1 package iotruntime.master;
3 import java.io.InputStream;
4 import java.io.InputStreamReader;
5 import java.io.BufferedReader;
6 import java.io.BufferedWriter;
7 import java.io.FileWriter;
8 import java.io.PrintWriter;
9 import java.io.IOException;
10 import java.util.HashMap;
13 /** Class RouterConfig is a class that configures the router
14 * in our compute node network with the relevant netfilter
16 * it uses ssh to contact the router and writes policy into it
18 * To make the implementation faster, we use "iptables-restore"
19 * that doesn't require "iptables" command to be invoked many
20 * times - each invocation of "iptables" will load the existing
21 * table from the kernel space before appending the new rule.
23 * @author Rahmadi Trimananda <rahmadi.trimananda @ uci.edu>
27 public final class RouterConfig {
30 * RouterConfig constants
32 private static final String STR_SSH_USERNAME_ROUTER = "root";
33 private static final String STR_SSH_USERNAME_HOST = "iotuser";
34 private static final String STR_POLICY_FILE_EXT = ".policy";
37 * RouterConfig properties
39 private Map<String, PrintWriter> mapHostToFile;
40 private Map<String, String> mapMACtoIPAdd;
45 public RouterConfig() {
46 // This maps hostname to file PrintWriter
48 mapMACtoIPAdd = new HashMap<String, String>();
52 * renewPrintWriter() renews the mapHostToFile object that lists all PrintWriters
56 public void renewPrintWriter() {
58 mapHostToFile = new HashMap<String, PrintWriter>();
62 * getPrintWriter() gets the right PrintWriter object to print policies to the right file
64 * @param strConfigHost String hostname to be configured
67 private PrintWriter getPrintWriter(String strConfigHost) {
69 // Return object if existing
70 if (mapHostToFile.containsKey(strConfigHost)) {
71 return mapHostToFile.get(strConfigHost);
73 // Simply create a new one if it doesn't exist
76 fw = new FileWriter(strConfigHost + STR_POLICY_FILE_EXT);
77 } catch (IOException ex) {
80 PrintWriter pwConfig = new PrintWriter(new BufferedWriter(fw));
81 pwConfig.println("*filter"); // Print header for iptables-restore
82 mapHostToFile.put(strConfigHost, pwConfig);
88 * close() closes all PrintWriter objects
94 for(PrintWriter pwConfig: mapHostToFile.values()) {
95 pwConfig.println("COMMIT"); // Add "COMMIT" statement to end the list for iptables-restore
101 * sendRouterPolicies() deploys policies on router
103 * @param strConfigHost String hostname to be configured
106 public void sendRouterPolicies(String strConfigHost) {
108 String strCmdSend = "scp " + strConfigHost + STR_POLICY_FILE_EXT + " " +
109 STR_SSH_USERNAME_ROUTER + "@" + strConfigHost + ":~;";
110 //System.out.println(strCmdSend);
111 deployPolicies(strCmdSend);
112 String strCmdDeploy = "ssh " + STR_SSH_USERNAME_ROUTER + "@" + strConfigHost +
113 " iptables-restore < ~/" + strConfigHost + STR_POLICY_FILE_EXT + "; rm ~/" + strConfigHost +
114 STR_POLICY_FILE_EXT + "; ";// +
115 // TODO: delete these later when we apply tight initial conditions (reject everything but SSH commands)
116 //"iptables -F startup_filter_tcp; iptables -F startup_filter_udp; " +
117 //"iptables -t filter -D FORWARD -j startup_filter_tcp; iptables -t filter -D FORWARD -j startup_filter_udp;";
118 //System.out.println(strCmdDeploy);
119 deployPolicies(strCmdDeploy);
123 * sendHostPolicies() deploys policies on host
125 * @param strConfigHost String hostname to be configured
128 public void sendHostPolicies(String strConfigHost) {
130 String strCmdSend = "scp " + strConfigHost + STR_POLICY_FILE_EXT + " " +
131 STR_SSH_USERNAME_HOST + "@" + strConfigHost + ":~;";
132 //System.out.println(strCmdSend);
133 deployPolicies(strCmdSend);
134 String strCmdDeploy = "ssh " + STR_SSH_USERNAME_HOST + "@" + strConfigHost +
135 " sudo iptables-restore < ~/" + strConfigHost + STR_POLICY_FILE_EXT + "; rm ~/" + strConfigHost +
136 STR_POLICY_FILE_EXT + ";";
137 //System.out.println(strCmdDeploy);
138 deployPolicies(strCmdDeploy);
142 * deployPolicies() method configures the policies
144 * @param strCommand String that contains command line
147 private void deployPolicies(String strCommand) {
150 Runtime runtime = Runtime.getRuntime();
151 Process process = runtime.exec(strCommand);
153 } catch (IOException ex) {
154 System.out.println("RouterConfig: IOException: " + ex.getMessage());
155 ex.printStackTrace();
156 } catch (InterruptedException ex) {
157 System.out.println("RouterConfig: InterruptException: " + ex.getMessage());
158 ex.printStackTrace();
163 * getAddressList() method gets list of IP addresses
165 * This method sends an inquiry to the router to look for
166 * the list of DHCP leased addresses and their mapping to MAC
169 * @param strRouterAddress String that contains address of router
171 public void getAddressList(String strRouterAddress) {
173 //HashMap<String,String> hmMACToIPAdd = new HashMap<String,String>();
175 // We can replace "cat /tmp/dhcp.leases" with "cat /proc/net/arp"
176 String cmd = "ssh " + STR_SSH_USERNAME_ROUTER + "@" + strRouterAddress +
177 " cat /tmp/dhcp.leases";
178 Runtime runtime = Runtime.getRuntime();
179 Process process = runtime.exec(cmd);
181 InputStream inStream = process.getInputStream();
182 InputStreamReader isReader = new InputStreamReader(inStream);
183 BufferedReader bReader = new BufferedReader(isReader);
184 String strRead = null;
185 while((strRead = bReader.readLine()) != null){
186 String[] str = strRead.split(" ");
187 mapMACtoIPAdd.put(str[1], str[2]);
189 } catch (IOException ex) {
190 System.out.println("RouterConfig: IOException: " + ex.getMessage());
191 ex.printStackTrace();
196 * getIPFromMACAddress() method gets IP from MAC address
198 * @return String String that contains IP address from the MAC-IP mapping
200 public String getIPFromMACAddress(String strMACAddress) {
202 String strIPAddress = mapMACtoIPAdd.get(strMACAddress);
203 if (strIPAddress == null) {
204 throw new Error("RouterConfig: MAC address " + strMACAddress + " not found on the list! Please check if device is present in /tmp/dhcp.leases!");
210 * configureRouterMainPolicies() method configures the router
212 * This method configures the router's main policies
213 * This method creates a command line using 'ssh' and 'iptables'
214 * to access the router and create Netfilter statements
216 * @param strConfigHost String hostname to be configured
217 * @param strFirstHost String first host
218 * @param strSecondHost String second host
219 * @param strProtocol String protocol TCP/UDP
220 * @param iSrcPort Integer source port number
221 * @param iDstPort Integer destination port number
224 public void configureRouterMainPolicies(String strConfigHost, String strFirstHost,
225 String strSecondHost, String strProtocol, int iSrcPort, int iDstPort) {
227 PrintWriter pwConfig = getPrintWriter(strConfigHost);
228 pwConfig.println("-I FORWARD -j ACCEPT -s " + strFirstHost + " -d " +
229 strSecondHost + " -p " + strProtocol + " --dport " + iDstPort);
230 pwConfig.println("-I FORWARD -j ACCEPT -s " + strFirstHost + " -d " +
231 strSecondHost + " -p " + strProtocol + " --sport " + iSrcPort);
232 pwConfig.println("-I FORWARD -j ACCEPT -s " + strSecondHost + " -d " +
233 strFirstHost + " -p " + strProtocol + " --sport " + iDstPort);
234 pwConfig.println("-I FORWARD -j ACCEPT -s " + strSecondHost + " -d " +
235 strFirstHost + " -p " + strProtocol + " --dport " + iSrcPort);
239 * configureRouterMainPolicies() method configures the router
241 * This method configures the router's main policies
242 * This method creates a command line using 'ssh' and 'iptables'
243 * to access the router and create Netfilter statements
245 * @param strConfigHost String hostname to be configured
246 * @param strFirstHost String first host
247 * @param strSecondHost String second host
248 * @param strProtocol String protocol TCP/UDP
249 * @param iPort Integer port number
252 public void configureRouterMainPolicies(String strConfigHost, String strFirstHost,
253 String strSecondHost, String strProtocol, int iPort) {
255 PrintWriter pwConfig = getPrintWriter(strConfigHost);
256 pwConfig.println("-I FORWARD -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
257 " -p " + strProtocol + " --dport " + iPort);
258 pwConfig.println("-I FORWARD -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
259 " -p " + strProtocol + " --sport " + iPort);
260 pwConfig.println("-I FORWARD -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
261 " -p " + strProtocol + " --dport " + iPort);
262 pwConfig.println("-I FORWARD -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
263 " -p " + strProtocol + " --sport " + iPort);
267 * configureRouterMainPolicies() method configures the router
269 * This method is the same as the first configureRouterMainPolicies(),
270 * but it doesn't specify a certain port for the communication
272 * @param strConfigHost String hostname to be configured
273 * @param strFirstHost String first host
274 * @param strSecondHost String second host
275 * @param strProtocol String protocol TCP/UDP
278 public void configureRouterMainPolicies(String strConfigHost, String strFirstHost,
279 String strSecondHost, String strProtocol) {
281 PrintWriter pwConfig = getPrintWriter(strConfigHost);
282 pwConfig.println("-I FORWARD -j ACCEPT -s " + strFirstHost +
283 " -d " + strSecondHost + " -p " + strProtocol);
284 pwConfig.println("-I FORWARD -j ACCEPT -s " + strSecondHost +
285 " -d " + strFirstHost + " -p " + strProtocol);
290 * configureRouterMainPolicies() method configures the router
292 * This method is the same as the first configureRouterMainPolicies(),
293 * but it doesn't specify a certain port and protocol for the communication
295 * @param strConfigHost String hostname to be configured
296 * @param strFirstHost String first host
297 * @param strSecondHost String second host
300 public void configureRouterMainPolicies(String strConfigHost, String strFirstHost, String strSecondHost) {
302 PrintWriter pwConfig = getPrintWriter(strConfigHost);
303 pwConfig.println("-I FORWARD -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost);
304 pwConfig.println("-I FORWARD -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost);
309 * configureHostMainPolicies() method configures the host
311 * This method configures the host with router's policies
313 * @param strConfigHost String hostname to be configured
314 * @param strFirstHost String first host
315 * @param strSecondHost String second host
316 * @param strProtocol String protocol TCP/UDP
317 * @param iSrcPort Integer source port number
318 * @param iDstPort Integer destination port number
321 public void configureHostMainPolicies(String strConfigHost, String strFirstHost,
322 String strSecondHost, String strProtocol, int iSrcPort, int iDstPort) {
324 PrintWriter pwConfig = getPrintWriter(strConfigHost);
325 pwConfig.println("-I INPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
326 " -p " + strProtocol + " --dport " + iDstPort);
327 pwConfig.println("-I INPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
328 " -p " + strProtocol + " --sport " + iSrcPort);
329 pwConfig.println("-I INPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
330 " -p " + strProtocol + " --sport " + iDstPort);
331 pwConfig.println("-I INPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
332 " -p " + strProtocol + " --dport " + iSrcPort);
333 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
334 " -p " + strProtocol + " --dport " + iDstPort);
335 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
336 " -p " + strProtocol + " --sport " + iSrcPort);
337 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
338 " -p " + strProtocol + " --sport " + iDstPort);
339 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
340 " -p " + strProtocol + " --dport " + iSrcPort);
345 * configureHostMainPolicies() method configures the host
347 * This method configures the host with router's policies
349 * @param strConfigHost String hostname to be configured
350 * @param strFirstHost String first host
351 * @param strSecondHost String second host
352 * @param strProtocol String protocol TCP/UDP
353 * @param iPort Integer port number
356 public void configureHostMainPolicies(String strConfigHost, String strFirstHost,
357 String strSecondHost, String strProtocol, int iPort) {
359 PrintWriter pwConfig = getPrintWriter(strConfigHost);
360 pwConfig.println("-I INPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
361 " -p " + strProtocol + " --dport " + iPort);
362 pwConfig.println("-I INPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
363 " -p " + strProtocol + " --sport " + iPort);
364 pwConfig.println("-I INPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
365 " -p " + strProtocol + " --dport " + iPort);
366 pwConfig.println("-I INPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
367 " -p " + strProtocol + " --sport " + iPort);
368 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
369 " -p " + strProtocol + " --dport " + iPort);
370 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
371 " -p " + strProtocol + " --sport " + iPort);
372 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
373 " -p " + strProtocol + " --dport " + iPort);
374 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
375 " -p " + strProtocol + " --sport " + iPort);
379 * configureHostMainPolicies() method configures the host
381 * This method is the same as the first configureHostMainPolicies(),
382 * but it doesn't specify a certain port for the communication
384 * @param strConfigHost String hostname to be configured
385 * @param strFirstHost String first host
386 * @param strSecondHost String second host
387 * @param strProtocol String protocol TCP/UDP
390 public void configureHostMainPolicies(String strConfigHost, String strFirstHost,
391 String strSecondHost, String strProtocol) {
393 PrintWriter pwConfig = getPrintWriter(strConfigHost);
394 pwConfig.println("-I INPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
395 " -p " + strProtocol);
396 pwConfig.println("-I INPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
397 " -p " + strProtocol);
398 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
399 " -p " + strProtocol);
400 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
401 " -p " + strProtocol);
405 * configureHostMainPolicies() method configures the host
407 * This method is the same as the first configureHostMainPolicies(),
408 * but it doesn't specify a certain port and protocol for the communication
410 * @param strConfigHost String hostname to be configured
411 * @param strFirstHost String first host
412 * @param strSecondHost String second host
415 public void configureHostMainPolicies(String strConfigHost, String strFirstHost, String strSecondHost) {
417 PrintWriter pwConfig = getPrintWriter(strConfigHost);
418 pwConfig.println("-I INPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost);
419 pwConfig.println("-I INPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost);
420 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost);
421 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost);
426 * configureRouterHTTPPolicies() method configures the router
428 * This method configures the router's basic policies
429 * This method creates a command line using 'ssh' and 'iptables'
430 * to access the router and create Netfilter statements
432 * @param strConfigHost String hostname to be configured
433 * @param strFirstHost String first host address (source)
434 * @param strSecondHost String second host address (destination)
437 public void configureRouterHTTPPolicies(String strConfigHost, String strFirstHost, String strSecondHost) {
439 PrintWriter pwConfig = getPrintWriter(strConfigHost);
441 pwConfig.println("-I FORWARD -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
442 " -p tcp --dport http");
443 pwConfig.println("-I FORWARD -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
444 " -p tcp --sport http");
445 pwConfig.println("-I FORWARD -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
446 " -p tcp --dport http");
447 pwConfig.println("-I FORWARD -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
448 " -p tcp --sport http");
450 pwConfig.println("-I FORWARD -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
451 " -p tcp --dport https");
452 pwConfig.println("-I FORWARD -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
453 " -p tcp --sport https");
454 pwConfig.println("-I FORWARD -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
455 " -p tcp --dport https");
456 pwConfig.println("-I FORWARD -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
457 " -p tcp --sport https");
463 * configureRouterICMPPolicies() method configures the router
465 * This method configures the router's basic policies
466 * This method creates a command line using 'ssh' and 'iptables'
467 * to access the router and create Netfilter statements
469 * @param strConfigHost String hostname to be configured
472 public void configureRouterICMPPolicies(String strConfigHost) {
474 PrintWriter pwConfig = getPrintWriter(strConfigHost);
476 pwConfig.println("-A FORWARD -j ACCEPT -p icmp");
477 pwConfig.println("-A INPUT -j ACCEPT -p icmp");
478 pwConfig.println("-A OUTPUT -j ACCEPT -p icmp");
482 * configureRouterICMPPolicies() method configures the router
484 * This method configures the router's basic policies
485 * This method creates a command line using 'ssh' and 'iptables'
486 * to access the router and create Netfilter statements
488 * @param strConfigHost String hostname to be configured
489 * @param strMonitorHost String monitor address
492 public void configureRouterICMPPolicies(String strConfigHost, String strMonitorHost) {
494 PrintWriter pwConfig = getPrintWriter(strConfigHost);
496 pwConfig.println("-A FORWARD -j ACCEPT -p icmp");
497 pwConfig.println("-A INPUT -j ACCEPT -s " + strMonitorHost +
498 " -d " + strConfigHost + " -p icmp");
499 pwConfig.println("-A INPUT -j ACCEPT -s " + strConfigHost +
500 " -d " + strMonitorHost + " -p icmp");
501 pwConfig.println("-A OUTPUT -j ACCEPT -s " + strMonitorHost +
502 " -d " + strConfigHost + " -p icmp");
503 pwConfig.println("-A OUTPUT -j ACCEPT -s " + strConfigHost +
504 " -d " + strMonitorHost + " -p icmp");
508 * configureRouterSSHPolicies() method configures the router
510 * This method configures the router's basic policies
511 * This method creates a command line using 'ssh' and 'iptables'
512 * to access the router and create Netfilter statements
514 * @param strConfigHost String hostname to be configured
515 * @param strMonitorHost String monitor address
518 public void configureRouterSSHPolicies(String strConfigHost, String strMonitorHost) {
520 PrintWriter pwConfig = getPrintWriter(strConfigHost);
521 // Allow SSH - port 22 (only from monitor host)
522 pwConfig.println("-A INPUT -j ACCEPT -s " +
523 strMonitorHost + " -d " + strConfigHost + " -p tcp --dport ssh");
524 pwConfig.println("-A INPUT -j ACCEPT -s " +
525 strMonitorHost + " -d " + strConfigHost + " -p tcp --sport ssh");
526 pwConfig.println("-A INPUT -j ACCEPT -s " +
527 strConfigHost + " -d " + strMonitorHost + " -p tcp --dport ssh");
528 pwConfig.println("-A INPUT -j ACCEPT -s " +
529 strConfigHost + " -d " + strMonitorHost + " -p tcp --sport ssh");
530 pwConfig.println("-A OUTPUT -j ACCEPT -s " +
531 strMonitorHost + " -d " + strConfigHost + " -p tcp --dport ssh");
532 pwConfig.println("-A OUTPUT -j ACCEPT -s " +
533 strMonitorHost + " -d " + strConfigHost + " -p tcp --sport ssh");
534 pwConfig.println("-A OUTPUT -j ACCEPT -s " +
535 strConfigHost + " -d " + strMonitorHost + " -p tcp --dport ssh");
536 pwConfig.println("-A OUTPUT -j ACCEPT -s " +
537 strConfigHost + " -d " + strMonitorHost + " -p tcp --sport ssh");
538 pwConfig.println("-A FORWARD -j ACCEPT -p tcp --dport ssh");
539 pwConfig.println("-A FORWARD -j ACCEPT -p tcp --sport ssh");
544 * configureRouterDHCPPolicies() method configures the router
546 * This method configures the router's basic policies
547 * This method creates a command line using 'ssh' and 'iptables'
548 * to access the router and create Netfilter statements
550 * @param strConfigHost String hostname to be configured
553 public void configureRouterDHCPPolicies(String strConfigHost) {
555 PrintWriter pwConfig = getPrintWriter(strConfigHost);
556 // Allow DHCP renew - BOOTP Client port 68 / BOOTP Server port 67
557 pwConfig.println("-A INPUT -j ACCEPT -p udp --dport bootpc");
558 pwConfig.println("-A INPUT -j ACCEPT -p udp --sport bootpc");
559 pwConfig.println("-A OUTPUT -j ACCEPT -p udp --dport bootps");
560 pwConfig.println("-A OUTPUT -j ACCEPT -p udp --sport bootps");
564 * configureRouterDNSPolicies() method configures the router
566 * This method configures the router's basic policies
567 * This method creates a command line using 'ssh' and 'iptables'
568 * to access the router and create Netfilter statements
570 * @param strConfigHost String hostname to be configured
573 public void configureRouterDNSPolicies(String strConfigHost) {
575 PrintWriter pwConfig = getPrintWriter(strConfigHost);
576 // Allow DNS UDP and TCP port 53
577 pwConfig.println("-A INPUT -j ACCEPT -p tcp --dport domain");
578 pwConfig.println("-A INPUT -j ACCEPT -p tcp --sport domain");
579 pwConfig.println("-A OUTPUT -j ACCEPT -p tcp --dport domain");
580 pwConfig.println("-A OUTPUT -j ACCEPT -p tcp --sport domain");
581 pwConfig.println("-A INPUT -j ACCEPT -p udp --dport domain");
582 pwConfig.println("-A INPUT -j ACCEPT -p udp --sport domain");
583 pwConfig.println("-A OUTPUT -j ACCEPT -p udp --dport domain");
584 pwConfig.println("-A OUTPUT -j ACCEPT -p udp --sport domain");
588 * configureRejectPolicies() method configures the router
590 * This method configures the router's basic policies
591 * This method creates a command line using 'ssh' and 'iptables'
592 * to access the router and create Netfilter statements
594 * @param strConfigHost String hostname to be configured
597 public void configureRejectPolicies(String strConfigHost) {
599 PrintWriter pwConfig = getPrintWriter(strConfigHost);
600 // Reject every other thing
601 pwConfig.println("-A FORWARD -j REJECT");
602 pwConfig.println("-A INPUT -j REJECT");
603 pwConfig.println("-A OUTPUT -j REJECT");
607 * configureRouterNATPolicy() method configures the router
609 * This method configures the NAT policy separately.
610 * Somehow SSH in Java is not able to combine other commands for
611 * iptables rules configuration and NAT configuration.
613 * @param strConfigHost String hostname to be configured
616 public void configureRouterNATPolicy(String strConfigHost) {
618 PrintWriter pwConfig = getPrintWriter(strConfigHost);
620 pwConfig.println("-t nat -A POSTROUTING -o eth0 -j MASQUERADE");
624 * configureHostHTTPPolicies() method configures the host
626 * This method configures the host with HTTP policies
628 * @param strConfigHost String hostname to be configured
629 * @param strFirstHost String first host address (source)
630 * @param strSecondHost String second host address (destination)
633 public void configureHostHTTPPolicies(String strConfigHost, String strFirstHost, String strSecondHost) {
635 PrintWriter pwConfig = getPrintWriter(strConfigHost);
637 pwConfig.println("-I INPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
638 " -p tcp --dport http");
639 pwConfig.println("-I INPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
640 " -p tcp --sport http");
641 pwConfig.println("-I INPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
642 " -p tcp --dport http");
643 pwConfig.println("-I INPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
644 " -p tcp --sport http");
645 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
646 " -p tcp --dport http");
647 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
648 " -p tcp --sport http");
649 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
650 " -p tcp --dport http");
651 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
652 " -p tcp --sport http");
654 pwConfig.println("-I INPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
655 " -p tcp --dport https");
656 pwConfig.println("-I INPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
657 " -p tcp --sport https");
658 pwConfig.println("-I INPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
659 " -p tcp --dport https");
660 pwConfig.println("-I INPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
661 " -p tcp --sport https");
662 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
663 " -p tcp --dport https");
664 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
665 " -p tcp --sport https");
666 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
667 " -p tcp --dport https");
668 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
669 " -p tcp --sport https");
673 * configureHostICMPPolicies() method configures the host
675 * This method configures the host with router's policies
677 * @param strConfigHost String hostname to be configured
680 public void configureHostICMPPolicies(String strConfigHost) {
682 PrintWriter pwConfig = getPrintWriter(strConfigHost);
684 pwConfig.println("-A INPUT -j ACCEPT -p icmp");
685 pwConfig.println("-A OUTPUT -j ACCEPT -p icmp");
689 * configureHostSQLPolicies() method configures the host
691 * This method configures the host with router's policies
693 * @param strConfigHost String hostname to be configured
696 public void configureHostSQLPolicies(String strConfigHost) {
698 PrintWriter pwConfig = getPrintWriter(strConfigHost);
700 pwConfig.println("-A INPUT -j ACCEPT -p tcp --dport mysql");
701 pwConfig.println("-A INPUT -j ACCEPT -p tcp --sport mysql");
702 pwConfig.println("-A OUTPUT -j ACCEPT -p tcp --dport mysql");
703 pwConfig.println("-A OUTPUT -j ACCEPT -p tcp --sport mysql");
707 * configureHostICMPPolicies() method configures the host
709 * This method configures the host with router's policies
711 * @param strConfigHost String hostname to be configured
712 * @param strMonitorHost String monitor address
715 public void configureHostICMPPolicies(String strConfigHost, String strMonitorHost) {
717 PrintWriter pwConfig = getPrintWriter(strConfigHost);
719 pwConfig.println("-A INPUT -j ACCEPT -s " + strMonitorHost +
720 " -d " + strConfigHost + " -p icmp");
721 pwConfig.println("-A INPUT -j ACCEPT -s " + strConfigHost +
722 " -d " + strMonitorHost + " -p icmp");
723 pwConfig.println("-A OUTPUT -j ACCEPT -s " + strMonitorHost +
724 " -d " + strConfigHost + " -p icmp");
725 pwConfig.println("-A OUTPUT -j ACCEPT -s " + strConfigHost +
726 " -d " + strMonitorHost + " -p icmp");
731 * configureHostSSHPolicies() method configures the host
733 * This method configures the host with router's policies
735 * @param strConfigHost String hostname to be configured
738 public void configureHostSSHPolicies(String strConfigHost) {
740 PrintWriter pwConfig = getPrintWriter(strConfigHost);
741 // Allow SSH - port 22
742 pwConfig.println("-A INPUT -j ACCEPT -p tcp --dport ssh");
743 pwConfig.println("-A INPUT -j ACCEPT -p tcp --sport ssh");
744 pwConfig.println("-A OUTPUT -j ACCEPT -p tcp --dport ssh");
745 pwConfig.println("-A OUTPUT -j ACCEPT -p tcp --sport ssh");
746 pwConfig.println("-A FORWARD -j ACCEPT -p tcp --dport ssh");
747 pwConfig.println("-A FORWARD -j ACCEPT -p tcp --sport ssh");
752 * configureHostSSHPolicies() method configures the host
754 * This method configures the host with router's policies
756 * @param strConfigHost String hostname to be configured
757 * @param strMonitorHost String monitor address
760 public void configureHostSSHPolicies(String strConfigHost, String strMonitorHost) {
762 PrintWriter pwConfig = getPrintWriter(strConfigHost);
763 // Allow SSH - port 22
764 pwConfig.println("-A INPUT -j ACCEPT -s " +
765 strMonitorHost + " -d " + strConfigHost + " -p tcp --dport ssh");
766 pwConfig.println("-A INPUT -j ACCEPT -s " +
767 strMonitorHost + " -d " + strConfigHost + " -p tcp --sport ssh");
768 pwConfig.println("-A INPUT -j ACCEPT -s " +
769 strConfigHost + " -d " + strMonitorHost + " -p tcp --dport ssh");
770 pwConfig.println("-A INPUT -j ACCEPT -s " +
771 strConfigHost + " -d " + strMonitorHost + " -p tcp --sport ssh");
772 pwConfig.println("-A OUTPUT -j ACCEPT -s " +
773 strMonitorHost + " -d " + strConfigHost + " -p tcp --dport ssh");
774 pwConfig.println("-A OUTPUT -j ACCEPT -s " +
775 strMonitorHost + " -d " + strConfigHost + " -p tcp --sport ssh");
776 pwConfig.println("-A OUTPUT -j ACCEPT -s " +
777 strConfigHost + " -d " + strMonitorHost + " -p tcp --dport ssh");
778 pwConfig.println("-A OUTPUT -j ACCEPT -s " +
779 strConfigHost + " -d " + strMonitorHost + " -p tcp --sport ssh");
784 * configureHostDHCPPolicies() method configures the host
786 * This method configures the host with router's policies
788 * @param strConfigHost String hostname to be configured
791 public void configureHostDHCPPolicies(String strConfigHost) {
793 PrintWriter pwConfig = getPrintWriter(strConfigHost);
794 // Allow DHCP renew - BOOTP Client port 68 / BOOTP Server port 67
795 pwConfig.println("-A INPUT -j ACCEPT -p udp --dport bootpc");
796 pwConfig.println("-A INPUT -j ACCEPT -p udp --sport bootpc");
797 pwConfig.println("-A OUTPUT -j ACCEPT -p udp --dport bootps");
798 pwConfig.println("-A OUTPUT -j ACCEPT -p udp --sport bootps");
803 * configureHostDNSPolicies() method configures the host
805 * This method configures the host with router's policies
807 * @param strConfigHost String hostname to be configured
810 public void configureHostDNSPolicies(String strConfigHost) {
812 PrintWriter pwConfig = getPrintWriter(strConfigHost);
813 // Allow DNS UDP and TCP port 53
814 pwConfig.println("-A INPUT -j ACCEPT -p tcp --dport domain");
815 pwConfig.println("-A INPUT -j ACCEPT -p tcp --sport domain");
816 pwConfig.println("-A OUTPUT -j ACCEPT -p tcp --dport domain");
817 pwConfig.println("-A OUTPUT -j ACCEPT -p tcp --sport domain");
818 pwConfig.println("-A INPUT -j ACCEPT -p udp --dport domain");
819 pwConfig.println("-A INPUT -j ACCEPT -p udp --sport domain");
820 pwConfig.println("-A OUTPUT -j ACCEPT -p udp --dport domain");
821 pwConfig.println("-A OUTPUT -j ACCEPT -p udp --sport domain");