mirror of https://github.com/subgraph/fw-daemon
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
49 lines
1.1 KiB
49 lines
1.1 KiB
package main
|
|
|
|
import (
|
|
"fmt"
|
|
"os"
|
|
"os/exec"
|
|
"strings"
|
|
)
|
|
|
|
const iptablesRule = "-t mangle -%c OUTPUT -m conntrack --ctstate NEW -j NFQUEUE --queue-num 0 --queue-bypass"
|
|
const dnsRule = "-%c INPUT --protocol udp -m multiport --source-ports 53 -j NFQUEUE --queue-num 0 --queue-bypass"
|
|
|
|
func setupIPTables() {
|
|
removeIPTRules(dnsRule, iptablesRule)
|
|
addIPTRules(iptablesRule, dnsRule)
|
|
}
|
|
|
|
func removeIPTRules(rules ...string) {
|
|
for _, r := range rules {
|
|
iptables('D', r)
|
|
}
|
|
}
|
|
|
|
func addIPTRules(rules ...string) {
|
|
for _, r := range rules {
|
|
iptables('I', r)
|
|
}
|
|
}
|
|
|
|
func iptables(verb rune, rule string) {
|
|
|
|
iptablesPath, err := exec.LookPath("iptables")
|
|
if err != nil {
|
|
log.Warning("Could not find iptables binary in path")
|
|
os.Exit(1)
|
|
}
|
|
|
|
argLine := fmt.Sprintf(rule, verb)
|
|
args := strings.Fields(argLine)
|
|
fmt.Println(iptablesPath, argLine)
|
|
cmd := exec.Command(iptablesPath, args...)
|
|
out, err := cmd.CombinedOutput()
|
|
fmt.Fprintf(os.Stderr, string(out))
|
|
_, exitErr := err.(*exec.ExitError)
|
|
if err != nil && !exitErr {
|
|
log.Warning("Error reading output: %v", err)
|
|
}
|
|
}
|