Commit 62521824 authored by Francesc Guasch's avatar Francesc Guasch
Browse files

[#597] search and count ip rules

parent a2737478
......@@ -20,6 +20,7 @@ require Exporter;
@EXPORT = qw(base_domain_name new_domain_name rvd_back remove_old_disks remove_old_domains create_user user_admin wait_request rvd_front init init_vm clean new_pool_name
create_domain
test_chain_prerouting
find_ip_rule
search_id_iso
flush_rules open_ipt
arg_create_dom
......@@ -429,5 +430,72 @@ sub open_ipt {
}
sub _iptables_list {
my ($in, $out, $err);
run3(['/sbin/iptables-save'], \$in, \$out, \$err);
my ( %tables, $ret );
my ($current_table);
for my $line (split /\n/, $out) {
chomp $line;
next if ( $line eq "COMMIT" );
next if ( $line =~ m/^#/ );
next if ( $line =~ m/^:/ );
if ( $line =~ m/^\*([a-z]+)$/ ) {
$current_table = $1;
$tables{$current_table} = [];
next;
}
#my @parts = grep { ! /^\s+$/ && ! /^$/ } split (/(\-\-?[^\s]+\s[^\s]+)/i, $line);
my @parts = grep { !/^\s+$/ && !/^$/ } split( /^\-\-?|\s+\-\-?/i, $line );
my @option = ();
for my $part (@parts) {
my ( $key, $value ) = split( /\s/, $part, 2 );
push( @option, $key => $value );
}
push( @{ $ret->{$current_table} }, \@option );
}
return $ret;
}
sub find_ip_rule {
my %args = @_;
my $remote_ip = delete $args{remote_ip};
my $local_ip = delete $args{local_ip};
my $local_port= delete $args{local_port};
my $jump = (delete $args{jump} or 'ACCEPT');
die "ERROR: Unknown args ".Dumper(\%args) if keys %args;
my $iptables = _iptables_list();
$remote_ip .= "/32" if defined $remote_ip && $remote_ip !~ m{/};
$local_ip .= "/32" if defined $local_ip && $local_ip !~ m{/};
my @found;
my $count = 0;
for my $line (@{$iptables->{filter}}) {
my %args = @$line;
next if $args{A} ne $CHAIN;
$count++;
if(exists $args{j} && defined $jump && $args{j} eq $jump
&& exists $args{s} && defined $remote_ip && $args{s} eq $remote_ip
&& exists $args{d} && defined $local_ip && $args{d} eq $local_ip
&& exists $args{dport} && defined $local_port && $args{dport} eq $local_port) {
push @found,($count);
}
}
return @found if wantarray;
return if !scalar@found;
return $found[0];
}
1;
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment