public void PerformSync(string matches)
{
var whitelist = _aclProvider.GetWhitelisted();
IpSetSet set = new IpSetSet(IpSetType.HashIp,"wl_ip",0, _system, IpSetSyncMode.SetAndEntries);
foreach (var w in whitelist)
{
set.Entries.Add(new IpSetEntry(set, new IpCidr(w)));
}
IpSetSets sets = new IpSetSets(_system);
sets.AddSet(set);
sets.Sync();
IpTablesRuleSet rules = new IpTablesRuleSet(4, _system);
rules.AddRule("-A INPUT -m set --match-set wl_ip src -j ACCEPT -m comment --comment WLRULE");
rules.AddRule("-A INPUT " + matches + " j DROP -m comment --comment DROPRULE");
rules.Sync(new DefaultNetfilterSync<IpTablesRule>(Comparer));
}
public void TestAddChainTwoRules()
{
IpTablesRuleSet ruleSet = new IpTablesRuleSet(4,null);
String rule = "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10";
IpTablesChainSet chains = new IpTablesChainSet(4);
IpTablesRule irule = IpTablesRule.Parse(rule, null, chains);
ruleSet.AddRule(irule);
Assert.AreEqual(1, ruleSet.Chains.Count());
Assert.AreEqual("filter", ruleSet.Chains.First().Table);
Assert.AreEqual(1, ruleSet.Chains.First().Rules.Count());
ruleSet.AddRule(irule);
Assert.AreEqual(1, ruleSet.Chains.Count());
Assert.AreEqual(2, ruleSet.Chains.First().Rules.Count());
}