Add firewall 1-3

intercepting-communication/firewall-1/.init

@@ -0,0 +1 @@
+../.init

intercepting-communication/firewall-1/run

@@ -0,0 +1,55 @@
+#!/usr/bin/exec-suid --real -- /usr/bin/python -I
+
+import multiprocessing
+import os
+import socket
+import socketserver
+import time
+
+import psutil
+from dojjail import Host, Network
+
+flag = open("/flag").read()
+parent_process = psutil.Process(os.getppid())
+
+class ServerHost(Host):
+    def entrypoint(self):
+        last_connected_time = multiprocessing.Value("d", time.time())
+
+        def watchdog():
+            while True:
+                with last_connected_time.get_lock():
+                    if time.time() - last_connected_time.value > 2:
+                        print(flag, flush=True)
+                        break
+                time.sleep(1)
+
+        watchdog_process = multiprocessing.Process(target=watchdog)
+        watchdog_process.daemon = True
+        watchdog_process.start()
+
+        class ForkingTCPHandler(socketserver.BaseRequestHandler):
+            def handle(self):
+                with last_connected_time.get_lock():
+                    last_connected_time.value = time.time()
+                self.request.recv(1024)
+
+        with socketserver.ForkingTCPServer(("0.0.0.0", 31337), ForkingTCPHandler) as server:
+            server.serve_forever()
+
+class ClientHost(Host):
+    def entrypoint(self):
+        while True:
+            try:
+                with socket.create_connection(("10.0.0.1", 31337)) as client_socket:
+                    client_socket.sendall(b"Hello, World!\n")
+                time.sleep(1)
+            except (OSError, ConnectionError, TimeoutError):
+                continue
+
+user_host = ServerHost("ip-10-0-0-1", privileged_uid=parent_process.uids().effective)
+client_host = ClientHost("ip-10-0-0-2")
+network = Network(hosts={user_host: "10.0.0.1", client_host: "10.0.0.2"}, subnet="10.0.0.0/24")
+network.run()
+
+user_host.interactive(environ=parent_process.environ())

intercepting-communication/firewall-2/.init

@@ -0,0 +1 @@
+../.init

intercepting-communication/firewall-2/run

@@ -0,0 +1,61 @@
+#!/usr/bin/exec-suid --real -- /usr/bin/python -I
+
+import multiprocessing
+import os
+import socket
+import socketserver
+import time
+
+import psutil
+from dojjail import Host, Network
+
+flag = open("/flag").read()
+parent_process = psutil.Process(os.getppid())
+
+class ServerHost(Host):
+    def entrypoint(self):
+        manager = multiprocessing.Manager()
+        last_connected_times = manager.dict()
+
+        def watchdog():
+            while True:
+                time.sleep(1)
+                current_time = time.time()
+                if current_time - last_connected_times.get("10.0.0.2", current_time) > 2:
+                    continue
+                if current_time - last_connected_times.get("10.0.0.3", current_time) < 2:
+                    continue
+                print(flag, flush=True)
+                break
+
+        watchdog_process = multiprocessing.Process(target=watchdog)
+        watchdog_process.daemon = True
+        watchdog_process.start()
+
+        class ForkingTCPHandler(socketserver.BaseRequestHandler):
+            def handle(self):
+                client_ip, _ = self.client_address
+                last_connected_times[client_ip] = time.time()
+                self.request.recv(1024)
+
+        with socketserver.ForkingTCPServer(("0.0.0.0", 31337), ForkingTCPHandler) as server:
+            server.serve_forever()
+
+class ClientHost(Host):
+    def entrypoint(self):
+        while True:
+            try:
+                with socket.create_connection(("10.0.0.1", 31337)) as client_socket:
+                    client_socket.sendall(b"Hello, World!\n")
+                time.sleep(1)
+            except (OSError, ConnectionError, TimeoutError):
+                continue
+
+user_host = ServerHost("ip-10-0-0-1", privileged_uid=parent_process.uids().effective)
+client_host_1 = ClientHost("ip-10-0-0-2")
+client_host_2 = ClientHost("ip-10-0-0-3")
+network = Network(hosts={user_host: "10.0.0.1", client_host_1: "10.0.0.2", client_host_2: "10.0.0.3"},
+                  subnet="10.0.0.0/24")
+network.run()
+
+user_host.interactive(environ=parent_process.environ())

intercepting-communication/firewall-3/.init

@@ -0,0 +1 @@
+../.init

intercepting-communication/firewall-3/run

@@ -0,0 +1,44 @@
+#!/usr/bin/exec-suid --real -- /usr/bin/python -I
+
+import os
+import random
+import socket
+import subprocess
+
+import psutil
+from dojjail import Host, Network
+
+flag = open("/flag").read()
+parent_process = psutil.Process(os.getppid())
+
+def drop_packets(dport):
+    subprocess.run(["/usr/sbin/iptables",
+                    "-A", "OUTPUT",
+                    "-p", "tcp",
+                    "--dport", str(dport),
+                    "-j", "DROP"],
+                   stdin=subprocess.DEVNULL,
+                   capture_output=True,
+                   check=True)
+
+class ServerHost(Host):
+    def entrypoint(self):
+        server_socket = socket.socket()
+        server_socket.bind(("0.0.0.0", 31337))
+        server_socket.listen()
+        while True:
+            try:
+                connection, _ = server_socket.accept()
+                connection.sendall(flag.encode())
+                connection.close()
+            except ConnectionError:
+                continue
+
+user_host = Host("ip-10-0-0-1", privileged_uid=parent_process.uids().effective)
+server_host = ServerHost("ip-10-0-0-2")
+network = Network(hosts={user_host: "10.0.0.1", server_host: "10.0.0.2"}, subnet="10.0.0.0/24")
+network.run()
+
+user_host.exec(lambda: drop_packets(31337))
+
+user_host.interactive(environ=parent_process.environ())

intercepting-communication/module.yml

@@ -21,6 +21,12 @@ challenges:
   name: Sniffing Cookies
 - id: level-7
   name: Network Configuration
+- id: firewall-1
+  name: Firewall 1
+- id: firewall-2
+  name: Firewall 2
+- id: firewall-3
+  name: Firewall 3
 - id: level-8
   name: Ethernet
 - id: level-9