private void flushIptables() {
StringBuffer cmd = new StringBuffer();
cmd.append(BASE + "iptables -t nat -F SSHTUNNEL\n");
cmd.append(BASE + "iptables -t nat -X SSHTUNNEL\n");
cmd.append((CMD_IPTABLES_RETURN.replace("0.0.0.0", hostAddress)).replace("-A", "-D"));
if (enableDNSProxy) {
cmd.append(BASE + "iptables -t nat -F SSHTUNNELDNS\n");
cmd.append(BASE + "iptables -t nat -X SSHTUNNELDNS\n");
cmd.append(BASE + "iptables -t nat -D OUTPUT -p udp -j SSHTUNNELDNS\n");
}
if (profile.isGFWList()) {
String[] gfw_list = getResources().getStringArray(R.array.gfw_list);
for (String item : gfw_list) {
cmd.append(BASE + "iptables -t nat -D OUTPUT -p tcp -d " + item + " -j SSHTUNNEL\n");
}
} else if (profile.isAutoSetProxy()) {
cmd.append(BASE + "iptables -t nat -D OUTPUT -p tcp -j SSHTUNNEL\n");
} else {
// for proxy specified apps
if (apps == null || apps.length <= 0)
apps = AppManager.getProxyedApps(this, profile.getProxyedApps());
for (int i = 0; i < apps.length; i++) {
if (apps[i].isProxyed()) {
cmd.append(
BASE
+ "iptables "
+ "-t nat -m owner --uid-owner "
+ apps[i].getUid()
+ " -D OUTPUT -p tcp -j SSHTUNNEL\n");
}
}
}
String rules = cmd.toString();
runRootCommand(rules);
if (profile.isSocks()) runRootCommand(BASE + "proxy_socks.sh stop");
else runRootCommand(BASE + "proxy_http.sh stop");
}
/**
* Internal method to request actual PTY terminal once we've finished authentication. If called
* before authenticated, it will just fail.
*/
private void finishConnection() {
Log.e(TAG, "Forward Successful");
if (profile.isSocks()) runRootCommand(BASE + "proxy_socks.sh start " + profile.getLocalPort());
else runRootCommand(BASE + "proxy_http.sh start " + profile.getLocalPort());
StringBuffer cmd = new StringBuffer();
cmd.append(BASE + "iptables -t nat -N SSHTUNNEL\n");
cmd.append(BASE + "iptables -t nat -F SSHTUNNEL\n");
if (enableDNSProxy) {
cmd.append(BASE + "iptables -t nat -N SSHTUNNELDNS\n");
cmd.append(BASE + "iptables -t nat -F SSHTUNNELDNS\n");
if (hasRedirectSupport)
cmd.append(
BASE
+ "iptables "
+ "-t nat -A SSHTUNNELDNS -p udp --dport 53 -j REDIRECT --to "
+ dnsPort
+ "\n");
else
cmd.append(
BASE
+ "iptables "
+ "-t nat -A SSHTUNNELDNS -p udp --dport 53 -j DNAT --to-destination 127.0.0.1:"
+ dnsPort
+ "\n");
cmd.append(BASE + "iptables -t nat -A OUTPUT -p udp -j SSHTUNNELDNS\n");
}
if (profile.isSocks())
cmd.append(
hasRedirectSupport ? CMD_IPTABLES_REDIRECT_ADD_SOCKS : CMD_IPTABLES_DNAT_ADD_SOCKS);
else cmd.append(hasRedirectSupport ? CMD_IPTABLES_REDIRECT_ADD : CMD_IPTABLES_DNAT_ADD);
cmd.append(CMD_IPTABLES_RETURN.replace("0.0.0.0", hostAddress));
if (profile.isGFWList()) {
String[] gfw_list = getResources().getStringArray(R.array.gfw_list);
for (String item : gfw_list) {
cmd.append(BASE + "iptables -t nat -A OUTPUT -p tcp -d " + item + " -j SSHTUNNEL\n");
}
} else if (profile.isAutoSetProxy()) {
cmd.append(BASE + "iptables -t nat -A OUTPUT -p tcp -j SSHTUNNEL\n");
} else {
// for proxy specified apps
if (apps == null || apps.length <= 0)
apps = AppManager.getProxyedApps(this, profile.getProxyedApps());
for (int i = 0; i < apps.length; i++) {
if (apps[i].isProxyed()) {
cmd.append(
BASE
+ "iptables "
+ "-t nat -m owner --uid-owner "
+ apps[i].getUid()
+ " -A OUTPUT -p tcp -j SSHTUNNEL\n");
}
}
}
String rules = cmd.toString();
if (hostAddress != null)
rules =
rules
.replace("--dport 443", "! -d " + hostAddress + " --dport 443")
.replace("--dport 80", "! -d " + hostAddress + " --dport 80");
if (profile.isSocks()) runRootCommand(rules.replace("8124", "8123"));
else runRootCommand(rules);
}