1d8c64026aaae5a9987151b719bd840ec7d68747aJeff Sharkey/* 2d8c64026aaae5a9987151b719bd840ec7d68747aJeff Sharkey * Copyright (C) 2012 The Android Open Source Project 3d8c64026aaae5a9987151b719bd840ec7d68747aJeff Sharkey * 4d8c64026aaae5a9987151b719bd840ec7d68747aJeff Sharkey * Licensed under the Apache License, Version 2.0 (the "License"); 5d8c64026aaae5a9987151b719bd840ec7d68747aJeff Sharkey * you may not use this file except in compliance with the License. 6d8c64026aaae5a9987151b719bd840ec7d68747aJeff Sharkey * You may obtain a copy of the License at 7d8c64026aaae5a9987151b719bd840ec7d68747aJeff Sharkey * 8d8c64026aaae5a9987151b719bd840ec7d68747aJeff Sharkey * http://www.apache.org/licenses/LICENSE-2.0 9d8c64026aaae5a9987151b719bd840ec7d68747aJeff Sharkey * 10d8c64026aaae5a9987151b719bd840ec7d68747aJeff Sharkey * Unless required by applicable law or agreed to in writing, software 11d8c64026aaae5a9987151b719bd840ec7d68747aJeff Sharkey * distributed under the License is distributed on an "AS IS" BASIS, 12d8c64026aaae5a9987151b719bd840ec7d68747aJeff Sharkey * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13d8c64026aaae5a9987151b719bd840ec7d68747aJeff Sharkey * See the License for the specific language governing permissions and 14d8c64026aaae5a9987151b719bd840ec7d68747aJeff Sharkey * limitations under the License. 15d8c64026aaae5a9987151b719bd840ec7d68747aJeff Sharkey */ 16d8c64026aaae5a9987151b719bd840ec7d68747aJeff Sharkey 17d8c64026aaae5a9987151b719bd840ec7d68747aJeff Sharkey#ifndef _FIREWALL_CONTROLLER_H 18d8c64026aaae5a9987151b719bd840ec7d68747aJeff Sharkey#define _FIREWALL_CONTROLLER_H 19d8c64026aaae5a9987151b719bd840ec7d68747aJeff Sharkey 20d8c64026aaae5a9987151b719bd840ec7d68747aJeff Sharkey#include <string> 21d8c64026aaae5a9987151b719bd840ec7d68747aJeff Sharkey 22d8c64026aaae5a9987151b719bd840ec7d68747aJeff Sharkeyenum FirewallRule { ALLOW, DENY }; 23d8c64026aaae5a9987151b719bd840ec7d68747aJeff Sharkey 24d8c64026aaae5a9987151b719bd840ec7d68747aJeff Sharkey#define PROTOCOL_TCP 6 25d8c64026aaae5a9987151b719bd840ec7d68747aJeff Sharkey#define PROTOCOL_UDP 17 26d8c64026aaae5a9987151b719bd840ec7d68747aJeff Sharkey 27d8c64026aaae5a9987151b719bd840ec7d68747aJeff Sharkey/* 28d8c64026aaae5a9987151b719bd840ec7d68747aJeff Sharkey * Simple firewall that drops all packets except those matching explicitly 29d8c64026aaae5a9987151b719bd840ec7d68747aJeff Sharkey * defined ALLOW rules. 30d8c64026aaae5a9987151b719bd840ec7d68747aJeff Sharkey */ 31d8c64026aaae5a9987151b719bd840ec7d68747aJeff Sharkeyclass FirewallController { 32d8c64026aaae5a9987151b719bd840ec7d68747aJeff Sharkeypublic: 33d8c64026aaae5a9987151b719bd840ec7d68747aJeff Sharkey FirewallController(); 34d8c64026aaae5a9987151b719bd840ec7d68747aJeff Sharkey 35d8c64026aaae5a9987151b719bd840ec7d68747aJeff Sharkey int setupIptablesHooks(void); 36d8c64026aaae5a9987151b719bd840ec7d68747aJeff Sharkey 37d8c64026aaae5a9987151b719bd840ec7d68747aJeff Sharkey int enableFirewall(void); 38d8c64026aaae5a9987151b719bd840ec7d68747aJeff Sharkey int disableFirewall(void); 39d8c64026aaae5a9987151b719bd840ec7d68747aJeff Sharkey int isFirewallEnabled(void); 40d8c64026aaae5a9987151b719bd840ec7d68747aJeff Sharkey 41d8c64026aaae5a9987151b719bd840ec7d68747aJeff Sharkey /* Match traffic going in/out over the given iface. */ 42d8c64026aaae5a9987151b719bd840ec7d68747aJeff Sharkey int setInterfaceRule(const char*, FirewallRule); 43d8c64026aaae5a9987151b719bd840ec7d68747aJeff Sharkey /* Match traffic coming-in-to or going-out-from given address. */ 44d8c64026aaae5a9987151b719bd840ec7d68747aJeff Sharkey int setEgressSourceRule(const char*, FirewallRule); 45d8c64026aaae5a9987151b719bd840ec7d68747aJeff Sharkey /* Match traffic coming-in-from or going-out-to given address, port, and protocol. */ 46d8c64026aaae5a9987151b719bd840ec7d68747aJeff Sharkey int setEgressDestRule(const char*, int, int, FirewallRule); 47d8c64026aaae5a9987151b719bd840ec7d68747aJeff Sharkey /* Match traffic owned by given UID. */ 48d8c64026aaae5a9987151b719bd840ec7d68747aJeff Sharkey int setUidRule(int, FirewallRule); 49d8c64026aaae5a9987151b719bd840ec7d68747aJeff Sharkey 50d8c64026aaae5a9987151b719bd840ec7d68747aJeff Sharkey static const char* LOCAL_INPUT; 51d8c64026aaae5a9987151b719bd840ec7d68747aJeff Sharkey static const char* LOCAL_OUTPUT; 52d8c64026aaae5a9987151b719bd840ec7d68747aJeff Sharkey static const char* LOCAL_FORWARD; 53d8c64026aaae5a9987151b719bd840ec7d68747aJeff Sharkey 54d8c64026aaae5a9987151b719bd840ec7d68747aJeff Sharkey}; 55d8c64026aaae5a9987151b719bd840ec7d68747aJeff Sharkey 56d8c64026aaae5a9987151b719bd840ec7d68747aJeff Sharkey#endif 57