INPUT -j ACCEPT -s " + strMonitorHost +
867 " -d " + strConfigHost + " -p icmp");
868 pwConfig.println("-A INPUT -j ACCEPT -s " + strConfigHost +
869 " -d " + strMonitorHost + " -p icmp");
870 pwConfig.println("-A OUTPUT -j ACCEPT -s " + strMonitorHost +
871 " -d " + strConfigHost + " -p icmp");
872 pwConfig.println("-A OUTPUT -j ACCEPT -s " + strConfigHost +
873 " -d " + strMonitorHost + " -p icmp");
878 * configureHostSSHPolicies() method configures the host
880 * This method configures the host with router's policies
882 * @param strConfigHost String hostname to be configured
885 public void configureHostSSHPolicies(String strConfigHost) {
887 PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
888 // Allow SSH - port 22
889 pwConfig.println("-A INPUT -j ACCEPT -p tcp --dport ssh");
890 pwConfig.println("-A INPUT -j ACCEPT -p tcp --sport ssh");
891 pwConfig.println("-A OUTPUT -j ACCEPT -p tcp --dport ssh");
892 pwConfig.println("-A OUTPUT -j ACCEPT -p tcp --sport ssh");
893 pwConfig.println("-A FORWARD -j ACCEPT -p tcp --dport ssh");
894 pwConfig.println("-A FORWARD -j ACCEPT -p tcp --sport ssh");
899 * configureHostSSHPolicies() method configures the host
901 * This method configures the host with router's policies
903 * @param strConfigHost String hostname to be configured
904 * @param strMonitorHost String monitor address
907 public void configureHostSSHPolicies(String strConfigHost, String strMonitorHost) {
909 PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
910 // Allow SSH - port 22
911 pwConfig.println("-A INPUT -j ACCEPT -s " +
912 strMonitorHost + " -d " + strConfigHost + " -p tcp --dport ssh");
913 pwConfig.println("-A INPUT -j ACCEPT -s " +
914 strMonitorHost + " -d " + strConfigHost + " -p tcp --sport ssh");
915 pwConfig.println("-A INPUT -j ACCEPT -s " +
916 strConfigHost + " -d " + strMonitorHost + " -p tcp --dport ssh");
917 pwConfig.println("-A INPUT -j ACCEPT -s " +
918 strConfigHost + " -d " + strMonitorHost + " -p tcp --sport ssh");
919 pwConfig.println("-A OUTPUT -j ACCEPT -s " +
920 strMonitorHost + " -d " + strConfigHost + " -p tcp --dport ssh");
921 pwConfig.println("-A OUTPUT -j ACCEPT -s " +
922 strMonitorHost + " -d " + strConfigHost + " -p tcp --sport ssh");
923 pwConfig.println("-A OUTPUT -j ACCEPT -s " +
924 strConfigHost + " -d " + strMonitorHost + " -p tcp --dport ssh");
925 pwConfig.println("-A OUTPUT -j ACCEPT -s " +
926 strConfigHost + " -d " + strMonitorHost + " -p tcp --sport ssh");
931 * configureHostDHCPPolicies() method configures the host
933 * This method configures the host with router's policies
935 * @param strConfigHost String hostname to be configured
938 public void configureHostDHCPPolicies(String strConfigHost) {
940 PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
941 // Allow DHCP renew - BOOTP Client port 68 / BOOTP Server port 67
942 pwConfig.println("-A INPUT -j ACCEPT -p udp --dport bootpc");
943 pwConfig.println("-A INPUT -j ACCEPT -p udp --sport bootpc");
944 pwConfig.println("-A OUTPUT -j ACCEPT -p udp --dport bootps");
945 pwConfig.println("-A OUTPUT -j ACCEPT -p udp --sport bootps");
950 * configureHostDNSPolicies() method configures the host
952 * This method configures the host with router's policies
954 * @param strConfigHost String hostname to be configured
957 public void configureHostDNSPolicies(String strConfigHost) {
959 PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
960 // Allow DNS UDP and TCP port 53
961 pwConfig.println("-A INPUT -j ACCEPT -p tcp --dport domain");
962 pwConfig.println("-A INPUT -j ACCEPT -p tcp --sport domain");
963 pwConfig.println("-A OUTPUT -j ACCEPT -p tcp --dport domain");
964 pwConfig.println("-A OUTPUT -j ACCEPT -p tcp --sport domain");
965 pwConfig.println("-A INPUT -j ACCEPT -p udp --dport domain");
966 pwConfig.println("-A INPUT -j ACCEPT -p udp --sport domain");
967 pwConfig.println("-A OUTPUT -j ACCEPT -p udp --dport domain");
968 pwConfig.println("-A OUTPUT -j ACCEPT -p udp --sport domain");
projects / iot2.git / blob