Package: LinuxFirewall

LinuxFirewall

nameinstructionbranchcomplexitylinemethod
LinuxFirewall(CommandExecutorService)
M: 46 C: 0
0%
M: 2 C: 0
0%
M: 2 C: 0
0%
M: 15 C: 0
0%
M: 1 C: 0
0%
addAutoNatRules(List)
M: 6 C: 0
0%
M: 0 C: 0
100%
M: 1 C: 0
0%
M: 2 C: 0
0%
M: 1 C: 0
0%
addLocalRule(int, String, String, String, String, String, String, String)
M: 70 C: 0
0%
M: 4 C: 0
0%
M: 3 C: 0
0%
M: 17 C: 0
0%
M: 1 C: 0
0%
addLocalRules(List)
M: 67 C: 0
0%
M: 10 C: 0
0%
M: 6 C: 0
0%
M: 18 C: 0
0%
M: 1 C: 0
0%
addNatRule(String, String, String, String, String, boolean)
M: 50 C: 0
0%
M: 8 C: 0
0%
M: 5 C: 0
0%
M: 14 C: 0
0%
M: 1 C: 0
0%
addNatRule(String, String, boolean)
M: 47 C: 0
0%
M: 8 C: 0
0%
M: 5 C: 0
0%
M: 13 C: 0
0%
M: 1 C: 0
0%
addNatRules(List)
M: 6 C: 0
0%
M: 0 C: 0
100%
M: 1 C: 0
0%
M: 2 C: 0
0%
M: 1 C: 0
0%
addNatRules(List, Set)
M: 68 C: 0
0%
M: 10 C: 0
0%
M: 6 C: 0
0%
M: 19 C: 0
0%
M: 1 C: 0
0%
addPortForwardRule(String, String, String, String, int, int, boolean, String, String, String, String)
M: 56 C: 0
0%
M: 2 C: 0
0%
M: 2 C: 0
0%
M: 13 C: 0
0%
M: 1 C: 0
0%
addPortForwardRules(List)
M: 70 C: 0
0%
M: 10 C: 0
0%
M: 6 C: 0
0%
M: 19 C: 0
0%
M: 1 C: 0
0%
allowIcmp()
M: 4 C: 0
0%
M: 0 C: 0
100%
M: 1 C: 0
0%
M: 2 C: 0
0%
M: 1 C: 0
0%
applyRules()
M: 55 C: 0
0%
M: 12 C: 0
0%
M: 7 C: 0
0%
M: 12 C: 0
0%
M: 1 C: 0
0%
blockAllPorts()
M: 9 C: 0
0%
M: 0 C: 0
100%
M: 1 C: 0
0%
M: 5 C: 0
0%
M: 1 C: 0
0%
deleteAllAutoNatRules()
M: 33 C: 0
0%
M: 8 C: 0
0%
M: 5 C: 0
0%
M: 8 C: 0
0%
M: 1 C: 0
0%
deleteAllLocalRules()
M: 16 C: 0
0%
M: 0 C: 0
100%
M: 1 C: 0
0%
M: 5 C: 0
0%
M: 1 C: 0
0%
deleteAllNatRules()
M: 33 C: 0
0%
M: 8 C: 0
0%
M: 5 C: 0
0%
M: 8 C: 0
0%
M: 1 C: 0
0%
deleteAllPortForwardRules()
M: 33 C: 0
0%
M: 8 C: 0
0%
M: 5 C: 0
0%
M: 8 C: 0
0%
M: 1 C: 0
0%
deleteAutoNatRule(NATRule)
M: 43 C: 0
0%
M: 12 C: 0
0%
M: 7 C: 0
0%
M: 10 C: 0
0%
M: 1 C: 0
0%
deleteLocalRule(LocalRule)
M: 18 C: 0
0%
M: 0 C: 0
100%
M: 1 C: 0
0%
M: 5 C: 0
0%
M: 1 C: 0
0%
deletePortForwardRule(PortForwardRule)
M: 43 C: 0
0%
M: 12 C: 0
0%
M: 7 C: 0
0%
M: 10 C: 0
0%
M: 1 C: 0
0%
disable()
M: 4 C: 0
0%
M: 0 C: 0
100%
M: 1 C: 0
0%
M: 2 C: 0
0%
M: 1 C: 0
0%
disableForwarding()
M: 4 C: 0
0%
M: 0 C: 0
100%
M: 1 C: 0
0%
M: 2 C: 0
0%
M: 1 C: 0
0%
disableIcmp()
M: 4 C: 0
0%
M: 0 C: 0
100%
M: 1 C: 0
0%
M: 2 C: 0
0%
M: 1 C: 0
0%
enable()
M: 3 C: 0
0%
M: 0 C: 0
100%
M: 1 C: 0
0%
M: 2 C: 0
0%
M: 1 C: 0
0%
enableForwarding()
M: 4 C: 0
0%
M: 0 C: 0
100%
M: 1 C: 0
0%
M: 2 C: 0
0%
M: 1 C: 0
0%
enableForwarding(boolean)
M: 28 C: 0
0%
M: 2 C: 0
0%
M: 2 C: 0
0%
M: 8 C: 0
0%
M: 1 C: 0
0%
getAutoNatRules()
M: 12 C: 0
0%
M: 0 C: 0
100%
M: 1 C: 0
0%
M: 3 C: 0
0%
M: 1 C: 0
0%
getLocalRules()
M: 12 C: 0
0%
M: 0 C: 0
100%
M: 1 C: 0
0%
M: 3 C: 0
0%
M: 1 C: 0
0%
getNatRules()
M: 12 C: 0
0%
M: 0 C: 0
100%
M: 1 C: 0
0%
M: 3 C: 0
0%
M: 1 C: 0
0%
getPortForwardRules()
M: 12 C: 0
0%
M: 0 C: 0
100%
M: 1 C: 0
0%
M: 3 C: 0
0%
M: 1 C: 0
0%
initialize()
M: 36 C: 0
0%
M: 0 C: 0
100%
M: 1 C: 0
0%
M: 10 C: 0
0%
M: 1 C: 0
0%
replaceAllNatRules(Set)
M: 44 C: 0
0%
M: 12 C: 0
0%
M: 7 C: 0
0%
M: 11 C: 0
0%
M: 1 C: 0
0%
runCustomFirewallScript()
M: 43 C: 0
0%
M: 4 C: 0
0%
M: 3 C: 0
0%
M: 8 C: 0
0%
M: 1 C: 0
0%
static {...}
M: 8 C: 0
0%
M: 0 C: 0
100%
M: 1 C: 0
0%
M: 3 C: 0
0%
M: 1 C: 0
0%
unblockAllPorts()
M: 9 C: 0
0%
M: 0 C: 0
100%
M: 1 C: 0
0%
M: 5 C: 0
0%
M: 1 C: 0
0%
update()
M: 13 C: 0
0%
M: 0 C: 0
100%
M: 1 C: 0
0%
M: 4 C: 0
0%
M: 1 C: 0
0%

Coverage

1: /*******************************************************************************
2: * Copyright (c) 2011, 2019 Eurotech and/or its affiliates
3: *
4: * All rights reserved. This program and the accompanying materials
5: * are made available under the terms of the Eclipse Public License v1.0
6: * which accompanies this distribution, and is available at
7: * http://www.eclipse.org/legal/epl-v10.html
8: *
9: * Contributors:
10: * Eurotech
11: *******************************************************************************/
12: package org.eclipse.kura.linux.net.iptables;
13:
14: import java.io.File;
15: import java.io.FileWriter;
16: import java.util.ArrayList;
17: import java.util.List;
18: import java.util.Set;
19:
20: import org.eclipse.kura.KuraErrorCode;
21: import org.eclipse.kura.KuraException;
22: import org.eclipse.kura.KuraProcessExecutionErrorException;
23: import org.eclipse.kura.executor.Command;
24: import org.eclipse.kura.executor.CommandExecutorService;
25: import org.eclipse.kura.executor.CommandStatus;
26: import org.eclipse.kura.net.IP4Address;
27: import org.eclipse.kura.net.IPAddress;
28: import org.eclipse.kura.net.NetworkPair;
29: import org.slf4j.Logger;
30: import org.slf4j.LoggerFactory;
31:
32: /**
33: * Linux firewall implementation
34: *
35: * @author eurotech
36: */
37: public class LinuxFirewall {
38:
39: private static final Logger logger = LoggerFactory.getLogger(LinuxFirewall.class);
40:
41: private static Object lock = new Object();
42:
43: private static final String IP_FORWARD_FILE_NAME = "/proc/sys/net/ipv4/ip_forward";
44: private static final String FIREWALL_CONFIG_FILE_NAME = "/etc/sysconfig/iptables";
45: private static final String CUSTOM_FIREWALL_SCRIPT_NAME = "/etc/init.d/firewall_cust";
46:
47: private Set<LocalRule> localRules;
48: private Set<PortForwardRule> portForwardRules;
49: private Set<NATRule> autoNatRules;
50: private Set<NATRule> natRules;
51: private boolean allowIcmp;
52: private boolean allowForwarding;
53: private final IptablesConfig iptables;
54: private final CommandExecutorService executorService;
55:
56: public LinuxFirewall(CommandExecutorService executorService) {
57: this.executorService = executorService;
58: this.iptables = new IptablesConfig(this.executorService);
59: try {
60: File cfgFile = new File(FIREWALL_CONFIG_FILE_NAME);
61:• if (!cfgFile.exists()) {
62: this.iptables.applyBlockPolicy();
63: this.iptables.save();
64: } else {
65: logger.debug("{} file already exists", cfgFile);
66: }
67: } catch (Exception e) {
68: logger.error("cannot create or read file", e);// File did not exist and was created
69: }
70: try {
71: initialize();
72: } catch (KuraException e) {
73: logger.error("failed to initialize LinuxFirewall", e);
74: }
75: }
76:
77: public void initialize() throws KuraException {
78: logger.debug("initialize() :: initializing firewall ...");
79: this.iptables.restore();
80: this.localRules = this.iptables.getLocalRules();
81: this.portForwardRules = this.iptables.getPortForwardRules();
82: this.autoNatRules = this.iptables.getAutoNatRules();
83: this.natRules = this.iptables.getNatRules();
84: this.allowIcmp = true;
85: this.allowForwarding = false;
86: logger.debug("initialize() :: Parsing current firewall configuraion");
87: }
88:
89: public void addLocalRule(int port, String protocol, String permittedNetwork, String permittedNetworkPrefix,
90: String permittedInterfaceName, String unpermittedInterfaceName, String permittedMAC, String sourcePortRange)
91: throws KuraException {
92: try {
93: LocalRule newLocalRule;
94:• if (permittedNetwork != null && permittedNetworkPrefix != null) {
95: logger.debug("permittedNetwork: {}", permittedNetwork);
96: logger.debug("permittedNetworkPrefix: {}", permittedNetworkPrefix);
97:
98: newLocalRule = new LocalRule(port, protocol,
99: new NetworkPair<>((IP4Address) IPAddress.parseHostAddress(permittedNetwork),
100: Short.parseShort(permittedNetworkPrefix)),
101: permittedInterfaceName, unpermittedInterfaceName, permittedMAC, sourcePortRange);
102: } else {
103: newLocalRule = new LocalRule(port, protocol,
104: new NetworkPair<>((IP4Address) IPAddress.parseHostAddress("0.0.0.0"), (short) 0),
105: permittedInterfaceName, permittedInterfaceName, permittedMAC, sourcePortRange);
106: }
107:
108: ArrayList<LocalRule> locRules = new ArrayList<>();
109: locRules.add(newLocalRule);
110: addLocalRules(locRules);
111: } catch (Exception e) {
112: throw new KuraException(KuraErrorCode.INTERNAL_ERROR, e);
113: }
114: }
115:
116: public void addLocalRules(List<LocalRule> newLocalRules) throws KuraException {
117: try {
118: boolean doUpdate = false;
119:• for (LocalRule newLocalRule : newLocalRules) {
120: // make sure it is not already present
121: boolean addRule = true;
122:• for (LocalRule localRule : this.localRules) {
123:• if (newLocalRule.equals(localRule)) {
124: addRule = false;
125: break;
126: }
127: }
128:• if (addRule) {
129: logger.info("Adding local rule to firewall configuration: {}", newLocalRule);
130: this.localRules.add(newLocalRule);
131: doUpdate = true;
132: } else {
133: logger.warn("Not adding local rule that is already present: {}", newLocalRule);
134: }
135: }
136:• if (doUpdate) {
137: update();
138: }
139: } catch (Exception e) {
140: throw new KuraException(KuraErrorCode.INTERNAL_ERROR, e);
141: }
142: }
143:
144: public void addPortForwardRule(String inboundIface, String outboundIface, String address, String protocol,
145: int inPort, int outPort, boolean masquerade, String permittedNetwork, String permittedNetworkPrefix,
146: String permittedMAC, String sourcePortRange) throws KuraException {
147: try {
148: PortForwardRule newPortForwardRule;
149:• if (permittedNetworkPrefix != null) {
150: newPortForwardRule = new PortForwardRule(inboundIface, outboundIface, address, protocol, inPort,
151: outPort, masquerade, permittedNetwork, Short.parseShort(permittedNetworkPrefix), permittedMAC,
152: sourcePortRange);
153: } else {
154: newPortForwardRule = new PortForwardRule(inboundIface, outboundIface, address, protocol, inPort,
155: outPort, masquerade, permittedNetwork, -1, permittedMAC, sourcePortRange);
156: }
157:
158: ArrayList<PortForwardRule> portFwdRules = new ArrayList<>();
159: portFwdRules.add(newPortForwardRule);
160: addPortForwardRules(portFwdRules);
161: } catch (Exception e) {
162: throw new KuraException(KuraErrorCode.INTERNAL_ERROR, e);
163: }
164: }
165:
166: public void addPortForwardRules(List<PortForwardRule> newPortForwardRules) throws KuraException {
167: try {
168: boolean doUpdate = false;
169:• for (PortForwardRule newPortForwardRule : newPortForwardRules) {
170: // make sure it is not already present
171: boolean addRule = true;
172:• for (PortForwardRule portForwardRule : this.portForwardRules) {
173:• if (newPortForwardRule.equals(portForwardRule)) {
174: addRule = false;
175: break;
176: }
177: }
178:• if (addRule) {
179: logger.info("Adding port forward rule to firewall configuration: {}", newPortForwardRule);
180: this.portForwardRules.add(newPortForwardRule);
181: doUpdate = true;
182: } else {
183: logger.warn("Not adding port forward rule that is already present: {}", newPortForwardRule);
184: }
185: }
186:• if (doUpdate) {
187: this.allowForwarding = true;
188: update();
189: }
190: } catch (Exception e) {
191: throw new KuraException(KuraErrorCode.INTERNAL_ERROR, e);
192: }
193: }
194:
195: /**
196: * Adds automatic NAT rule
197: *
198: * @param sourceInterface
199: * @param destinationInterface
200: * @param masquerade
201: * @throws EsfException
202: */
203: public void addNatRule(String sourceInterface, String destinationInterface, boolean masquerade)
204: throws KuraException {
205: try {
206:• if (sourceInterface == null || sourceInterface.isEmpty()) {
207: logger.warn("Can't add auto NAT rule - source interface not specified");
208: return;
209:• } else if (destinationInterface == null || destinationInterface.isEmpty()) {
210: logger.warn("Can't add auto NAT rule - destination interface not specified");
211: return;
212: }
213:
214: NATRule newNatRule = new NATRule(sourceInterface, destinationInterface, masquerade);
215: ArrayList<NATRule> natRuleList = new ArrayList<>();
216: natRuleList.add(newNatRule);
217: addAutoNatRules(natRuleList);
218: } catch (Exception e) {
219: throw new KuraException(KuraErrorCode.INTERNAL_ERROR, e);
220: }
221: }
222:
223: /**
224: * Adds NAT Rule
225: *
226: * @param sourceInterface
227: * @param destinationInterface
228: * @param protocol
229: * @param source
230: * @param destination
231: * @param masquerade
232: * @throws EsfException
233: */
234: public void addNatRule(String sourceInterface, String destinationInterface, String protocol, String source,
235: String destination, boolean masquerade) throws KuraException {
236:
237: try {
238:• if (sourceInterface == null || sourceInterface.isEmpty()) {
239: logger.warn("Can't add NAT rule - source interface not specified");
240: return;
241:• } else if (destinationInterface == null || destinationInterface.isEmpty()) {
242: logger.warn("Can't add NAT rule - destination interface not specified");
243: return;
244: }
245:
246: NATRule newNatRule = new NATRule(sourceInterface, destinationInterface, protocol, source, destination,
247: masquerade);
248:
249: ArrayList<NATRule> natRuleList = new ArrayList<>();
250: natRuleList.add(newNatRule);
251: addNatRules(natRuleList);
252: } catch (Exception e) {
253: throw new KuraException(KuraErrorCode.INTERNAL_ERROR, e);
254: }
255: }
256:
257: public void addAutoNatRules(List<NATRule> newNatRules) throws KuraException {
258: addNatRules(newNatRules, this.autoNatRules);
259: }
260:
261: public void addNatRules(List<NATRule> newNatRules) throws KuraException {
262: addNatRules(newNatRules, this.natRules);
263: }
264:
265: private void addNatRules(List<NATRule> newNatRules, Set<NATRule> rules) throws KuraException {
266: try {
267: boolean doUpdate = false;
268:• for (NATRule newNatRule : newNatRules) {
269: // make sure it is not already present
270: boolean addRule = true;
271:• for (NATRule natRule : rules) {
272:• if (newNatRule.equals(natRule)) {
273: addRule = false;
274: break;
275: }
276: }
277:• if (addRule) {
278: logger.info("Adding auto NAT rule to firewall configuration: {}", newNatRule);
279: rules.add(newNatRule);
280: doUpdate = true;
281: } else {
282: logger.warn("Not adding auto nat rule that is already present: {}", newNatRule);
283: }
284: }
285:• if (doUpdate) {
286: this.allowForwarding = true;
287: update();
288: }
289: } catch (Exception e) {
290: throw new KuraException(KuraErrorCode.INTERNAL_ERROR, e);
291: }
292: }
293:
294: public Set<LocalRule> getLocalRules() throws KuraException {
295: try {
296: return this.localRules;
297: } catch (Exception e) {
298: throw new KuraException(KuraErrorCode.INTERNAL_ERROR, e);
299: }
300: }
301:
302: public Set<PortForwardRule> getPortForwardRules() throws KuraException {
303: try {
304: return this.portForwardRules;
305: } catch (Exception e) {
306: throw new KuraException(KuraErrorCode.INTERNAL_ERROR, e);
307: }
308: }
309:
310: public Set<NATRule> getAutoNatRules() throws KuraException {
311: try {
312: return this.autoNatRules;
313: } catch (Exception e) {
314: throw new KuraException(KuraErrorCode.INTERNAL_ERROR, e);
315: }
316: }
317:
318: public Set<NATRule> getNatRules() throws KuraException {
319: try {
320: return this.natRules;
321: } catch (Exception e) {
322: throw new KuraException(KuraErrorCode.INTERNAL_ERROR, e);
323: }
324: }
325:
326: public void deleteLocalRule(LocalRule rule) throws KuraException {
327: try {
328: this.localRules.remove(rule);
329: update();
330: } catch (Exception e) {
331: throw new KuraException(KuraErrorCode.INTERNAL_ERROR, e);
332: }
333: }
334:
335: public void deletePortForwardRule(PortForwardRule rule) throws KuraException {
336:• if (this.portForwardRules == null) {
337: return;
338: }
339: try {
340: this.portForwardRules.remove(rule);
341:• if (this.autoNatRules != null && this.autoNatRules.isEmpty() && this.natRules != null
342:• && this.natRules.isEmpty() && this.portForwardRules.isEmpty()) {
343:
344: this.allowForwarding = false;
345: }
346: update();
347: } catch (Exception e) {
348: throw new KuraException(KuraErrorCode.INTERNAL_ERROR, e);
349: }
350: }
351:
352: public void deleteAutoNatRule(NATRule rule) throws KuraException {
353:• if (this.autoNatRules == null) {
354: return;
355: }
356: try {
357: this.autoNatRules.remove(rule);
358:• if (this.autoNatRules.isEmpty() && this.natRules != null && this.natRules.isEmpty()
359:• && this.portForwardRules != null && this.portForwardRules.isEmpty()) {
360:
361: this.allowForwarding = false;
362: }
363: update();
364: } catch (Exception e) {
365: throw new KuraException(KuraErrorCode.INTERNAL_ERROR, e);
366: }
367: }
368:
369: public void deleteAllLocalRules() throws KuraException {
370: try {
371: this.localRules.clear();
372: update();
373: } catch (Exception e) {
374: throw new KuraException(KuraErrorCode.INTERNAL_ERROR, e);
375: }
376: }
377:
378: public void deleteAllPortForwardRules() throws KuraException {
379: try {
380: this.portForwardRules.clear();
381:• if (this.autoNatRules != null && this.autoNatRules.isEmpty() && this.natRules != null
382:• && this.natRules.isEmpty()) {
383:
384: this.allowForwarding = false;
385: }
386: update();
387: } catch (Exception e) {
388: throw new KuraException(KuraErrorCode.INTERNAL_ERROR, e);
389: }
390: }
391:
392: public void replaceAllNatRules(Set<NATRule> newNatRules) throws KuraException {
393: try {
394: this.autoNatRules = newNatRules;
395:• if (this.autoNatRules != null && !this.autoNatRules.isEmpty()
396:• || this.natRules != null && !this.natRules.isEmpty()
397:• || this.portForwardRules != null && !this.portForwardRules.isEmpty()) {
398: this.allowForwarding = true;
399: } else {
400: this.allowForwarding = false;
401: }
402: update();
403: } catch (Exception e) {
404: throw new KuraException(KuraErrorCode.INTERNAL_ERROR, e);
405: }
406: }
407:
408: public void deleteAllAutoNatRules() throws KuraException {
409: try {
410: this.autoNatRules.clear();
411:• if (this.natRules != null && this.natRules.isEmpty() && this.portForwardRules != null
412:• && this.portForwardRules.isEmpty()) {
413:
414: this.allowForwarding = false;
415: }
416: update();
417: } catch (Exception e) {
418: throw new KuraException(KuraErrorCode.INTERNAL_ERROR, e);
419: }
420: }
421:
422: public void deleteAllNatRules() throws KuraException {
423: try {
424: this.natRules.clear();
425:• if (this.autoNatRules != null && this.autoNatRules.isEmpty() && this.portForwardRules != null
426:• && this.portForwardRules.isEmpty()) {
427: this.allowForwarding = false;
428: }
429: update();
430: } catch (KuraException e) {
431: throw new KuraException(KuraErrorCode.INTERNAL_ERROR, e);
432: }
433: }
434:
435: public void blockAllPorts() throws KuraException {
436: deleteAllLocalRules();
437: deleteAllPortForwardRules();
438: deleteAllAutoNatRules();
439: update();
440: }
441:
442: public void unblockAllPorts() throws KuraException {
443: deleteAllLocalRules();
444: deleteAllPortForwardRules();
445: deleteAllAutoNatRules();
446: update();
447: }
448:
449: private void applyRules() throws KuraException {
450:• if (this.portForwardRules != null && !this.portForwardRules.isEmpty()
451:• || this.autoNatRules != null && !this.autoNatRules.isEmpty()
452:• || this.natRules != null && !this.natRules.isEmpty()) {
453: this.allowForwarding = true;
454: }
455: IptablesConfig newIptables = new IptablesConfig(this.localRules, this.portForwardRules, this.autoNatRules,
456: this.natRules, this.allowIcmp, this.executorService);
457: newIptables.save(IptablesConfig.FIREWALL_TMP_CONFIG_FILE_NAME);
458: newIptables.restore(IptablesConfig.FIREWALL_TMP_CONFIG_FILE_NAME);
459: logger.debug("Managing port forwarding...");
460: enableForwarding(this.allowForwarding);
461: runCustomFirewallScript();
462: }
463:
464: private static void enableForwarding(boolean allow) throws KuraException {
465: try (FileWriter fw = new FileWriter(IP_FORWARD_FILE_NAME)) {
466:• if (allow) {
467: fw.write('1');
468: } else {
469: fw.write('0');
470: }
471: } catch (Exception e) {
472: throw new KuraException(KuraErrorCode.INTERNAL_ERROR, e);
473: }
474: }
475:
476: /*
477: * Runs custom firewall script
478: */
479: private void runCustomFirewallScript() throws KuraException {
480: File file = new File(CUSTOM_FIREWALL_SCRIPT_NAME);
481:• if (file.exists()) {
482: logger.info("Running custom firewall script - {}", CUSTOM_FIREWALL_SCRIPT_NAME);
483: Command command = new Command(new String[] { "sh", CUSTOM_FIREWALL_SCRIPT_NAME });
484: CommandStatus status = this.executorService.execute(command);
485:• if ((Integer) status.getExitStatus().getExitValue() != 0) {
486: throw new KuraProcessExecutionErrorException("Failed to apply custom firewall script");
487: }
488: }
489:
490: }
491:
492: public void enable() throws KuraException {
493: update();
494: }
495:
496: public void disable() throws KuraException {
497: this.iptables.clearAllChains();
498: }
499:
500: public void allowIcmp() {
501: this.allowIcmp = true;
502: }
503:
504: public void disableIcmp() {
505: this.allowIcmp = false;
506: }
507:
508: public void enableForwarding() {
509: this.allowForwarding = true;
510: }
511:
512: public void disableForwarding() {
513: this.allowForwarding = false;
514: }
515:
516: private void update() throws KuraException {
517: synchronized (lock) {
518: applyRules();
519: this.iptables.save();
520: }
521: }
522: }