7.2 Iptables操作功能实现 Iptables操作功能主要包括:防火墙的关闭/启动/重启/清空规则链几项功能组成。上述几项功能的实现都是通过Java程序调用Linux系统的相关命令完成。如:关闭/启动/重启防火墙功能调用命令:serviceiptabels stop/start/restart;清空规则链调用命令:Iptables -F。 内容来自论文无忧网 www.paper51.com clean_up.jsp(完成清空规则命令)Java程序片段: http://www.paper51.com try paper51.com { //调用命令 copyright paper51.com ProcessP=Runtime.getRuntime().exec("Iptables -F"); paper51.com
P.waitFor(); http://www.paper51.com Process process =Runtime.getRuntime().exec ("Iptables-save"); copyright paper51.com
InputStreamReader ir=new InputStreamReader(process.getInputStream()); paper51.com LineNumberReader input = newLineNumberReader (ir); copyright paper51.com File tfile=new File("/boot/tmp");//备份文件 copyright paper51.com File sfile=new File("/etc/sysconfig/Iptables");//Iptables配置文件 paper51.com RandomAccessFile tmpfile=newRandomAccessFile(tfile,"rw"); copyright paper51.com sfile.delete(); http://www.paper51.com
tfile.createNewFile(); http://www.paper51.com while ((line = input.readLine ()) !=null) paper51.com
{//将命令的输出结果写入备份文件 paper51.com tmpfile.writeBytes(line); copyright paper51.com tmpfile.writeBytes("\n"); 内容来自论文无忧网 www.paper51.com
} copyright paper51.com
if(!(sfile.exists())) 内容来自论文无忧网 www.paper51.com { paper51.com sfile.createNewFile();//重新创建iptabels配置文件 http://www.paper51.com } copyright paper51.com
else{ paper51.com out.println("不能删除源文件!"); 内容来自www.paper51.com } 内容来自www.paper51.com tmpfile.seek(0); copyright paper51.com RandomAccessFile sourcefile; http://www.paper51.com sourcefile=newRandomAccessFile(sfile,"rw"); copyright paper51.com
while((tmpline=tmpfile.readLine())!=null) paper51.com
{ copyright paper51.com sourcefile.writeBytes(tmpline); http://www.paper51.com sourcefile.writeBytes("\r\n"); 内容来自www.paper51.com
} paper51.com tmpfile.close(); paper51.com sourcefile.close(); 内容来自论文无忧网 www.paper51.com tfile.delete();//删除备份文件 copyright paper51.com
out.println("规则已重置!"); 内容来自www.paper51.com } 内容来自论文无忧网 www.paper51.com catch (java.io.IOException e) 内容来自论文无忧网 www.paper51.com
{ copyright paper51.com System.err.println ("IOException " + e.getMessage()); http://www.paper51.com } http://www.paper51.com
7.3读取防火墙配置文件/规则链的实现 内容来自论文无忧网 www.paper51.com 读取防火墙配置文件/规则链是通过JavaBean来实现的,在相关的JSP程序中调用Java Bean实现上述功能。Java Bean可以减少系统的代码量,让页面和逻辑实现分离,有利于系统的维护。由于本系统涉及较多的文件读取操作,所以设计时用Java Bean可以减少代码量,缩短时间,提高效率。 内容来自论文无忧网 www.paper51.com ReadBean.java(读取文件并显示文件内容) http://www.paper51.com package Read; http://www.paper51.com import java.io.*; paper51.com import java.util.StringTokenizer; 内容来自www.paper51.com
public class ReadBean { http://www.paper51.com private String currentRecord =null; 内容来自www.paper51.com
private BufferedReader file; paper51.com private String path; 内容来自www.paper51.com
private StringTokenizer token; copyright paper51.com //创建文件对象 内容来自论文无忧网 www.paper51.com public ReadBean() { http://www.paper51.com file=new BufferedReader(newInputStreamReader(System.in),1); 内容来自www.paper51.com } 内容来自www.paper51.com
public ReadBean(String filePath) throwsFileNotFoundException { paper51.com path=filePath; 内容来自www.paper51.com file=new BufferedReader(newFileReader(path)); http://www.paper51.com } copyright paper51.com //设置文件路径 copyright paper51.com public void setPath(String filePath) { http://www.paper51.com
path=filePath; copyright paper51.com try { 内容来自www.paper51.com file=new BufferedReader(newFileReader(path)); http://www.paper51.com } catch (FileNotFoundException e) { paper51.com
System.out.println("file notfound"); paper51.com } 内容来自www.paper51.com } paper51.com //得到文件路径 内容来自www.paper51.com
public String getPath() { http://www.paper51.com
return path; copyright paper51.com } http://www.paper51.com //关闭文件 内容来自论文无忧网 www.paper51.com public void fileClose() throwsIOException { paper51.com file.close(); paper51.com } http://www.paper51.com //读取下一行记录,若没有则返回-1 copyright paper51.com public int nextRecord() { http://www.paper51.com
int returnInt=-1; copyright paper51.com
try { 内容来自论文无忧网 www.paper51.com currentRecord=file.readLine(); paper51.com } catch (IOException e) { paper51.com
System.out.println("readLineproblem,terminating."); 内容来自论文无忧网 www.paper51.com } 内容来自论文无忧网 www.paper51.com if (currentRecord==null) { http://www.paper51.com returnInt=-1; 内容来自www.paper51.com
} else { 内容来自www.paper51.com token=newStringTokenizer(currentRecord); 内容来自论文无忧网 www.paper51.com returnInt=token.countTokens(); http://www.paper51.com
} copyright paper51.com return returnInt; copyright paper51.com } 内容来自论文无忧网 www.paper51.com //以字符串的形式返回整个记录 内容来自论文无忧网 www.paper51.com public String returnRecord() { paper51.com
return currentRecord; http://www.paper51.com } copyright paper51.com } http://www.paper51.com 8开发中遇到的问题及解决办法 内容来自www.paper51.com 8.1所遇问题 内容来自www.paper51.com 在防火墙配置中,要求协议、源/目的端口不能同时为空;以及在用户输入规则时某几项可能为空,而配置文件中不能写入空值。 内容来自www.paper51.com 8.2解决办法 copyright paper51.com (1)协议、源/目的端口不能同时为空 内容来自论文无忧网 www.paper51.com
先对规则做出相关判断,不能满足条件则跳转到错误页面 copyright paper51.com lable[0]="-s "; copyright paper51.com
lable[1]="-d "; http://www.paper51.com lable[2]="-p "; 内容来自www.paper51.com lable[3]="--sport "; paper51.com
lable[4]="--dport"; 内容来自论文无忧网 www.paper51.com table=request.getParameter("chain_name"); paper51.com array[0]=request.getParameter("scrip"); copyright paper51.com
array[1]=request.getParameter("detip"); copyright paper51.com
array[2]=request.getParameter("protocol"); paper51.com array[3]=request.getParameter("scrport"); paper51.com array[4]=request.getParameter("detport"); 内容来自www.paper51.com action=request.getParameter("action"); http://www.paper51.com Booleanary2=array[2].equals(""),ary3=array[3].equals(""); http://www.paper51.com ary4=array[4].equals("");%> http://www.paper51.com
//判断协议、源/目的端口是否为空 内容来自论文无忧网 www.paper51.com
<%if(ary2 && (!ary3)){%> 内容来自www.paper51.com //协议、源端口不能同时为空 http://www.paper51.com <jsp:forwardpage="/err.jsp"/> 内容来自www.paper51.com <%} else if(ary2&& (!ary4)){%> paper51.com //协议、目的端口不能同时为空 内容来自www.paper51.com <jsp:forwardpage="/err.jsp"/> http://www.paper51.com
<% } else if(!ary3 ||!ary4) copyright paper51.com //源/目的端口不同时为空的情况 内容来自论文无忧网 www.paper51.com
{ http://www.paper51.com array[2]=array[2]+" -m tcp "; 内容来自论文无忧网 www.paper51.com for(int i=0;i<5;i++) http://www.paper51.com { copyright paper51.com
if(array[i].equals("")) 内容来自www.paper51.com { copyright paper51.com
continue; paper51.com } http://www.paper51.com
|