我正在尝试使用 ubuntu 在 python 中实现一个模拟防火墙的应用程序 ofc 即时通讯使用终端执行代码 我尝试使用 netcat 来测试 tcp 和 udp 连接 我也尝试使用禁用的 IP ping 但仍然可以连接
from netfilterqueue import NetfilterQueue
from scapy.all import *
import time
import json
try:
f = open("firewallrules.json","r")
y = json.load(f)
f.close()
if("ListOfBannedIpAddr" in y):
if(type(y["ListOfBannedIpAddr"])==list):
ListOfBannedIpAddr = y["ListOfBannedIpAddr"]
else:
print("Invalid ListOfBannedIpAddr in rule file. Defaulting to []")
ListOfBannedIpAddr = []
else:
print("ListOfBannedIpAddr missing in rule file. Defaulting to []")
ListOfBannedIpAddr = []
if("ListOfBannedPorts" in y):
if(type(y["ListOfBannedPorts"])==list):
ListOfBannedPorts = y["ListOfBannedPorts"]
else:
print("Invalid ListOfBannedPorts in rule file. Defaulting to []")
ListOfBannedPorts = []
else:
print("ListOfBannedPorts missing in rule file. Defaulting to []")
ListOfBannedPorts = []
if("ListOfBannedPrefixes" in y):
if(type(y["ListOfBannedPrefixes"])==list):
ListOfBannedPrefixes = y["ListOfBannedPrefixes"]
else:
print("Invalid ListOfBannedPrefixes in rule file. Defaulting to []")
ListOfBannedPrefixes = []
else:
print("ListOfBannedPrefixes missing in rule file. Defaulting to []")
ListOfBannedPrefixes = []
if("TimeThreshold" in y):
if(type(y["TimeThreshold"])==int):
TimeThreshold = y["TimeThreshold"]
else:
print("Invalid TimeThreshold in rule file. Defaulting to 10")
TimeThreshold = 10
else:
print("TimeThreshold missing in rule file. Defaulting to 10")
TimeThreshold = 10
if("PacketThreshold" in y):
if(type(y["PacketThreshold"])==int):
PacketThreshold = y["PacketThreshold"]
else:
print("Invalid PacketThreshold in rule file. Defaulting to 100")
PacketThreshold = 100
else:
print("PacketThreshold missing in rule file. Defaulting to 100")
PacketThreshold = 100
if("BlockPingAttacks" in y):
if(y["BlockPingAttacks"]=="True" or y["BlockPingAttacks"]=="False"):
BlockPingAttacks = eval(y["BlockPingAttacks"])
else:
print("Invalid BlockPingAttacks in rule file. Defaulting to True")
BlockPingAttacks = True
else:
print("BlockPingAttacks missing in rule file. Defaulting to True")
BlockPingAttacks = True
except FileNotFoundError:
print("Rule file (firewallrules.json) not found, setting default values")
ListOfBannedIpAddr = []
ListOfBannedPorts = []
ListOfBannedPrefixes = []
TimeThreshold = 10 #sec
PacketThreshold = 100
BlockPingAttacks = True
def firewall(pkt):
sca = IP(pkt.get_payload())
if(sca.src in ListOfBannedIpAddr):
print(sca.src, "is a incoming IP address that is banned by the firewall.")
pkt.drop()
return
if(sca.haslayer(TCP)):
t = sca.getlayer(TCP)
if(t.dport in ListOfBannedPorts):
print(t.dport, "is a destination port that is blocked by the firewall.")
pkt.drop()
return
if(sca.haslayer(UDP)):
t = sca.getlayer(UDP)
if(t.dport in ListOfBannedPorts):
print(t.dport, "is a destination port that is blocked by the firewall.")
pkt.drop()
return
if(True in [sca.src.find(suff)==0 for suff in ListOfBannedPrefixes]):
print("Prefix of " + sca.src + " is banned by the firewall.")
pkt.drop()
return
if(BlockPingAttacks and sca.haslayer(ICMP)): #attempt at preventing hping3
t = sca.getlayer(ICMP)
if(t.code==0):
if(sca.src in DictOfPackets):
temptime = list(DictOfPackets[sca.src])
if(len(DictOfPackets[sca.src]) >= PacketThreshold):
if(time.time()-DictOfPackets[sca.src][0] <= TimeThreshold):
print("Ping by %s blocked by the firewall (too many requests in short span of time)." %(sca.src))
pkt.drop()
return
else:
DictOfPackets[sca.src].pop(0)
DictOfPackets[sca.src].append(time.time())
else:
DictOfPackets[sca.src].append(time.time())
else:
DictOfPackets[sca.src] = [time.time()]
#print("Packet from %s accepted and forwarded to IPTABLES" %(sca.src))
pkt.accept()
return
#print("Packet from %s accepted and forwarded to IPTABLES" %(sca.src)) #commented coz its annoying
pkt.accept()
nfqueue = NetfilterQueue()
nfqueue.bind(1,firewall)
try:
nfqueue.run()
except KeyboardInterrupt:
pass
nfqueue.unbind()
© 2021 GitHub, Inc.
Terms
Privacy
Security
Status
Docs
Contact GitHub
Pricing
API
Training
Blog
About
规则在文件 firewallrules,jason 中定义
{
"ListOfBannedIpAddr": ["192.168.43.181", "192.168.43.182"],
"ListOfBannedPorts": [80, 81],
"ListOfBannedPrefixes": ["172."],
"TimeThreshold": 10,
"PacketThreshold": 100,
"BlockPingAttacks" : "True"
}
当我运行 python3 fw.py 时没有显示任何内容 请帮忙