1 package iotruntime.master;
3 import java.io.InputStream;
4 import java.io.InputStreamReader;
5 import java.io.BufferedReader;
6 import java.io.BufferedWriter;
7 import java.io.FileWriter;
8 import java.io.PrintWriter;
9 import java.io.IOException;
10 import java.nio.file.Files;
11 import java.nio.file.Paths;
12 import java.nio.charset.StandardCharsets;
13 import java.util.HashMap;
16 /** Class RouterConfig is a class that configures the router
17 * in our compute node network with the relevant netfilter
19 * it uses ssh to contact the router and writes policy into it
21 * To make the implementation faster, we use "iptables-restore"
22 * that doesn't require "iptables" command to be invoked many
23 * times - each invocation of "iptables" will load the existing
24 * table from the kernel space before appending the new rule.
26 * We write the core policy repeatedly for each benchmark, while
27 * the header "*filter" and tail (a bunch of closing rules and
28 * REJECT rules) are written into a different file.
29 * They are merged and deployed for every benchmark bootstrapped
32 * @author Rahmadi Trimananda <rahmadi.trimananda @ uci.edu>
36 public final class RouterConfig {
39 * RouterConfig constants
41 private static final String STR_SSH_USERNAME_ROUTER = "root";
42 private static final String STR_SSH_USERNAME_RASPBERRYPI = "pi";
43 private static final String STR_SSH_USERNAME_HOST = "iotuser";
44 private static final String STR_POLICY_FILE_ALL = "_all";
45 private static final String STR_POLICY_FILE_EXT = ".policy";
46 private static final String STR_INCOMPLETE = "(incomplete)";
49 * RouterConfig properties
51 private Map<String, PrintWriter> mapHostToFile;
52 private Map<String, PrintWriter> mapHostToMainFile;
53 private Map<String, String> mapMACtoIPAdd;
58 public RouterConfig() {
59 // This maps hostname to file PrintWriter
61 mapMACtoIPAdd = new HashMap<String, String>();
65 * renewPrintWriter() renews the mapHostToFile object that lists all PrintWriters
69 public void renewPrintWriter() {
71 mapHostToFile = new HashMap<String, PrintWriter>();
75 * renewMainPrintWriter() renews the mapHostToMainFile object that lists all main PrintWriters
79 public void renewMainPrintWriter() {
81 mapHostToMainFile = new HashMap<String, PrintWriter>();
85 * initMainPolicy() initializes the main PrintWriter object to print the entire policies
87 * @param strConfigHost String hostname to be configured
90 public void initMainPolicy(String strConfigHost) {
92 PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
93 pwConfig.println("*filter"); // Print header for iptables-restore
97 * getMainPrintWriter() gets the main PrintWriter object to print the entire policies
99 * @param strHost String hostname to be configured
100 * @return PrintWriter
102 private PrintWriter getMainPrintWriter(String strHost) {
104 String strConfigHost = strHost + STR_POLICY_FILE_ALL;
105 // Return object if existing
106 if (mapHostToMainFile.containsKey(strConfigHost)) {
107 return mapHostToMainFile.get(strConfigHost);
109 // Simply create a new one if it doesn't exist
110 FileWriter fw = null;
112 fw = new FileWriter(strConfigHost + STR_POLICY_FILE_EXT);
113 } catch (IOException ex) {
114 ex.printStackTrace();
116 PrintWriter pwConfig = new PrintWriter(new BufferedWriter(fw));
117 mapHostToMainFile.put(strConfigHost, pwConfig);
123 * getPrintWriter() gets the right PrintWriter object to print policies to the right file
125 * @param strConfigHost String hostname to be configured
126 * @return PrintWriter
128 private PrintWriter getPrintWriter(String strConfigHost) {
130 // Return object if existing
131 if (mapHostToFile.containsKey(strConfigHost)) {
132 return mapHostToFile.get(strConfigHost);
134 // Simply create a new one if it doesn't exist
135 FileWriter fw = null;
137 fw = new FileWriter(strConfigHost + STR_POLICY_FILE_EXT);
138 } catch (IOException ex) {
139 ex.printStackTrace();
141 PrintWriter pwConfig = new PrintWriter(new BufferedWriter(fw));
142 //pwConfig.println("*filter"); // Print header for iptables-restore
143 mapHostToFile.put(strConfigHost, pwConfig);
149 * readFile() read the entire file and return a string
151 * @return String String that contains the content of the file
153 public String readFile(String filePath) {
155 String retStr = null;
157 retStr = new String(Files.readAllBytes(Paths.get(filePath)), StandardCharsets.UTF_8);
158 } catch (IOException ex) {
159 ex.printStackTrace();
165 * combineRouterPolicies() method combines the core router policies into the main file
167 * @param strConfigHost String hostname to be configured
170 public void combineRouterPolicies(String strConfigHost) {
172 PrintWriter pwConfigAll = getMainPrintWriter(strConfigHost);
173 PrintWriter pwConfig = getPrintWriter(strConfigHost);
175 String strPolicyList = readFile(strConfigHost + STR_POLICY_FILE_EXT);
176 pwConfigAll.print(strPolicyList);
180 * closeMain() closes all main PrintWriter objects
184 public void closeMain() {
186 for(PrintWriter pwConfig: mapHostToMainFile.values()) {
187 pwConfig.println("COMMIT"); // Add "COMMIT" statement to end the list for iptables-restore
193 * close() closes all PrintWriter objects
197 public void close() {
199 for(PrintWriter pwConfig: mapHostToFile.values()) {
205 * sendRouterPolicies() deploys policies on router
207 * @param strConfigHost String hostname to be configured
210 public void sendRouterPolicies(String strConfigHost) {
212 String strCmdSend = "scp " + strConfigHost + STR_POLICY_FILE_ALL + STR_POLICY_FILE_EXT + " " +
213 STR_SSH_USERNAME_ROUTER + "@" + strConfigHost + ":~;";
214 //System.out.println(strCmdSend);
215 deployPolicies(strCmdSend);
216 String strCmdDeploy = "ssh " + STR_SSH_USERNAME_ROUTER + "@" + strConfigHost +
217 " iptables-restore < ~/" + strConfigHost + STR_POLICY_FILE_ALL + STR_POLICY_FILE_EXT + "; rm ~/" + strConfigHost +
218 STR_POLICY_FILE_ALL + STR_POLICY_FILE_EXT + "; ";// +
219 // TODO: delete these later when we apply tight initial conditions (reject everything but SSH commands)
220 //"iptables -F startup_filter_tcp; iptables -F startup_filter_udp; " +
221 //"iptables -t filter -D FORWARD -j startup_filter_tcp; iptables -t filter -D FORWARD -j startup_filter_udp;";
222 //System.out.println(strCmdDeploy);
223 deployPolicies(strCmdDeploy);
227 * sendHostPolicies() deploys policies on host
229 * @param strConfigHost String hostname to be configured
232 public void sendHostPolicies(String strConfigHost) {
234 String strCmdSend = "scp " + strConfigHost + STR_POLICY_FILE_ALL + STR_POLICY_FILE_EXT + " " +
235 STR_SSH_USERNAME_HOST + "@" + strConfigHost + ":~;";
236 System.out.println(strCmdSend);
237 deployPolicies(strCmdSend);
238 String strCmdDeploy = "ssh " + STR_SSH_USERNAME_HOST + "@" + strConfigHost +
239 " sudo iptables-restore < ~/" + strConfigHost + STR_POLICY_FILE_ALL + STR_POLICY_FILE_EXT + "; rm ~/" + strConfigHost +
240 STR_POLICY_FILE_ALL + STR_POLICY_FILE_EXT + ";";
241 System.out.println(strCmdDeploy);
242 deployPolicies(strCmdDeploy);
246 * deployPolicies() method configures the policies
248 * @param strCommand String that contains command line
251 private void deployPolicies(String strCommand) {
254 Runtime runtime = Runtime.getRuntime();
255 Process process = runtime.exec(strCommand);
257 } catch (IOException ex) {
258 System.out.println("RouterConfig: IOException: " + ex.getMessage());
259 ex.printStackTrace();
260 } catch (InterruptedException ex) {
261 System.out.println("RouterConfig: InterruptException: " + ex.getMessage());
262 ex.printStackTrace();
267 * getAddressListObject() method returns the map from this class
269 * This method is useful for MAC policy class so that it doesn't have
270 * to query the router again
272 public Map<String, String> getAddressListObject() {
274 return mapMACtoIPAdd;
278 * getAddressListTmp() method gets list of IP addresses from /tmp/dhcp.leases
280 * This method sends an inquiry to the router to look for
281 * the list of DHCP leased addresses and their mapping to MAC
284 * @param strRouterAddress String that contains address of router
286 public void getAddressListTmp(String strRouterAddress) {
288 //HashMap<String,String> hmMACToIPAdd = new HashMap<String,String>();
290 // We can replace "cat /tmp/dhcp.leases" with "cat /proc/net/arp"
291 String cmd = "ssh " + STR_SSH_USERNAME_ROUTER + "@" + strRouterAddress +
292 " cat /tmp/dhcp.leases";
293 Runtime runtime = Runtime.getRuntime();
294 Process process = runtime.exec(cmd);
296 InputStream inStream = process.getInputStream();
297 InputStreamReader isReader = new InputStreamReader(inStream);
298 BufferedReader bReader = new BufferedReader(isReader);
299 String strRead = null;
300 while((strRead = bReader.readLine()) != null){
301 String[] str = strRead.split(" ");
302 mapMACtoIPAdd.put(str[1], str[2]);
304 } catch (IOException ex) {
305 System.out.println("RouterConfig: IOException: " + ex.getMessage());
306 ex.printStackTrace();
311 * getAddressListArp() method gets list of IP addresses from arp command
313 * This method sends an inquiry to the router to look for
314 * the list of DHCP leased addresses and their mapping to MAC
317 * @param strRouterAddress String that contains address of router
319 public void getAddressListArp(String strRouterAddress) {
321 //HashMap<String,String> hmMACToIPAdd = new HashMap<String,String>();
323 // We replace with "cat /usr/sbin/arp"
324 String cmd = "ssh " + STR_SSH_USERNAME_RASPBERRYPI + "@" + strRouterAddress +
326 Runtime runtime = Runtime.getRuntime();
327 Process process = runtime.exec(cmd);
329 InputStream inStream = process.getInputStream();
330 InputStreamReader isReader = new InputStreamReader(inStream);
331 BufferedReader bReader = new BufferedReader(isReader);
332 String strRead = null;
333 while((strRead = bReader.readLine()) != null){
334 String[] str = strRead.split("\\s+");
335 // Skip if "(incomplete)" is seen!
336 if (str[1].equals(STR_INCOMPLETE))
338 mapMACtoIPAdd.put(str[2], str[0]);
340 } catch (IOException ex) {
341 System.out.println("RouterConfig: IOException: " + ex.getMessage());
342 ex.printStackTrace();
347 * getIPFromMACAddress() method gets IP from MAC address
349 * @return String String that contains IP address from the MAC-IP mapping
351 public String getIPFromMACAddress(String strMACAddress) {
353 String strIPAddress = mapMACtoIPAdd.get(strMACAddress);
354 if (strIPAddress == null) {
355 throw new Error("RouterConfig: MAC address " + strMACAddress + " not found on the list! Please check if device is present in /tmp/dhcp.leases!");
361 * configureRouterMainPolicies() method configures the router
363 * This method configures the router's main policies
364 * This method creates a command line using 'ssh' and 'iptables'
365 * to access the router and create Netfilter statements
367 * @param strConfigHost String hostname to be configured
368 * @param strFirstHost String first host
369 * @param strSecondHost String second host
370 * @param strProtocol String protocol TCP/UDP
371 * @param iSrcPort Integer source port number
372 * @param iDstPort Integer destination port number
375 public void configureRouterMainPolicies(String strConfigHost, String strFirstHost,
376 String strSecondHost, String strProtocol, int iSrcPort, int iDstPort) {
378 PrintWriter pwConfig = getPrintWriter(strConfigHost);
379 pwConfig.println("-I FORWARD -j ACCEPT -s " + strFirstHost + " -d " +
380 strSecondHost + " -p " + strProtocol + " --dport " + iDstPort);
381 pwConfig.println("-I FORWARD -j ACCEPT -s " + strFirstHost + " -d " +
382 strSecondHost + " -p " + strProtocol + " --sport " + iSrcPort);
383 pwConfig.println("-I FORWARD -j ACCEPT -s " + strSecondHost + " -d " +
384 strFirstHost + " -p " + strProtocol + " --sport " + iDstPort);
385 pwConfig.println("-I FORWARD -j ACCEPT -s " + strSecondHost + " -d " +
386 strFirstHost + " -p " + strProtocol + " --dport " + iSrcPort);
390 * configureRouterMainPolicies() method configures the router
392 * This method configures the router's main policies
393 * This method creates a command line using 'ssh' and 'iptables'
394 * to access the router and create Netfilter statements
396 * @param strConfigHost String hostname to be configured
397 * @param strFirstHost String first host
398 * @param strSecondHost String second host
399 * @param strProtocol String protocol TCP/UDP
400 * @param iPort Integer port number
403 public void configureRouterMainPolicies(String strConfigHost, String strFirstHost,
404 String strSecondHost, String strProtocol, int iPort) {
406 PrintWriter pwConfig = getPrintWriter(strConfigHost);
407 pwConfig.println("-I FORWARD -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
408 " -p " + strProtocol + " --dport " + iPort);
409 pwConfig.println("-I FORWARD -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
410 " -p " + strProtocol + " --sport " + iPort);
411 pwConfig.println("-I FORWARD -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
412 " -p " + strProtocol + " --dport " + iPort);
413 pwConfig.println("-I FORWARD -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
414 " -p " + strProtocol + " --sport " + iPort);
418 * configureRouterMainPolicies() method configures the router
420 * This method is the same as the first configureRouterMainPolicies(),
421 * but it doesn't specify a certain port for the communication
423 * @param strConfigHost String hostname to be configured
424 * @param strFirstHost String first host
425 * @param strSecondHost String second host
426 * @param strProtocol String protocol TCP/UDP
429 public void configureRouterMainPolicies(String strConfigHost, String strFirstHost,
430 String strSecondHost, String strProtocol) {
432 PrintWriter pwConfig = getPrintWriter(strConfigHost);
433 pwConfig.println("-I FORWARD -j ACCEPT -s " + strFirstHost +
434 " -d " + strSecondHost + " -p " + strProtocol);
435 pwConfig.println("-I FORWARD -j ACCEPT -s " + strSecondHost +
436 " -d " + strFirstHost + " -p " + strProtocol);
441 * configureRouterMainPolicies() method configures the router
443 * This method is the same as the first configureRouterMainPolicies(),
444 * but it doesn't specify a certain port and protocol for the communication
446 * @param strConfigHost String hostname to be configured
447 * @param strFirstHost String first host
448 * @param strSecondHost String second host
451 public void configureRouterMainPolicies(String strConfigHost, String strFirstHost, String strSecondHost) {
453 PrintWriter pwConfig = getPrintWriter(strConfigHost);
454 pwConfig.println("-I FORWARD -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost);
455 pwConfig.println("-I FORWARD -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost);
460 * configureHostMainPolicies() method configures the host
462 * This method configures the host with router's policies
464 * @param strConfigHost String hostname to be configured
465 * @param strFirstHost String first host
466 * @param strSecondHost String second host
467 * @param strProtocol String protocol TCP/UDP
468 * @param iSrcPort Integer source port number
469 * @param iDstPort Integer destination port number
472 public void configureHostMainPolicies(String strConfigHost, String strFirstHost,
473 String strSecondHost, String strProtocol, int iSrcPort, int iDstPort) {
475 PrintWriter pwConfig = getPrintWriter(strConfigHost);
476 pwConfig.println("-I INPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
477 " -p " + strProtocol + " --dport " + iDstPort);
478 pwConfig.println("-I INPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
479 " -p " + strProtocol + " --sport " + iSrcPort);
480 pwConfig.println("-I INPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
481 " -p " + strProtocol + " --sport " + iDstPort);
482 pwConfig.println("-I INPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
483 " -p " + strProtocol + " --dport " + iSrcPort);
484 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
485 " -p " + strProtocol + " --dport " + iDstPort);
486 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
487 " -p " + strProtocol + " --sport " + iSrcPort);
488 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
489 " -p " + strProtocol + " --sport " + iDstPort);
490 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
491 " -p " + strProtocol + " --dport " + iSrcPort);
496 * configureHostMainPolicies() method configures the host
498 * This method configures the host with router's policies
500 * @param strConfigHost String hostname to be configured
501 * @param strFirstHost String first host
502 * @param strSecondHost String second host
503 * @param strProtocol String protocol TCP/UDP
504 * @param iPort Integer port number
507 public void configureHostMainPolicies(String strConfigHost, String strFirstHost,
508 String strSecondHost, String strProtocol, int iPort) {
510 PrintWriter pwConfig = getPrintWriter(strConfigHost);
511 pwConfig.println("-I INPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
512 " -p " + strProtocol + " --dport " + iPort);
513 pwConfig.println("-I INPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
514 " -p " + strProtocol + " --sport " + iPort);
515 pwConfig.println("-I INPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
516 " -p " + strProtocol + " --dport " + iPort);
517 pwConfig.println("-I INPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
518 " -p " + strProtocol + " --sport " + iPort);
519 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
520 " -p " + strProtocol + " --dport " + iPort);
521 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
522 " -p " + strProtocol + " --sport " + iPort);
523 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
524 " -p " + strProtocol + " --dport " + iPort);
525 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
526 " -p " + strProtocol + " --sport " + iPort);
530 * configureHostMainPolicies() method configures the host
532 * This method is the same as the first configureHostMainPolicies(),
533 * but it doesn't specify a certain port for the communication
535 * @param strConfigHost String hostname to be configured
536 * @param strFirstHost String first host
537 * @param strSecondHost String second host
538 * @param strProtocol String protocol TCP/UDP
541 public void configureHostMainPolicies(String strConfigHost, String strFirstHost,
542 String strSecondHost, String strProtocol) {
544 PrintWriter pwConfig = getPrintWriter(strConfigHost);
545 pwConfig.println("-I INPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
546 " -p " + strProtocol);
547 pwConfig.println("-I INPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
548 " -p " + strProtocol);
549 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
550 " -p " + strProtocol);
551 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
552 " -p " + strProtocol);
556 * configureHostMainPolicies() method configures the host
558 * This method is the same as the first configureHostMainPolicies(),
559 * but it doesn't specify a certain port and protocol for the communication
561 * @param strConfigHost String hostname to be configured
562 * @param strFirstHost String first host
563 * @param strSecondHost String second host
566 public void configureHostMainPolicies(String strConfigHost, String strFirstHost, String strSecondHost) {
568 PrintWriter pwConfig = getPrintWriter(strConfigHost);
569 pwConfig.println("-I INPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost);
570 pwConfig.println("-I INPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost);
571 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost);
572 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost);
577 * configureRouterHTTPPolicies() method configures the router
579 * This method configures the router's basic policies
580 * This method creates a command line using 'ssh' and 'iptables'
581 * to access the router and create Netfilter statements
583 * @param strConfigHost String hostname to be configured
584 * @param strFirstHost String first host address (source)
585 * @param strSecondHost String second host address (destination)
588 public void configureRouterHTTPPolicies(String strConfigHost, String strFirstHost, String strSecondHost) {
590 PrintWriter pwConfig = getPrintWriter(strConfigHost);
592 pwConfig.println("-I FORWARD -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
593 " -p tcp --dport http");
594 pwConfig.println("-I FORWARD -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
595 " -p tcp --sport http");
596 pwConfig.println("-I FORWARD -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
597 " -p tcp --dport http");
598 pwConfig.println("-I FORWARD -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
599 " -p tcp --sport http");
601 pwConfig.println("-I FORWARD -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
602 " -p tcp --dport https");
603 pwConfig.println("-I FORWARD -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
604 " -p tcp --sport https");
605 pwConfig.println("-I FORWARD -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
606 " -p tcp --dport https");
607 pwConfig.println("-I FORWARD -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
608 " -p tcp --sport https");
614 * configureRouterICMPPolicies() method configures the router
616 * This method configures the router's basic policies
617 * This method creates a command line using 'ssh' and 'iptables'
618 * to access the router and create Netfilter statements
620 * @param strConfigHost String hostname to be configured
623 public void configureRouterICMPPolicies(String strConfigHost) {
625 PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
627 pwConfig.println("-A FORWARD -j ACCEPT -p icmp");
628 pwConfig.println("-A INPUT -j ACCEPT -p icmp");
629 pwConfig.println("-A OUTPUT -j ACCEPT -p icmp");
633 * configureRouterICMPPolicies() method configures the router
635 * This method configures the router's basic policies
636 * This method creates a command line using 'ssh' and 'iptables'
637 * to access the router and create Netfilter statements
639 * @param strConfigHost String hostname to be configured
640 * @param strMonitorHost String monitor address
643 public void configureRouterICMPPolicies(String strConfigHost, String strMonitorHost) {
645 PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
647 pwConfig.println("-A FORWARD -j ACCEPT -p icmp");
648 pwConfig.println("-A INPUT -j ACCEPT -s " + strMonitorHost +
649 " -d " + strConfigHost + " -p icmp");
650 pwConfig.println("-A INPUT -j ACCEPT -s " + strConfigHost +
651 " -d " + strMonitorHost + " -p icmp");
652 pwConfig.println("-A OUTPUT -j ACCEPT -s " + strMonitorHost +
653 " -d " + strConfigHost + " -p icmp");
654 pwConfig.println("-A OUTPUT -j ACCEPT -s " + strConfigHost +
655 " -d " + strMonitorHost + " -p icmp");
659 * configureRouterSSHPolicies() method configures the router
661 * This method configures the router's basic policies
662 * This method creates a command line using 'ssh' and 'iptables'
663 * to access the router and create Netfilter statements
665 * @param strConfigHost String hostname to be configured
666 * @param strMonitorHost String monitor address
669 public void configureRouterSSHPolicies(String strConfigHost, String strMonitorHost) {
671 PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
672 // Allow SSH - port 22 (only from monitor host)
673 pwConfig.println("-A INPUT -j ACCEPT -s " +
674 strMonitorHost + " -d " + strConfigHost + " -p tcp --dport ssh");
675 pwConfig.println("-A INPUT -j ACCEPT -s " +
676 strMonitorHost + " -d " + strConfigHost + " -p tcp --sport ssh");
677 pwConfig.println("-A INPUT -j ACCEPT -s " +
678 strConfigHost + " -d " + strMonitorHost + " -p tcp --dport ssh");
679 pwConfig.println("-A INPUT -j ACCEPT -s " +
680 strConfigHost + " -d " + strMonitorHost + " -p tcp --sport ssh");
681 pwConfig.println("-A OUTPUT -j ACCEPT -s " +
682 strMonitorHost + " -d " + strConfigHost + " -p tcp --dport ssh");
683 pwConfig.println("-A OUTPUT -j ACCEPT -s " +
684 strMonitorHost + " -d " + strConfigHost + " -p tcp --sport ssh");
685 pwConfig.println("-A OUTPUT -j ACCEPT -s " +
686 strConfigHost + " -d " + strMonitorHost + " -p tcp --dport ssh");
687 pwConfig.println("-A OUTPUT -j ACCEPT -s " +
688 strConfigHost + " -d " + strMonitorHost + " -p tcp --sport ssh");
689 //pwConfig.println("-A FORWARD -j ACCEPT -p tcp --dport ssh");
690 //pwConfig.println("-A FORWARD -j ACCEPT -p tcp --sport ssh");
695 * configureRouterDHCPPolicies() method configures the router
697 * This method configures the router's basic policies
698 * This method creates a command line using 'ssh' and 'iptables'
699 * to access the router and create Netfilter statements
701 * @param strConfigHost String hostname to be configured
704 public void configureRouterDHCPPolicies(String strConfigHost) {
706 PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
707 // Allow DHCP renew - BOOTP Client port 68 / BOOTP Server port 67
708 pwConfig.println("-A INPUT -j ACCEPT -p udp --dport bootpc");
709 pwConfig.println("-A INPUT -j ACCEPT -p udp --sport bootpc");
710 pwConfig.println("-A OUTPUT -j ACCEPT -p udp --dport bootps");
711 pwConfig.println("-A OUTPUT -j ACCEPT -p udp --sport bootps");
715 * configureRouterDNSPolicies() method configures the router
717 * This method configures the router's basic policies
718 * This method creates a command line using 'ssh' and 'iptables'
719 * to access the router and create Netfilter statements
721 * @param strConfigHost String hostname to be configured
724 public void configureRouterDNSPolicies(String strConfigHost) {
726 PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
727 // Allow DNS UDP and TCP port 53
728 pwConfig.println("-A INPUT -j ACCEPT -p tcp --dport domain");
729 pwConfig.println("-A INPUT -j ACCEPT -p tcp --sport domain");
730 pwConfig.println("-A OUTPUT -j ACCEPT -p tcp --dport domain");
731 pwConfig.println("-A OUTPUT -j ACCEPT -p tcp --sport domain");
732 pwConfig.println("-A INPUT -j ACCEPT -p udp --dport domain");
733 pwConfig.println("-A INPUT -j ACCEPT -p udp --sport domain");
734 pwConfig.println("-A OUTPUT -j ACCEPT -p udp --dport domain");
735 pwConfig.println("-A OUTPUT -j ACCEPT -p udp --sport domain");
739 * configureRejectPolicies() method configures the router
741 * This method configures the router's basic policies
742 * This method creates a command line using 'ssh' and 'iptables'
743 * to access the router and create Netfilter statements
745 * @param strConfigHost String hostname to be configured
748 public void configureRejectPolicies(String strConfigHost) {
750 PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
751 // Reject every other thing
752 pwConfig.println("-A FORWARD -j REJECT");
753 pwConfig.println("-A INPUT -j REJECT");
754 pwConfig.println("-A OUTPUT -j REJECT");
758 * configureRouterNATPolicy() method configures the router
760 * This method configures the NAT policy separately.
761 * Somehow SSH in Java is not able to combine other commands for
762 * iptables rules configuration and NAT configuration.
764 * @param strConfigHost String hostname to be configured
767 public void configureRouterNATPolicy(String strConfigHost) {
769 PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
771 pwConfig.println("-t nat -A POSTROUTING -o eth0 -j MASQUERADE");
772 // Add the following 2 lines
773 pwConfig.println("-A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT");
774 pwConfig.println("-A FORWARD -i wlan0 -o eth0 -j ACCEPT");
778 * configureHostHTTPPolicies() method configures the host
780 * This method configures the host with HTTP policies
782 * @param strConfigHost String hostname to be configured
783 * @param strFirstHost String first host address (source)
784 * @param strSecondHost String second host address (destination)
787 public void configureHostHTTPPolicies(String strConfigHost, String strFirstHost, String strSecondHost) {
789 PrintWriter pwConfig = getPrintWriter(strConfigHost);
791 pwConfig.println("-I INPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
792 " -p tcp --dport http");
793 pwConfig.println("-I INPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
794 " -p tcp --sport http");
795 pwConfig.println("-I INPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
796 " -p tcp --dport http");
797 pwConfig.println("-I INPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
798 " -p tcp --sport http");
799 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
800 " -p tcp --dport http");
801 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
802 " -p tcp --sport http");
803 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
804 " -p tcp --dport http");
805 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
806 " -p tcp --sport http");
808 pwConfig.println("-I INPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
809 " -p tcp --dport https");
810 pwConfig.println("-I INPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
811 " -p tcp --sport https");
812 pwConfig.println("-I INPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
813 " -p tcp --dport https");
814 pwConfig.println("-I INPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
815 " -p tcp --sport https");
816 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
817 " -p tcp --dport https");
818 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strFirstHost + " -d " + strSecondHost +
819 " -p tcp --sport https");
820 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
821 " -p tcp --dport https");
822 pwConfig.println("-I OUTPUT -j ACCEPT -s " + strSecondHost + " -d " + strFirstHost +
823 " -p tcp --sport https");
827 * configureHostICMPPolicies() method configures the host
829 * This method configures the host with router's policies
831 * @param strConfigHost String hostname to be configured
834 public void configureHostICMPPolicies(String strConfigHost) {
836 PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
838 pwConfig.println("-A INPUT -j ACCEPT -p icmp");
839 pwConfig.println("-A OUTPUT -j ACCEPT -p icmp");
843 * configureHostSQLPolicies() method configures the host
845 * This method configures the host with router's policies
847 * @param strConfigHost String hostname to be configured
850 public void configureHostSQLPolicies(String strConfigHost) {
852 PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
854 pwConfig.println("-A INPUT -j ACCEPT -p tcp --dport mysql");
855 pwConfig.println("-A INPUT -j ACCEPT -p tcp --sport mysql");
856 pwConfig.println("-A OUTPUT -j ACCEPT -p tcp --dport mysql");
857 pwConfig.println("-A OUTPUT -j ACCEPT -p tcp --sport mysql");
861 * configureHostICMPPolicies() method configures the host
863 * This method configures the host with router's policies
865 * @param strConfigHost String hostname to be configured
866 * @param strMonitorHost String monitor address
869 public void configureHostICMPPolicies(String strConfigHost, String strMonitorHost) {
871 PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
873 pwConfig.println("-A INPUT -j ACCEPT -s " + strMonitorHost +
874 " -d " + strConfigHost + " -p icmp");
875 pwConfig.println("-A INPUT -j ACCEPT -s " + strConfigHost +
876 " -d " + strMonitorHost + " -p icmp");
877 pwConfig.println("-A OUTPUT -j ACCEPT -s " + strMonitorHost +
878 " -d " + strConfigHost + " -p icmp");
879 pwConfig.println("-A OUTPUT -j ACCEPT -s " + strConfigHost +
880 " -d " + strMonitorHost + " -p icmp");
885 * configureHostSSHPolicies() method configures the host
887 * This method configures the host with router's policies
889 * @param strConfigHost String hostname to be configured
892 public void configureHostSSHPolicies(String strConfigHost) {
894 PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
895 // Allow SSH - port 22
896 pwConfig.println("-A INPUT -j ACCEPT -p tcp --dport ssh");
897 pwConfig.println("-A INPUT -j ACCEPT -p tcp --sport ssh");
898 pwConfig.println("-A OUTPUT -j ACCEPT -p tcp --dport ssh");
899 pwConfig.println("-A OUTPUT -j ACCEPT -p tcp --sport ssh");
900 pwConfig.println("-A FORWARD -j ACCEPT -p tcp --dport ssh");
901 pwConfig.println("-A FORWARD -j ACCEPT -p tcp --sport ssh");
906 * configureHostSSHPolicies() method configures the host
908 * This method configures the host with router's policies
910 * @param strConfigHost String hostname to be configured
911 * @param strMonitorHost String monitor address
914 public void configureHostSSHPolicies(String strConfigHost, String strMonitorHost) {
916 PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
917 // Allow SSH - port 22
918 pwConfig.println("-A INPUT -j ACCEPT -s " +
919 strMonitorHost + " -d " + strConfigHost + " -p tcp --dport ssh");
920 pwConfig.println("-A INPUT -j ACCEPT -s " +
921 strMonitorHost + " -d " + strConfigHost + " -p tcp --sport ssh");
922 pwConfig.println("-A INPUT -j ACCEPT -s " +
923 strConfigHost + " -d " + strMonitorHost + " -p tcp --dport ssh");
924 pwConfig.println("-A INPUT -j ACCEPT -s " +
925 strConfigHost + " -d " + strMonitorHost + " -p tcp --sport ssh");
926 pwConfig.println("-A OUTPUT -j ACCEPT -s " +
927 strMonitorHost + " -d " + strConfigHost + " -p tcp --dport ssh");
928 pwConfig.println("-A OUTPUT -j ACCEPT -s " +
929 strMonitorHost + " -d " + strConfigHost + " -p tcp --sport ssh");
930 pwConfig.println("-A OUTPUT -j ACCEPT -s " +
931 strConfigHost + " -d " + strMonitorHost + " -p tcp --dport ssh");
932 pwConfig.println("-A OUTPUT -j ACCEPT -s " +
933 strConfigHost + " -d " + strMonitorHost + " -p tcp --sport ssh");
938 * configureHostDHCPPolicies() method configures the host
940 * This method configures the host with router's policies
942 * @param strConfigHost String hostname to be configured
945 public void configureHostDHCPPolicies(String strConfigHost) {
947 PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
948 // Allow DHCP renew - BOOTP Client port 68 / BOOTP Server port 67
949 pwConfig.println("-A INPUT -j ACCEPT -p udp --dport bootpc");
950 pwConfig.println("-A INPUT -j ACCEPT -p udp --sport bootpc");
951 pwConfig.println("-A OUTPUT -j ACCEPT -p udp --dport bootps");
952 pwConfig.println("-A OUTPUT -j ACCEPT -p udp --sport bootps");
957 * configureHostDNSPolicies() method configures the host
959 * This method configures the host with router's policies
961 * @param strConfigHost String hostname to be configured
964 public void configureHostDNSPolicies(String strConfigHost) {
966 PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
967 // Allow DNS UDP and TCP port 53
968 pwConfig.println("-A INPUT -j ACCEPT -p tcp --dport domain");
969 pwConfig.println("-A INPUT -j ACCEPT -p tcp --sport domain");
970 pwConfig.println("-A OUTPUT -j ACCEPT -p tcp --dport domain");
971 pwConfig.println("-A OUTPUT -j ACCEPT -p tcp --sport domain");
972 pwConfig.println("-A INPUT -j ACCEPT -p udp --dport domain");
973 pwConfig.println("-A INPUT -j ACCEPT -p udp --sport domain");
974 pwConfig.println("-A OUTPUT -j ACCEPT -p udp --dport domain");
975 pwConfig.println("-A OUTPUT -j ACCEPT -p udp --sport domain");