me.php _rdr,GitHub - osnosn/rdr_port: temporary redirect port in N seconds, use iptables or nftable ...

李大雷

于 2021-03-25 05:37:35 发布

阅读量131

点赞数

文章标签： me.php _rdr

该文介绍了如何使用C语言编写的程序实现iptables和nftables的临时端口重定向。程序在后台运行，根据提供的源IP插入端口重定向规则，并在指定时间后删除。通过设置SUID，该程序可被网页脚本调用来临时改变端口映射，例如将443端口重定向到22端口，以便在SSH连接中使用。文中给出了PHP和Python调用程序的例子。

摘要由CSDN通过智能技术生成

Temporary redirect port in N seconds, use iptables or nftable rule.

临时重定向端口，使用 ipt 或 nft 规则。

In the two directories are the programs (written in C) corresponding to the IPT and NFT rules.

just execute gcc -O -o xxxx rdr_port_ipt to complite an executable file.

strip xxxx can make the executable file smaller.

两个目录中分别是对应 IPT 和 NFT 规则的 C语言程序。

只需执行 gcc -O -o xxxx rdr_port_ipt 即可生成可执行文件。

strip xxxx 可以让可执行文件更小一点。

Execute rdr_port_ipt or rdr_port_nft :

Insert a port redirection rule into the iptables rule table or nftable chain according to the source IP provided.

The program resides in the background and waits for N seconds (depending on the command line parameters).

Remove the previously inserted redirection rule from the iptables or nftable.

The program done & exit.

The compiled executable file can be set with suid (chmod 4555 ...), which is called and executed by web script and temporarily redirected the port.

For example 443 -> 22, You can use the SSH client connect to port 443 in a few seconds, and then even if the redirection rule is deleted, your SSH connection will not be affected. Until you logout.

For example, PHP:

// $ip=$_SERVER['REMOTE_ADDR'];

$ip='1.2.3.4';

exec('/somepath/rdr_port_ipt '.$ip.' 20 a b');

For example, py3:

import subprocess

# import flask

# sip=flask.request.remote_addr

sip='1.2.3.4'

output=subprocess.getoutput('/somepath/rdr_port_ipt ' + sip + ' 20 a b')

执行 rdr_port_ipt ：

根据提供的来源 IP，在 iptables 规则表, 或nftable chain 中插入一条端口重定向规则。