iptables联网管理

最新推荐文章于 2024-03-24 23:27:04 发布

justwyy

最新推荐文章于 2024-03-24 23:27:04 发布

阅读量161

点赞数

分类专栏： android开发问题2

本文链接：https://blog.youkuaiyun.com/justwyy/article/details/84430549

版权

android开发问题2 专栏收录该内容

56 篇文章

订阅专栏

http://bbs.hikemobile.com/thread-1644-1-1.html

http://5e76.net/show-2409.html

http://www.myexception.cn/open-source/429531.html

http://www.eoeandroid.com/thread-245052-1-1.html

http://blog.youkuaiyun.com/Zengyangtech/article/details/5579311

https://code.google.com/p/droidwall/

http://www.oschina.net/p/droidwall/similar_projects?lang=0&sort=view&p=16

http://smallnopoint.iteye.com/blog/1465138

private static boolean applyIptablesRulesImpl(Context ctx,
			List<Integer> uidsWifi, List<Integer> uids3g, boolean showErrors) {
		if (ctx == null) {
			return false;
		}
		assertBinaries(ctx, showErrors);
		final String ITFS_WIFI[] = { "tiwlan+", "wlan+", "eth+", "ra+", "mlan+" };
		final String ITFS_3G[] = { "rmnet+", "pdp+", "ppp+", "uwbr+", "wimax+",
				"vsnet+", "ccmni+", "usb+", "qmi+", "ccinet+" };

		final StringBuilder script = new StringBuilder();
		try {
			int code;
			script.append(String.format("export LD_LIBRARY_PATH=%s\n", System
					.getenv("LD_LIBRARY_PATH")));
			script.append(scriptHeader(ctx));

			script.append("" + "$IPTABLES --version\n"
					+ "# Create the DROIDWALL chains if necessary\n"
					+ "$IPTABLES --new DROIDWALL\n"
					+ "$IPTABLES --new DROIDWALL_MOBILE\n"
					+ "$IPTABLES --new DROIDWALL_WIFI\n"
					+ "$IPTABLES --new DROIDWALL_REJECT\n"
					+ "# Add DROIDWALL chain to OUTPUT chain if necessary\n"
					+ "$IPTABLES -D OUTPUT -j DROIDWALL\n"
					+ "$IPTABLES -I OUTPUT -j DROIDWALL\n"
					+ "$IPTABLES -F DROIDWALL || exit 7\n"
					+ "$IPTABLES -F DROIDWALL_MOBILE || exit 8\n"
					+ "$IPTABLES -F DROIDWALL_WIFI || exit 9\n"
					+ "$IPTABLES -F DROIDWALL_REJECT || exit 10\n" + "");
			script.append("" + "# Create the reject rule (log disabled)\n"
					+ "$IPTABLES -A DROIDWALL_REJECT -j REJECT || exit 11\n"
					+ "");
			script.append("# Main rules (per interface)\n");
			for (final String itf : ITFS_3G) {
				script.append("$IPTABLES -A DROIDWALL -o ").append(itf).append(
						" -j DROIDWALL_MOBILE || exit\n");
			}
			for (final String itf : ITFS_WIFI) {
				script.append("$IPTABLES -A DROIDWALL -o ").append(itf).append(
						" -j DROIDWALL_WIFI || exit\n");
			}

			script.append("# Filtering rules\n");
			final String targetRule = "DROIDWALL_REJECT";
			// final boolean any_3g = uids3g.indexOf(SPECIAL_UID_ANY) >= 0;
			// final boolean any_wifi = uidsWifi.indexOf(SPECIAL_UID_ANY) >= 0;

			if (any_3g) {
				script.append("$IPTABLES -A DROIDWALL_MOBILE -j ").append(
						targetRule).append(" || exit\n");
			} else {
				/* release/block individual applications on this interface */
				for (final Integer uid : uids3g) {
					if (uid >= 0)
						script
								.append(
										"$IPTABLES -A DROIDWALL_MOBILE -m owner --uid-owner ")
								.append(uid).append(" -j ").append(targetRule)
								.append(" || exit\n");
				}
			}
			if (any_wifi) {
				script.append("$IPTABLES -A DROIDWALL_WIFI -j ").append(
						targetRule).append(" || exit\n");
			} else {
				/* release/block individual applications on this interface */
				for (final Integer uid : uidsWifi) {
					if (uid >= 0)
						script
								.append(
										"$IPTABLES -A DROIDWALL_WIFI -m owner --uid-owner ")
								.append(uid).append(" -j ").append(targetRule)
								.append(" || exit\n");
				}
			}
			if (uids3g.indexOf(SPECIAL_UID_KERNEL) >= 0) {
				script.append("# hack to BLOCK kernel packets on black-list\n");
				script
						.append("$IPTABLES -A DROIDWALL_MOBILE -m owner --uid-owner 0:999999999 -j RETURN || exit\n");
				script
						.append("$IPTABLES -A DROIDWALL_MOBILE -j DROIDWALL_REJECT || exit\n");
			}
			if (uidsWifi.indexOf(SPECIAL_UID_KERNEL) >= 0) {
				script.append("# hack to BLOCK kernel packets on black-list\n");
				script
						.append("$IPTABLES -A DROIDWALL_WIFI -m owner --uid-owner 0:999999999 -j RETURN || exit\n");
				script
						.append("$IPTABLES -A DROIDWALL_WIFI -j DROIDWALL_REJECT || exit\n");
			}
			final StringBuilder res = new StringBuilder();
			code = runScriptAsRoot(ctx, script.toString(), res);
			if (showErrors && code != 0) {
				// String msg = res.toString();
				// Log.e("DroidWall", msg);
				// Remove unnecessary help message from output
				// if
				// (msg.indexOf("\nTry `iptables -h' or 'iptables --help' for more information.")
				// != -1) {
				// msg =
				// msg.replace("\nTry `iptables -h' or 'iptables --help' for more information.",
				// "");
				// }
				// alert(ctx, "Error applying iptables rules. Exit code: " +
				// code + "\n\n" + msg.trim());
				Toast.makeText(ctx,
						ctx.getString(R.string.kn_traffic_item_info_no_root),
						300).show();
				System.out.println("applyIptablesRulesImpl");
			} else {
				return true;
			}
		} catch (Exception e) {
			if (showErrors)
				Toast.makeText(ctx,
						ctx.getString(R.string.kn_traffic_item_info_no_root),
						300).show();
			System.out.println("applyIptablesRulesImpl");
		}
		return false;
	}