Source for file docsis_firewall.php

Documentation is available at docsis_firewall.php

  1. <?php
    2. 

  2. /**
    3. 

  3.  * DOCSIS Port Filter (Firewall)
    4. 

  4.  *
    5. 

  5.  * @author David Eder <david@eder.us>
    6. 

  6.  * @copyright 2004 David Eder
    7. 

  7.  * @package docsis_firewall
    8. 

  8.  * @version .3
    9. 

  9.  */
    10. 

  10.  
    11. 

  11.  /**
    12. 

  12.   */
    13. 

  13.   require_once(dirname(__FILE__) . DIRECTORY_SEPARATOR . 'docsis_config.php');
    14. 

  14.  
    15. 

  15.   if(!defined('SOL_ICMP')) define('SOL_ICMP', 1);
    16. 

  16.   if(!defined('SOL_TCP')) define('SOL_TCP', 6);
    17. 

  17.   if(!defined('SOL_UDP')) define('SOL_UDP', 17);
    18. 

  18.   if(!defined('SOL_ALL')) define('SOL_ALL', 256);
    19. 

  19.   if(!defined('DEFAULT_ACCEPT')) define('DEFAULT_ACCEPT', 2);
    20. 

  20.   if(!defined('DEFAULT_DROP')) define('DEFAULT_DROP', 1);  
    21. 

  21.   if(!defined('INTERFACE_DEFAULT')) define('INTERFACE_DEFAULT', 0);  
    22. 

  22.   if(!defined('DIRECTION_INBOUND')) define('DIRECTION_INBOUND', 1);  
    23. 

  23.   if(!defined('DIRECTION_OUTBOUND')) define('DIRECTION_OUTBOUND', 2);  
    24. 

  24.   if(!defined('DIRECTION_BOTH')) define('DIRECTION_BOTH', 3);  
    25. 

  25.   if(!defined('BROADCAST_TRUE')) define('BROADCAST_TRUE', 1);
    26. 

  26.   if(!defined('BROADCAST_FALSE')) define('BROADCAST_FALSE', 2);
    27. 

  27.  /**
    28. 

  28.   * DOCSIS Port Filter (Firewall)
    29. 

  29.   *
    30. 

  30.   * @package docsis_firewall
    31. 

  31.   */
    32. 

  32.   class docsis_firewall
    33. 

  33.   {
    34. 

  34.     // see http://www.cisco.com/univercd/cc/td/doc/product/cable/cab_rout/cmtsfg/ufgcfile.htm#wp1025297
    35. 

  35.  
    36. 

  36.     
    37. 

  37.  
    38. 

  38.     var $filters = array();
    39. 

  39.  
    40. 

  40.    /**
    41. 

  41.     * Constructor
    42. 

  42.     */
    43. 

  43.     function docsis_firewall()
    44. 

  44.     {}
    45. 

  45.  
    46. 

  46.    /**
    47. 

  47.     * Add a filter to the firewall
    48. 

  48.     *
    49. 

  49.     * @param int $protocol either SOL_ICMP, SOL_TCP, SOL_UDP or SOL_ALL
    50. 

  50.     * @param int $control either DEFAULT_ACCEPT or DEFAULT_DROP
    51. 

  51.     * @param ipaddress $source_ip_address Source IP Address
    52. 

  52.     * @param ipaddress $source_mask Source Mask
    53. 

  53.     * @param int $source_port_low port to start filtering
    54. 

  54.     * @param int $source_port_high port to stop filtering
    55. 

  55.     * @param ipaddress $dest_ip_address Dest IP Address
    56. 

  56.     * @param ipaddress $dest_mask Destination Mask
    57. 

  57.     * @param int $dest_port_low Destination port low
    58. 

  58.     * @param int $dest_port_high Destination port high
    59. 

  59.     * @param int $interface_index Interface index defaults to INTERFACE_DEFAULT
    60. 

  60.     * @param int $direction Direction to match against valid values DIRECTION_INBOUND, DIRECTION_OUTBOUND or DIRECTION_BOTH default Value DIRECTION_BOTH
    61. 

  61.     * @param int $broadcast_only Only match multicast or broadcast traffic Valid Values BROADCAST_TRUE or BROADCAST_FALSE default is BROADCAST_FALSE
    62. 

  62.     */
    63. 

  63.     function add_filter($protocol=SOL_ALL, $control=DEFAULT_DROP,
    64. 

  64.                         $source_ip_address='0.0.0.0', $source_mask='0.0.0.0', $source_port_low=0, $source_port_high=65535,
    65. 

  65.                         $dest_ip_address='0.0.0.0', $dest_mask='0.0.0.0', $dest_port_low=0, $dest_port_high=65535,
    66. 

  66.                         $interface_index=INTERFACE_DEFAULT, $direction=DIRECTION_BOTH, $broadcast_only=BROADCAST_FALSE)
    67. 

  67.     {
    68. 

  68.       $this->filters[] = array('protocol'=>$protocol, 'control'=>$control,
    69. 

  69.                                'source_ip_address'=>$source_ip_address, 'source_mask'=>$source_mask,
    70. 

  70.                                'source_port_low'=>$source_port_low, 'source_port_high'=>$source_port_high,
    71. 

  71.                                'dest_ip_address'=>$dest_ip_address, 'dest_mask'=>$dest_mask,
    72. 

  72.                                'dest_port_low'=>$dest_port_low, 'dest_port_high'=>$dest_port_high,
    73. 

  73.                                'interface_index'=>$interface_index, 'direction'=>$direction, 'broadcast_only'=>$broadcast_only);
    74. 

  74.     }
    75. 

  75.  
    76. 

  76.    /**
    77. 

  77.     * Write filter to bootfile
    78. 

  78.     *
    79. 

  79.     * @param docsis_config $bootfile to write to
    80. 

  80.     * @param int $default_action either DEFAULT_ACCEPT or DEFAULT_DROP
    81. 

  81.     */
    82. 

  82.     function write(&$bootfile, $default_action=DEFAULT_ACCEPT)
    83. 

  83.     {
    84. 

  84.       $number = 0;
    85. 

  85.      
    86. 

  86.       foreach($this->filters as $index=>$filter)
    87. 

  87.       {
    88. 

  88.         $number ++;
    89. 

  89.         // Create the filter and activate it
    90. 

  90.         $bootfile->add_snmp_object('.1.3.6.1.2.1.69.1.6.4.1.2.' . $number, new rfc1155_Integer(4));
    91. 

  91.  
    92. 

  92.                   // Set Control  Accept or Drop for this Rule
    93. 

  93.         $bootfile->add_snmp_object('.1.3.6.1.2.1.69.1.6.4.1.3.' . $number, new rfc1155_Integer($filter['control']));
    94. 

  94.  
    95. 

  95.         // Apply filter to all interfaces.
    96. 

  96.         $bootfile->add_snmp_object('.1.3.6.1.2.1.69.1.6.4.1.4.' . $number, new rfc1155_Integer($filter['interface_index']));
    97. 

  97.  
    98. 

  98.         // Apply filter to both inbound and outbound traffic.
    99. 

  99.         $bootfile->add_snmp_object('.1.3.6.1.2.1.69.1.6.4.1.5.' . $number, new rfc1155_Integer($filter['direction']));
    100. 

  100.  
    101. 

  101.          // Apply Filter to all traffic not just multi cast traffic.
    102. 

  102.         $bootfile->add_snmp_object('.1.3.6.1.2.1.69.1.6.4.1.6.' . $number, new rfc1155_Integer($filter['broadcast_only']));
    103. 

  103.  
    104. 

  104.              // Apply filter to traffic with this Source Address
    105. 

  105.         $bootfile->add_snmp_object('.1.3.6.1.2.1.69.1.6.4.1.7.' . $number, new rfc1155_IPAddress($filter['source_ip_address']));
    106. 

  106.  
    107. 

  107.              // Apply filter to traffice with this source mask
    108. 

  108.         $bootfile->add_snmp_object('.1.3.6.1.2.1.69.1.6.4.1.8.' . $number, new rfc1155_IPAddress($filter['source_mask']));
    109. 

  109.         
    110. 

  110.         // Apply filter to traffic with this Destination Address
    111. 

  111.         $bootfile->add_snmp_object('.1.3.6.1.2.1.69.1.6.4.1.9.' . $number, new rfc1155_IPAddress($filter['dest_ip_address']));
    112. 

  112.  
    113. 

  113.              // Apply filter to traffice with this Destination mask
    114. 

  114.         $bootfile->add_snmp_object('.1.3.6.1.2.1.69.1.6.4.1.10.' . $number, new rfc1155_IPAddress($filter['dest_mask']));
    115. 

  115.         
    116. 

  116.         // Match $this->protocol packets.
    117. 

  117.         $bootfile->add_snmp_object('.1.3.6.1.2.1.69.1.6.4.1.11.' . $number, new rfc1155_Integer($filter['protocol']));
    118. 

  118.  
    119. 

  119.                   // Apply filter to traffic for port starting at source port_low.
    120. 

  120.         $bootfile->add_snmp_object('.1.3.6.1.2.1.69.1.6.4.1.12.' . $number, new rfc1155_Integer($filter['source_port_low']));
    121. 

  121.  
    122. 

  122.         // Apply filter to traffic for port ending at source port_high.
    123. 

  123.         $bootfile->add_snmp_object('.1.3.6.1.2.1.69.1.6.4.1.13.' . $number, new rfc1155_Integer($filter['source_port_high']));
    124. 

  124.  
    125. 

  125.         // Apply filter to traffic for port starting at dest port_low.
    126. 

  126.         $bootfile->add_snmp_object('.1.3.6.1.2.1.69.1.6.4.1.14.' . $number, new rfc1155_Integer($filter['dest_port_low']));
    127. 

  127.  
    128. 

  128.         // Apply filter to traffic for port ending at dest port_high.
    129. 

  129.         $bootfile->add_snmp_object('.1.3.6.1.2.1.69.1.6.4.1.15.' . $number, new rfc1155_Integer($filter['dest_port_high']));
    130. 

  130.  
    131. 

  131.       }
    132. 

  132.       // Sets Default Action when a packet does not match any rule 
    133. 

  133.       // Important note setting this to DEFAULT_DROP will drop all
    134. 

  134.       // traffic reguardless of whether a rule is matched equivalent to Network Access = 0
    135. 

  135.       $bootfile->add_snmp_object('.1.3.6.1.2.1.69.1.6.3.0', new rfc1155_Integer($default_action));
    136. 

  136.     }
    137. 

  137.   }
    138. 

  138. ?>
    139.

Documentation generated on Mon, 14 Nov 2005 18:00:15 -0700 by phpDocumentor 1.3.0RC3