profxadke
/
captive.whump.shanti-portal
mirror of https://codeberg.org/prof_x_pvt_ltd/captive.whump.shanti-portal
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Reworked iptables plugin. 

Now trying to use just one command instead, with two possible arguments.
If arguments are missing ensure that empty strings are passed in with
quotes.
This commit is contained in:
Stefan Midjich 2016-12-08 14:57:30 +01:00
parent 0ff80fb629
commit c91a969b27
2 changed files with 11 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
plugins.cfg
View File

@ -13,13 +13,11 @@ mandatory = True
enabled = False
debug = True
# If you know you won't be able to get the clients HW address then use this.
use_mac = False
# Command templates for arping and iptables.
# Arping might block so make sure you use a timeout and limit the number of
# packets it sends.
arping = -f -c 1 -w 30 -I eth0 {ip_address}
iptables_mac = -t mangle -I internet 1 -m mac --mac-source {mac_address} -j RETURN
iptables_ip = -t mangle -I internet 1 -m tcp -p tcp --source {ip_address} -j RETURN
# This is a command to run to create iptables rules. Two arguments are
# passed and replace these two placeholders.
iptables_cmd = /usr/local/sbin/cp_iptables.sh "{ip_address}" "{mac_address}"

56
plugins/iptables.py
View File

@ -77,58 +77,17 @@ def run(arg):
error_msg = str(e)
pass
# If HW address was found, use it now.
if client_mac and config.getboolean('iptables', 'use_mac'):
l.debug('Found client HW address: {hw}'.format(
hw=client_mac
))
# Create tuple out of iptables command
iptables_mac = config.get('iptables', 'iptables_mac').format(
if client_ip:
iptables_cmd = config.get('iptables', 'iptables_cmd').format(
ip_address=client_ip,
mac_address=client_mac
)
iptables_mac = tuple(iptables_mac.split(' '))
output = BytesIO()
error = BytesIO()
try:
rc = sudo(iptables_mac, _out=output, _err=error)
if rc.exit_code == 0:
l.debug('Created iptables MAC rule successfully')
except ErrorReturnCode:
error.seek(0)
error_msg = error.read()
l.warn('{cmd}: exited badly: {error}'.format(
cmd=('iptables', iptables_mac),
error=error_msg
))
iptables_failed = True
pass
except Exception as e:
l.warn('{cmd}: failed: {error}'.format(
cmd=('iptables', iptables_mac),
error=str(e)
))
error_msg = str(e)
iptables_failed = True
pass
# Fallback on IP if HW address fails
if client_ip:
l.debug('Using client IP: {ip}'.format(
ip=client_ip
))
iptables_ip = config.get('iptables', 'iptables_ip').format(
ip_address=client_ip
)
iptables_ip = tuple(iptables_ip.split(' '))
output = BytesIO()
error = BytesIO()
try:
rc = sudo(iptables_ip, _out=output, _err=error)
# The two arguments must not contain spaces of course.
rc = sudo(tuple(iptables_cmd.split(' ')), _out=output, _err=error)
if rc.exit_code == 0:
l.debug('Created iptables IP rule successfully')
@ -136,14 +95,14 @@ def run(arg):
error.seek(0)
error_msg = error.read()
l.warn('{cmd}: exited badly: {error}'.format(
cmd=('iptables', iptables_ip),
cmd=('iptables', iptables_cmd),
error=error_msg
))
iptables_failed = True
pass
except Exception as e:
l.warn('{cmd}: failed: {error}'.format(
cmd=('iptables', iptables_ip),
cmd=('iptables', iptables_cmd),
error=str(e)
))
error_msg = str(e)
@ -182,3 +141,4 @@ def mac_from_ip(l, arping_args, ip):
if line.startswith(line_start):
m = re.search('(([0-9A-Fa-f]{2}[:]){5}([0-9A-Fa-f]{2}))', line)
if m: return m.group(0)