1

I'm probably wrong on the syntax with this one, or I simply have no clue how I can execute this command. 

        String ipAddress = request.getRemoteAddr();

        System.out.println(ipAddress);

        String[] command = {"sudo iptables -t nat -I PREROUTING 1 -s "+ipAddress+" -p tcp -m tcp --dport 80 -j ACCEPT && sudo iptables -t nat -I PREROUTING 2 -s "+ipAddress+" -p tcp -m tcp --dport 443 -j ACCEPT"};
        ProcessBuilder probuilder = new ProcessBuilder(command);

        Process process = probuilder.start();

        //Read out dir output
        InputStream is = process.getInputStream();
        InputStreamReader isr = new InputStreamReader(is);
        BufferedReader br = new BufferedReader(isr);
        String line;
        System.out.printf("Output of running %s is:\n",
                Arrays.toString(command));
        while ((line = br.readLine()) != null) {
            System.out.println(line);
        }

        //Wait to get exit value
        try {
            int exitValue = process.waitFor();
            System.out.println("\n\nExit Value is " + exitValue);
        } catch (InterruptedException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }

They are 2 commands to insert an iptables rule when someone succesfully logs in on my tomcat(localhost) server which runs on a Raspberry pi. On my mac it returns an exception error, when I try to log on succesfully on my phone, it won't give me internet access(when I check the iptables on the pi there is nothing inserted).

N3ur0
  • 47
  • 7

1 Answers1

1

There are several issues with your code. The ProcessBuilder constructor takes a list of arguments as following:

Process p = new ProcessBuilder("myCommand", "myArg").start();

see ProcessBuilder Javadoc. In your case, sudo is the command and the rest are the arguments. If you have at least Java 7 then you can forward the output of the command by using the inheritIO method. 

 ProcessBuilder probuilder = new ProcessBuilder().inheritIO().command("myCommand", "myArg");

Check this for a detailed discussion.

Secondly, you must provide the full path to the executable (i.e. /usr/bin/sudo instead of sudo) otherwise it won't be able to find it.

A quick fix to your code should look like this:

String[] command = { "/usr/bin/sudo iptables -t nat -I PREROUTING 1 -s " + ipAddress
        + " -p tcp -m tcp --dport 80 -j ACCEPT " };
String[] commands = command[0].split(" ");
ProcessBuilder probuilder = new ProcessBuilder(commands);

Similar question here.

Hope it helps.

b0gusb
  • 4,283
  • 2
  • 14
  • 33
  • Thanks alot for your help, in my tomcat log on Intellij I get a response that it runs the command. However, on my pi nothing happens. Is the reason maybe that sudo is a command and iptables is a command too. The iptables command should add 1 new rule on top of my 2 redirection rules. I also gave my tomcat8 superuser rights within my pi. However I'll try to check if the superuser rights are really given to tomcat. – N3ur0 Jan 15 '19 at 13:21
  • I edited the answer. You should check the output of the `iptables` command and the output of the Java process. In addition, as a convenience, you could create a script with the `iptables` commands and execute the script from java. – b0gusb Jan 15 '19 at 15:01
  • I've tried this, and it gives me: "Cannot run program: "usr/bin/sudo": error = 2, No such file or directory. I checked /usr/bin in my Pi and sudo is listed there. So I literally have no clue what's happening. I also have no experience in making scripts. How would I be able to execute 2 iptables commands with a script? But atleast now I know that the command is trying to execute. – N3ur0 Jan 15 '19 at 16:12
  • Make sure you don't have any extra spaces otherwise the split won't work correctly. Check the path - it seems you missed the first slash `/usr/bin/sudo` – b0gusb Jan 16 '19 at 07:10
  • It worked, I rebuild the code to something very simple " Runtime.getRuntime().exec("sudo iptables -t nat -I PREROUTING -s "+ipAddress+" -j ACCEPT"); " and gave tomcat8 shell access, so it can execute the commands. It seemed that the sudo rights were more of a problem compared to executing the code. – N3ur0 Jan 16 '19 at 13:39
  • Cool. I am glad you sorted it all out. – b0gusb Jan 16 '19 at 13:51