mirror of
https://github.com/bettercap/bettercap
synced 2025-07-06 04:52:10 -07:00
76 lines
1.6 KiB
Go
76 lines
1.6 KiB
Go
package firewall
|
|
|
|
import (
|
|
"fmt"
|
|
"io/ioutil"
|
|
"os"
|
|
"strings"
|
|
|
|
"github.com/bettercap/bettercap/v2/core"
|
|
"github.com/bettercap/bettercap/v2/network"
|
|
"github.com/evilsocket/islazy/fs"
|
|
"github.com/evilsocket/islazy/str"
|
|
)
|
|
|
|
type LinuxFirewall struct {
|
|
iface *network.Endpoint
|
|
forwarding bool
|
|
restore bool
|
|
redirections map[string]*Redirection
|
|
}
|
|
|
|
const (
|
|
IPV4ForwardingFile = "/proc/sys/net/ipv4/ip_forward"
|
|
IPV6ForwardingFile = "/proc/sys/net/ipv6/conf/all/forwarding"
|
|
)
|
|
|
|
func Make(iface *network.Endpoint) FirewallManager {
|
|
firewall := &LinuxFirewall{
|
|
iface: iface,
|
|
forwarding: false,
|
|
restore: false,
|
|
redirections: make(map[string]*Redirection),
|
|
}
|
|
firewall.forwarding = firewall.IsForwardingEnabled()
|
|
return firewall
|
|
}
|
|
|
|
func (f *LinuxFirewall) enableFeature(filename string, enable bool) error {
|
|
value := "0"
|
|
if enable {
|
|
value = "1"
|
|
}
|
|
|
|
fd, err := os.OpenFile(filename, os.O_CREATE|os.O_WRONLY, 0600)
|
|
if err != nil {
|
|
return fmt.Errorf("failed to open file %s: %w", filename, err)
|
|
}
|
|
defer fd.Close()
|
|
|
|
if _, err := fd.WriteString(value); err != nil {
|
|
return fmt.Errorf("failed to write to file %s: %w", filename, err)
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (f *LinuxFirewall) IsForwardingEnabled() bool {
|
|
content, err := ioutil.ReadFile(IPV4ForwardingFile)
|
|
if err != nil {
|
|
return false
|
|
}
|
|
return str.Trim(string(content)) == "1"
|
|
}
|
|
|
|
func (f *LinuxFirewall) EnableForwarding(enabled bool) error {
|
|
if err := f.enableFeature(IPV4ForwardingFile, enabled); err != nil {
|
|
return err
|
|
}
|
|
|
|
if fs.Exists(IPV6ForwardingFile) {
|
|
if err := f.enableFeature(IPV6ForwardingFile, enabled); err != nil {
|
|
return err
|
|
}
|
|
}
|
|
|
|
f.restore = true
|
|
return nil
|