iptables.h revision eee27d2ce09514ff5d758f2e2b43b1b1f8832775
1// Copyright 2014 The Chromium OS Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#ifndef FIREWALLD_IPTABLES_H_ 6#define FIREWALLD_IPTABLES_H_ 7 8#include <stdint.h> 9 10#include <set> 11#include <string> 12#include <utility> 13 14#include <base/macros.h> 15#include <chromeos/errors/error.h> 16 17#include "firewalld/dbus_adaptor/org.chromium.Firewalld.h" 18 19namespace firewalld { 20 21enum ProtocolEnum { kProtocolTcp, kProtocolUdp }; 22 23class IpTables : public org::chromium::FirewalldInterface { 24 public: 25 typedef std::pair<uint16_t, std::string> Hole; 26 27 IpTables(); 28 ~IpTables(); 29 30 // D-Bus methods. 31 bool PunchTcpHole(uint16_t in_port, const std::string& in_interface) override; 32 bool PunchUdpHole(uint16_t in_port, const std::string& in_interface) override; 33 bool PlugTcpHole(uint16_t in_port, const std::string& in_interface) override; 34 bool PlugUdpHole(uint16_t in_port, const std::string& in_interface) override; 35 36 protected: 37 // Test-only. 38 explicit IpTables(const std::string& path); 39 40 private: 41 friend class IpTablesTest; 42 43 bool PunchHole(uint16_t port, 44 const std::string& interface, 45 std::set<Hole>* holes, 46 enum ProtocolEnum protocol); 47 bool PlugHole(uint16_t port, 48 const std::string& interface, 49 std::set<Hole>* holes, 50 enum ProtocolEnum protocol); 51 52 void PlugAllHoles(); 53 54 bool AddAllowRule(enum ProtocolEnum protocol, 55 uint16_t port, 56 const std::string& interface); 57 bool DeleteAllowRule(enum ProtocolEnum protocol, 58 uint16_t port, 59 const std::string& interface); 60 61 std::string executable_path_; 62 63 // Keep track of firewall holes to avoid adding redundant firewall rules. 64 std::set<Hole> tcp_holes_; 65 std::set<Hole> udp_holes_; 66 67 DISALLOW_COPY_AND_ASSIGN(IpTables); 68}; 69 70} // namespace firewalld 71 72#endif // FIREWALLD_IPTABLES_H_ 73