//作者: 家 QQ203118908 //本来打算用iptables-restore用文件形式更新防火墙规则, //可是iptables-restore出现了bug,2013年就有人提过这个bug //https://linux.debian.bugs.dist.narkive.com/J0hbJiR6/bug-710379-xtables-addons-common-quota2-module-iptables-save-creates-invalid-record //又得改,坑爹 //马丹,iptables -D INPUT -lineNumber也有BUG, //提示 index of deletion too big //日了够了 //又得改,坑爹 // sudo iptables -D OUTPUT 1 -t nat // // uid=`cat /data/system/packages.list | grep com.sohu.inputmethod.sogou | busybox awk '{print $2}'` // iptables -t filter -A OUTPUT -m owner --uid-owner=$uid -j DROP // 以上是android iptables 屏蔽某个app网络访问的内容, function 联网控制(appName) { // -A OUTPUT -m owner --uid-owner 10105 -j ACCEPT // -A OUTPUT -m owner --uid-owner 10105 -j DROP this.等待shell执行完毕的时间 = 0 this.防火墙规则路径 = '/sdcard/iptables.txt' this.uid路径 = '/sdcard/' + appName + 'uidOwner.txt' this.appName = appName this.packageName = getPackageName(this.appName) this.执行shell = (cmd) => { var result = shell(cmd, true); console.show(); log(result); if (result.code == 0) { toastLog("执行成功"); } else { toastLog("执行失败!请到控制台查看错误信息"); } sleep(this.等待shell执行完毕的时间) } this.uid = () => { var cmd = 'cat /data/system/packages.list | grep ' + this.packageName + ' > ' + this.uid路径 log('cmd=', cmd) this.执行shell(cmd) // cat /data/system/packages.list | grep com.tencent.mobileqq > /sdcard/QQuidOwner.txt var 包含uid的文本 = files.read('/sdcard/' + appName + 'uidOwner.txt') log('包含uid的文本=', 包含uid的文本) var uidReg = new RegExp(this.packageName + '\\s*(\\d+)') log('uidReg=', uidReg) var uid = 包含uid的文本.match(uidReg)[1] log(uid) return uid } this.允许联网规则 = 'iptables -t filter -A OUTPUT -m owner --uid-owner ' + this.uid() + ' -j ACCEPT' this.禁止联网规则 = 'iptables -t filter -A OUTPUT -m owner --uid-owner ' + this.uid() + ' -j DROP' this.允许 = () => { this.清空该app的防火墙规则() this.将防火墙规则写入系统(this.允许联网规则) } this.禁止 = () => { this.清空该app的防火墙规则() this.将防火墙规则写入系统(this.禁止联网规则) } this.将防火墙规则写入系统 = (防火墙规则) => { var cmd = 防火墙规则 this.执行shell(cmd) } this.导出防火墙规则 = () => { var cmd = 'iptables-save > ' + this.防火墙规则路径 this.执行shell(cmd) } this.防火墙规则 = () => { this.导出防火墙规则() var 防火墙规则 = files.read(this.防火墙规则路径) log('防火墙规则=', 防火墙规则) return 防火墙规则 } this.清空该app的防火墙规则 = () => { var 防火墙规则 = this.防火墙规则() // stringObject.replace(regexp/substr,replacement) // -A OUTPUT -m owner --uid-owner 10105 -j ACCEPT // -A OUTPUT -m owner --uid-owner 10105 -j ACCEPT // -A OUTPUT -m owner --uid-owner 10105 -j DROP // -A OUTPUT -m owner --uid-owner 10105 -j ACCEPT // -A OUTPUT -m owner --uid-owner 10105 -j ACCEPT // 删除之前添加的规则(iptables -A INPUT -s 192.168.1.5 -j DROP): // [root@test ~]# iptables -D INPUT -s 192.168.1.5 -j DROP // iptables -t filter -A OUTPUT -m owner --uid-owner=$uid -j DROP var 要删除的规则reg = new RegExp('-A (OUT|IN)PUT -m owner --uid-owner ' + this.uid() + ' -j (ACCEPT|DROP)', 'g') // 要删除的规则reg= /-A OUTPUT -m owner --uid-owner 10105 -j (ACCEPT|DROP)/ // -A OUTPUT -m owner --uid-owner 10105 -j (ACCEPT|DROP) // iptables -D OUTPUT -m owner --uid-owner 10105 -j ACCEPT log('要删除的规则reg=', 要删除的规则reg) var new防火墙规则 = 防火墙规则.match(要删除的规则reg, '') log('new防火墙规则=', new防火墙规则) // new防火墙规则= [ // '-A OUTPUT -m owner --uid-owner 10105 -j ACCEPT', // '-A OUTPUT -m owner --uid-owner 10105 -j DROP' // ] if(new防火墙规则){ for (let i = 0; i < new防火墙规则.length; i++) { var 规则 = new防火墙规则[i] 规则 = 规则.replace('-A', '-D') var cmd = 'iptables ' + 规则 this.执行shell(cmd) } } log('清空了指定app的防火墙规则') } } // var appName = 'QQ' // var appName = '哔哩哔哩' var appName = '微信' var app联网控制 = new 联网控制(appName) // app联网控制.禁止() app联网控制.允许()
声明
部分内容来自网络