修复iptc_add_rule("filter", "INPUT", IPPROTO_TCP, NULL, NULL, srcIp, 0, NULL, NULL, "DROP", NULL, 1); 参数src和dest写反的问题
修复int x_get_rule(const char *chain, struct xtc_handle *handle, char *ipv4);函数entry->ip.src写错
This commit is contained in:
parent
78ffb8d017
commit
969927106e
@ -10,9 +10,9 @@ int x_get_rule(const char *chain, struct xtc_handle *handle, char *ipv4)
|
|||||||
const char *t = iptc_get_target(entry, handle);
|
const char *t = iptc_get_target(entry, handle);
|
||||||
entry_match = (struct ipt_entry_match *)entry->elems;
|
entry_match = (struct ipt_entry_match *)entry->elems;
|
||||||
//printf("u.user.name: %s\n", entry_match->u.user.name);
|
//printf("u.user.name: %s\n", entry_match->u.user.name);
|
||||||
char addr[33];
|
char addr[64];
|
||||||
memset(addr, 0, 33);
|
memset(addr, 0, 64);
|
||||||
inet_ntop(AF_INET, &(entry->ip.dst), addr, sizeof(addr));
|
inet_ntop(AF_INET, &(entry->ip.src), addr, sizeof(addr));
|
||||||
//printf("%s\n", addr);
|
//printf("%s\n", addr);
|
||||||
//printf("%s\n", t);
|
//printf("%s\n", t);
|
||||||
if (0 == strcmp(ipv4, addr) && 0 == strcmp(t, "DROP") && 0 == strcmp(entry_match->u.user.name, "tcp")) {
|
if (0 == strcmp(ipv4, addr) && 0 == strcmp(t, "DROP") && 0 == strcmp(entry_match->u.user.name, "tcp")) {
|
||||||
@ -68,6 +68,7 @@ static void parse_ports(const char *portstring, u_int16_t * ports)
|
|||||||
ports[0] = buffer[0] ? parse_port(buffer) : 0;
|
ports[0] = buffer[0] ? parse_port(buffer) : 0;
|
||||||
ports[1] = cp[0] ? parse_port(cp) : 0xFFFF;
|
ports[1] = cp[0] ? parse_port(cp) : 0xFFFF;
|
||||||
}
|
}
|
||||||
|
|
||||||
free(buffer);
|
free(buffer);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
30
rhost.c
30
rhost.c
@ -307,9 +307,9 @@ int rule(conf * conf)
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
// libiptc 库插入规则 iptables -t filter -A INPUT -p tcp -s xxxx -j DROP
|
// libiptc 库插入规则 iptables -t filter -A INPUT -p tcp -s xxxx -j DROP
|
||||||
unsigned int destIp;
|
unsigned int srcIp;
|
||||||
inet_pton(AF_INET, buffer, &destIp);
|
inet_pton(AF_INET, buffer, &srcIp);
|
||||||
iptc_add_rule("filter", "INPUT", IPPROTO_TCP, NULL, NULL, 0, destIp, NULL, NULL, "DROP", NULL, 1);
|
iptc_add_rule("filter", "INPUT", IPPROTO_TCP, NULL, NULL, srcIp, 0, NULL, NULL, "DROP", NULL, 1);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -334,10 +334,32 @@ static void sig_child(int signo)
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static int get_executable_path(char *processdir, char *processname, int len)
|
||||||
|
{
|
||||||
|
char *filename;
|
||||||
|
if (readlink("/proc/self/exe", processdir, len) <= 0)
|
||||||
|
return -1;
|
||||||
|
filename = strrchr(processdir, '/');
|
||||||
|
if (filename == NULL)
|
||||||
|
return -1;
|
||||||
|
++filename;
|
||||||
|
strcpy(processname, filename);
|
||||||
|
*filename = '\0';
|
||||||
|
return (int)(filename - processdir);
|
||||||
|
}
|
||||||
|
|
||||||
int main(int argc, char *argv[], char **env)
|
int main(int argc, char *argv[], char **env)
|
||||||
{
|
{
|
||||||
|
char path[BUFFER] = { 0 };
|
||||||
|
char executable_filename[BUFFER] = { 0 };
|
||||||
|
(void)get_executable_path(path, executable_filename, sizeof(path));
|
||||||
|
|
||||||
|
strcat(executable_filename, ".conf");
|
||||||
|
strcat(path, executable_filename);
|
||||||
|
|
||||||
|
|
||||||
conf *conf = (struct CONF *)malloc(sizeof(struct CONF));
|
conf *conf = (struct CONF *)malloc(sizeof(struct CONF));
|
||||||
read_conf("rhost.conf", conf);
|
read_conf(path, conf);
|
||||||
//ptintf_conf(conf);
|
//ptintf_conf(conf);
|
||||||
|
|
||||||
// 新版本获取公网IP
|
// 新版本获取公网IP
|
||||||
|
Loading…
Reference in New Issue
Block a user