public void Output(IpTablesSystem system, IpTablesRuleSet ruleSet)
{
foreach (var p in _protocols)
{
var description = _chain + "_" + p.Key;
String chainName = ShortHash.HexHash(description);
if (ruleSet.Chains.HasChain(chainName, _table))
{
throw new IpTablesNetException(String.Format("Duplicate feature split: {0}", chainName));
}
//Jump to chain
var chain = ruleSet.Chains.GetChainOrAdd(_chain, _table, system);
IpTablesRule jumpRule = new IpTablesRule(system, chain);
jumpRule.GetModuleOrLoad <CoreModule>("core").Jump = chainName;
jumpRule.GetModuleOrLoad <CommentModule>("comment").CommentText = _commentPrefix + "|FS|" + description;
_setter(jumpRule, p.Key);
ruleSet.AddRule(jumpRule);
//Nested output
ruleSet.AddChain(chainName, _table);
p.Value.Output(system, ruleSet);
}
}
public void TestAddChainTwoRules()
{
IpTablesRuleSet ruleSet = new IpTablesRuleSet(4, null);
String rule = "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10";
IpTablesChainSet chains = new IpTablesChainSet(4);
IpTablesRule irule = IpTablesRule.Parse(rule, null, chains);
ruleSet.AddRule(irule);
Assert.AreEqual(1, ruleSet.Chains.Count());
Assert.AreEqual("filter", ruleSet.Chains.First().Table);
Assert.AreEqual(1, ruleSet.Chains.First().Rules.Count());
ruleSet.AddRule(irule);
Assert.AreEqual(1, ruleSet.Chains.Count());
Assert.AreEqual(2, ruleSet.Chains.First().Rules.Count());
}
public void PerformSync(string matches)
{
var whitelist = _aclProvider.GetWhitelisted();
IpSetSet set = new IpSetSet(IpSetType.HashIp, "wl_ip", 0, _system, IpSetSyncMode.SetAndEntries);
foreach (var w in whitelist)
{
set.Entries.Add(new IpSetEntry(set, new IpCidr(w)));
}
IpSetSets sets = new IpSetSets(_system);
sets.AddSet(set);
sets.Sync();
IpTablesRuleSet rules = new IpTablesRuleSet(4, _system);
rules.AddRule("-A INPUT -m set --match-set wl_ip src -j ACCEPT -m comment --comment WLRULE");
rules.AddRule("-A INPUT " + matches + " j DROP -m comment --comment DROPRULE");
rules.Sync(new DefaultNetfilterSync <IpTablesRule>(Comparer));
}
public void Output(IpTablesSystem system, IpTablesRuleSet ruleSet)
{
foreach (var rule in _rules)
{
if (_chain != null)
{
var chain = ruleSet.Chains.GetChainOrDefault(_chain, _table);
if (chain == null)
{
throw new IpTablesNetException("Unable to find chain");
}
rule.Chain = chain;
}
ruleSet.AddRule(rule);
}
}
public void Output(IpTablesSystem system, IpTablesRuleSet ruleSet)
{
foreach (var rule in _rules)
{
if (_chain != null)
{
var chain = ruleSet.Chains.GetChainOrDefault(_chain, _table);
if (chain == null)
{
throw new IpTablesNetException("Unable to find chain");
}
rule.Chain = chain;
}
ruleSet.AddRule(rule);
}
}
public void Output(IpTablesSystem system, IpTablesRuleSet ruleSet)
{
//foreach group => rules
foreach (var p in _rules)
{
//The new chain
var description = _chain + "_" + p.Key;
String chainName = ShortHash.HexHash(description + "|" + _table);
if (ruleSet.Chains.HasChain(chainName, _table))
{
throw new IpTablesNetException(String.Format("Duplicate feature split: {0}", chainName));
}
var chain = ruleSet.Chains.GetChainOrAdd(chainName, _table, system);
//Nested output
var singleRule = OutputRulesForGroup(ruleSet, system, p.Value, chainName, p.Key);
//Console.WriteLine("Is Single Rule: {0}", singleRule == null ? "NO" : "YES");
if (singleRule == null)
{
if (chain.Rules.Count != 0)
{
IpTablesRule jumpRule = IpTablesRule.Parse(_baseRule, system, ruleSet.Chains);
_setJump(jumpRule, p.Key);
//jumpRule.
jumpRule.GetModuleOrLoad <CoreModule>("core").Jump = chainName;
jumpRule.GetModuleOrLoad <CommentModule>("comment").CommentText = _commentPrefix + "|MA|" +
description;
ruleSet.AddRule(jumpRule);
}
else
{
//Console.WriteLine(String.Format("No rules in the chain \"{0}\", skipping jump from {1}.", chainName, _chain));
}
}
else
{
_setJump(singleRule, p.Key);
//ruleSet.AddRule(singleRule);
}
if (chain.Rules.Count == 0)
{
ruleSet.Chains.RemoveChain(chain);
}
}
}
/// <summary>
/// Add the rules
/// </summary>
/// <param name="ruleSet"></param>
/// <param name="system"></param>
/// <param name="rules"></param>
/// <param name="chainName"></param>
/// <param name="key"></param>
/// <returns>an IPTables rule if the output is singular</returns>
private IpTablesRule OutputRulesForGroup(IpTablesRuleSet ruleSet, IpTablesSystem system, List <IpTablesRule> rules, string chainName, TKey key)
{
if (rules.Count == 0)
{
return(null);
}
int count = 0, ruleCount = 0;
List <PortOrRange> ranges = new List <PortOrRange>();
IpTablesRule rule1 = null;
var firstCore = rules[0].GetModule <CoreModule>("core");
int ruleIdx = 1;
Action buildRule = () =>
{
//Console.WriteLine("t2");
if (ranges.Count == 0)
{
throw new IpTablesNetException("this should not happen");
}
rule1 = IpTablesRule.Parse(_baseRule, system, ruleSet.Chains);
//Core Module
var ruleCore = rule1.GetModuleOrLoad <CoreModule>("core");
ruleCore.Protocol = firstCore.Protocol;
if (firstCore.TargetMode == TargetMode.Goto && !String.IsNullOrEmpty(firstCore.Goto))
{
ruleCore.Goto = firstCore.Goto;
}
else if (firstCore.TargetMode == TargetMode.Jump && !String.IsNullOrEmpty(firstCore.Jump))
{
ruleCore.Jump = firstCore.Jump;
}
//Comment Module
var ruleComment = rule1.GetModuleOrLoad <CommentModule>("comment");
ruleComment.CommentText = _commentPrefix + "|" + chainName + "|" + ruleIdx;
// Create just one rule if there is only one set of multiports
if (ruleCount == 1 && ranges.Count == 1 && _setJump != null)
{
_setJump(rule1, key);
rule1.Chain = ruleSet.Chains.GetChainOrDefault(_chain, _table);
}
else
{
rule1.Chain = ruleSet.Chains.GetChainOrDefault(chainName, _table);
}
//Console.WriteLine(rule1.GetActionCommandParamters());
_setPort(rule1, new List <PortOrRange>(ranges));
ruleSet.AddRule(rule1);
ruleIdx++;
};
List <PortOrRange> ports = rules.Select(rule => _extractPort(rule)).ToList();
PortRangeHelpers.SortRangeFirstLowHigh(ports);
ports = PortRangeHelpers.CompressRanges(ports);
ruleCount = PortRangeHelpers.CountRequiredMultiports(ports);
foreach (var e in ports)
{
if (!_ipset && (count == 14 && e.IsRange() || count == 15))
{
buildRule();
count = 0;
ranges.Clear();
}
ranges.Add(e);
if (e.IsRange())
{
count += 2;
}
else
{
count++;
}
}
if (ranges.Count != 0)
{
buildRule();
}
if (ruleCount != 1 || ranges.Count != 1)
{
return(null);
}
return(rule1);
}
