iptables.h revision 0e7a658e0f72b0d2113f5c06136620236dde96f9
1// Copyright 2014 The Chromium OS Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#ifndef FIREWALLD_IPTABLES_H_ 6#define FIREWALLD_IPTABLES_H_ 7 8#include <stdint.h> 9 10#include <string> 11#include <unordered_set> 12 13#include <base/macros.h> 14#include <chromeos/errors/error.h> 15 16#include "firewalld/dbus_adaptor/org.chromium.Firewalld.h" 17 18namespace firewalld { 19 20enum ProtocolEnum { kProtocolTcp, kProtocolUdp }; 21 22class IpTables : public org::chromium::FirewalldInterface { 23 public: 24 IpTables(); 25 ~IpTables(); 26 27 // D-Bus methods. 28 bool PunchTcpHole(chromeos::ErrorPtr* error, 29 uint16_t in_port, 30 bool* out_success); 31 bool PunchUdpHole(chromeos::ErrorPtr* error, 32 uint16_t in_port, 33 bool* out_success); 34 bool PlugTcpHole(chromeos::ErrorPtr* error, 35 uint16_t in_port, 36 bool* out_success); 37 bool PlugUdpHole(chromeos::ErrorPtr* error, 38 uint16_t in_port, 39 bool* out_success); 40 41 protected: 42 // Test-only. 43 explicit IpTables(const std::string& path); 44 45 private: 46 friend class IpTablesTest; 47 48 bool PunchHole(uint16_t port, 49 std::unordered_set<uint16_t>* holes, 50 enum ProtocolEnum protocol); 51 bool PlugHole(uint16_t port, 52 std::unordered_set<uint16_t>* holes, 53 enum ProtocolEnum protocol); 54 55 void PlugAllHoles(); 56 57 bool AddAllowRule(enum ProtocolEnum protocol, 58 uint16_t port); 59 bool DeleteAllowRule(enum ProtocolEnum protocol, 60 uint16_t port); 61 62 std::string executable_path_; 63 64 // Keep track of firewall holes to avoid adding redundant firewall rules. 65 std::unordered_set<uint16_t> tcp_holes_; 66 std::unordered_set<uint16_t> udp_holes_; 67 68 DISALLOW_COPY_AND_ASSIGN(IpTables); 69}; 70 71} // namespace firewalld 72 73#endif // FIREWALLD_IPTABLES_H_ 74