mirror of
https://github.com/sshuttle/sshuttle.git
synced 2025-02-16 18:32:03 +01:00
Rename iptables->firewall.
Since we "almost" support ipfw on MacOS (which I guess might mean FreeBSD too), the name should be a bit more generic.
This commit is contained in:
Avery Pennarun
parent
096bbcc576
commit
ba19d9c72d
16
client.py
16
client.py
@ -19,14 +19,14 @@ def original_dst(sock):
|
|||||||
raise
|
raise
|
||||||
|
|
||||||
|
|
||||||
class IPTables:
|
class FirewallClient:
|
||||||
def __init__(self, port, subnets):
|
def __init__(self, port, subnets):
|
||||||
self.port = port
|
self.port = port
|
||||||
self.subnets = subnets
|
self.subnets = subnets
|
||||||
subnets_str = ['%s/%d' % (ip,width) for ip,width in subnets]
|
subnets_str = ['%s/%d' % (ip,width) for ip,width in subnets]
|
||||||
argvbase = ([sys.argv[0]] +
|
argvbase = ([sys.argv[0]] +
|
||||||
['-v'] * (helpers.verbose or 0) +
|
['-v'] * (helpers.verbose or 0) +
|
||||||
['--iptables', str(port)] + subnets_str)
|
['--firewall', str(port)] + subnets_str)
|
||||||
argv_tries = [
|
argv_tries = [
|
||||||
['sudo'] + argvbase,
|
['sudo'] + argvbase,
|
||||||
['su', '-c', ' '.join(argvbase)],
|
['su', '-c', ' '.join(argvbase)],
|
||||||
@ -53,7 +53,7 @@ class IPTables:
|
|||||||
s1.close()
|
s1.close()
|
||||||
self.pfile = s2.makefile('wb+')
|
self.pfile = s2.makefile('wb+')
|
||||||
if e:
|
if e:
|
||||||
log('Spawning iptables: %r\n' % self.argv)
|
log('Spawning firewall manager: %r\n' % self.argv)
|
||||||
raise Fatal(e)
|
raise Fatal(e)
|
||||||
line = self.pfile.readline()
|
line = self.pfile.readline()
|
||||||
self.check()
|
self.check()
|
||||||
@ -80,7 +80,7 @@ class IPTables:
|
|||||||
raise Fatal('cleanup: %r returned %d' % (self.argv, rv))
|
raise Fatal('cleanup: %r returned %d' % (self.argv, rv))
|
||||||
|
|
||||||
|
|
||||||
def _main(listener, ipt, use_server, remotename):
|
def _main(listener, fw, use_server, remotename):
|
||||||
handlers = []
|
handlers = []
|
||||||
if use_server:
|
if use_server:
|
||||||
if helpers.verbose >= 1:
|
if helpers.verbose >= 1:
|
||||||
@ -104,7 +104,7 @@ def _main(listener, ipt, use_server, remotename):
|
|||||||
|
|
||||||
# we definitely want to do this *after* starting ssh, or we might end
|
# we definitely want to do this *after* starting ssh, or we might end
|
||||||
# up intercepting the ssh connection!
|
# up intercepting the ssh connection!
|
||||||
ipt.start()
|
fw.start()
|
||||||
|
|
||||||
def onaccept():
|
def onaccept():
|
||||||
sock,srcip = listener.accept()
|
sock,srcip = listener.accept()
|
||||||
@ -176,9 +176,9 @@ def main(listenip, use_server, remotename, subnets):
|
|||||||
listenip = listener.getsockname()
|
listenip = listener.getsockname()
|
||||||
debug1('Listening on %r.\n' % (listenip,))
|
debug1('Listening on %r.\n' % (listenip,))
|
||||||
|
|
||||||
ipt = IPTables(listenip[1], subnets)
|
fw = FirewallClient(listenip[1], subnets)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
return _main(listener, ipt, use_server, remotename)
|
return _main(listener, fw, use_server, remotename)
|
||||||
finally:
|
finally:
|
||||||
ipt.done()
|
fw.done()
|
||||||
|
|||||||
10
main.py
10
main.py
@ -1,6 +1,6 @@
|
|||||||
#!/usr/bin/env python
|
#!/usr/bin/env python
|
||||||
import sys, os, re
|
import sys, os, re
|
||||||
import helpers, options, client, server, iptables
|
import helpers, options, client, server, firewall
|
||||||
from helpers import *
|
from helpers import *
|
||||||
|
|
||||||
|
|
||||||
@ -46,7 +46,7 @@ def parse_ipport(s):
|
|||||||
|
|
||||||
optspec = """
|
optspec = """
|
||||||
sshuttle [-l [ip:]port] [-r [username@]sshserver[:port]] <subnets...>
|
sshuttle [-l [ip:]port] [-r [username@]sshserver[:port]] <subnets...>
|
||||||
sshuttle --iptables <port> <subnets...>
|
sshuttle --firewall <port> <subnets...>
|
||||||
sshuttle --server
|
sshuttle --server
|
||||||
--
|
--
|
||||||
l,listen= transproxy to this ip address and port number [default=0]
|
l,listen= transproxy to this ip address and port number [default=0]
|
||||||
@ -54,7 +54,7 @@ r,remote= ssh hostname (and optional username) of remote sshuttle server
|
|||||||
v,verbose increase debug message verbosity
|
v,verbose increase debug message verbosity
|
||||||
noserver don't use a separate server process (mostly for debugging)
|
noserver don't use a separate server process (mostly for debugging)
|
||||||
server [internal use only]
|
server [internal use only]
|
||||||
iptables [internal use only]
|
firewall [internal use only]
|
||||||
"""
|
"""
|
||||||
o = options.Options('sshuttle', optspec)
|
o = options.Options('sshuttle', optspec)
|
||||||
(opt, flags, extra) = o.parse(sys.argv[1:])
|
(opt, flags, extra) = o.parse(sys.argv[1:])
|
||||||
@ -64,10 +64,10 @@ helpers.verbose = opt.verbose
|
|||||||
try:
|
try:
|
||||||
if opt.server:
|
if opt.server:
|
||||||
sys.exit(server.main())
|
sys.exit(server.main())
|
||||||
elif opt.iptables:
|
elif opt.firewall:
|
||||||
if len(extra) < 1:
|
if len(extra) < 1:
|
||||||
o.fatal('at least one argument expected')
|
o.fatal('at least one argument expected')
|
||||||
sys.exit(iptables.main(int(extra[0]),
|
sys.exit(firewall.main(int(extra[0]),
|
||||||
parse_subnets(extra[1:])))
|
parse_subnets(extra[1:])))
|
||||||
else:
|
else:
|
||||||
if len(extra) < 1:
|
if len(extra) < 1:
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user