public void FeedRule(IpTablesRule rule) { if (IsDynamic(rule)) { AddRule(rule); } }
public RuleParser(string[] arguments, IpTablesRule ipRule, IpTablesChainSet chains, String defaultTable) { _arguments = arguments; _ipRule = ipRule; _parsers.AddRange(_moduleFactory.GetPreloadModules()); _chains = chains; _tableName = defaultTable; }
public RuleParser(string[] arguments, IpTablesRule ipRule, IpTablesChainSet chains, String defaultTable) { _arguments = arguments; _ipRule = ipRule; _parsers = ModuleRegistry.PreloadDuplicateModules.ToList(); _chains = chains; _tableName = defaultTable; }
public void TestPolyfillArgumentsComparison4() { String rule = "-A INPUT -m unknown --unknown --unknown-2 \'this has spaces & a symbol\' -m unknown2 --unknown2 -p tcp -d 1.1.1.1 -m tcp --dport 80"; String rule2 = "-A INPUT -m unknown2 --unknown2 -m unknown --unknown --unknown-2 \'this has spaces & a symbol\' -p tcp -d 1.1.1.1 -m tcp --dport 80"; IpTablesChainSet chains = new IpTablesChainSet(4); Assert.AreEqual(IpTablesRule.Parse(rule, null, chains, 4), IpTablesRule.Parse(rule2, null, chains)); }
public static bool Comparer(IpTablesRule rule1, IpTablesRule rule2) { var comment1 = rule1.GetModule<CommentModule>("comment"); var comment2 = rule2.GetModule<CommentModule>("comment"); if (comment1 == null || comment2 == null) return false; return comment1.CommentText == comment2.CommentText; }
public void TestDropFragmentedTcpDnsEquality() { String rule = "-A INPUT -p tcp ! -f -j DROP -m tcp --sport 53"; IpTablesChainSet chains = new IpTablesChainSet(4); IpTablesRule irule1 = IpTablesRule.Parse(rule, null, chains, 4); IpTablesRule irule2 = IpTablesRule.Parse(rule, null, chains, 4); Assert.IsTrue(irule2.Compare(irule1)); }
public void TestPolyfillArgumentsComparison3() { String rule = "-A INPUT -m unknown --unknown --unknown-2 1111 -m unknown2 --unknown2 -p tcp -d 1.1.1.1 -m tcp --dport 80"; String rule2 = "-A INPUT -m unknown2 --unknown2 -m unknown --unknown --unknown-2 1111 -p tcp -d 1.1.1.1 -m tcp --dport 80"; IpTablesChainSet chains = new IpTablesChainSet(4); Assert.IsTrue(IpTablesRule.Parse(rule, null, chains, 4).Compare(IpTablesRule.Parse(rule2, null, chains))); }
public void TestCoreSportEquality() { String rule = "-A INPUT -p tcp -j DROP -m tcp --sport 1"; IpTablesChainSet chains = new IpTablesChainSet(4); IpTablesRule irule1 = IpTablesRule.Parse(rule, null, chains, 4); IpTablesRule irule2 = IpTablesRule.Parse(rule, null, chains, 4); Assert.IsTrue(irule2.Compare(irule1)); }
public void TestDropFragmentedTcpDnsWithCommentEquality() { String rule = "-A INPUT -p tcp ! -f -j DROP -m tcp --sport 53 -m comment --comment 'this is a test rule'"; IpTablesChainSet chains = new IpTablesChainSet(4); IpTablesRule irule1 = IpTablesRule.Parse(rule, null, chains); IpTablesRule irule2 = IpTablesRule.Parse(rule, null, chains); Assert.AreEqual(irule1, irule2); }
public void TestCoreDropingUdpEquality() { String rule = "-A INPUT -p udp -j DROP"; IpTablesChainSet chains = new IpTablesChainSet(4); IpTablesRule irule1 = IpTablesRule.Parse(rule, null, chains); IpTablesRule irule2 = IpTablesRule.Parse(rule, null, chains); Assert.AreEqual(irule1, irule2); }
public void TestDropConnectionLimitEquality() { String rule = "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10"; IpTablesChainSet chains = new IpTablesChainSet(4); IpTablesRule irule1 = IpTablesRule.Parse(rule, null, chains, 4); IpTablesRule irule2 = IpTablesRule.Parse(rule, null, chains, 4); Assert.AreEqual(irule1, irule2); }
public void TestCoreSportEquality() { String rule = "-A INPUT -p tcp -j DROP -m tcp --sport 1"; IpTablesChainSet chains = new IpTablesChainSet(4); IpTablesRule irule1 = IpTablesRule.Parse(rule, null, chains); IpTablesRule irule2 = IpTablesRule.Parse(rule, null, chains); Assert.AreEqual(irule1, irule2); }
public void TestCoreDropingDestinationEquality() { String rule = "-A INPUT -d 1.2.3.4/16 -j DROP"; IpTablesChainSet chains = new IpTablesChainSet(4); IpTablesRule irule1 = IpTablesRule.Parse(rule, null, chains, 4); IpTablesRule irule2 = IpTablesRule.Parse(rule, null, chains, 4); Assert.AreEqual(irule1, irule2); }
public void TestCoreFragmentingEquality() { String rule = "-A INPUT ! -f -j test"; IpTablesChainSet chains = new IpTablesChainSet(4); IpTablesRule irule1 = IpTablesRule.Parse(rule, null, chains, 4); IpTablesRule irule2 = IpTablesRule.Parse(rule, null, chains, 4); Assert.AreEqual(irule1, irule2); }
public void TestComparisonMultiport() { String rule = "-A INPUT -p tcp -j RETURN -m multiport --dports 79,22 -m comment --comment TCP"; IpTablesChainSet chains = new IpTablesChainSet(4); IpTablesRule r1 = IpTablesRule.Parse(rule, null, chains); IpTablesRule r2 = IpTablesRule.Parse(rule, null, chains); Assert.IsTrue(r1.Equals(r2)); }
public void TestXmark() { String rule = "-A INPUT -p tcp -j CONNMARK --set-xmark 0xFF"; String ruleExpect = "-A INPUT -p tcp -j CONNMARK --set-xmark 0xFF"; IpTablesChainSet chains = new IpTablesChainSet(4); IpTablesRule irule = IpTablesRule.Parse(rule, null, chains); Assert.AreEqual(ruleExpect, irule.GetActionCommand()); }
public void DnatTest1() { String rule = "-A A+B -p tcp -j DNAT --to-destination 1.2.3.4"; IpTablesChainSet chains = new IpTablesChainSet(4); IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4); Assert.AreEqual(rule, irule.GetActionCommand()); Assert.IsTrue(irule.Compare(IpTablesRule.Parse(rule, null, chains, 4))); }
private IEnumerable <IpTablesRule> ParseAll(RuleBuilder rb, RuleDetails c) { var rule = c.Rule; if (rule.Contains("{")) { foreach (var v in c.Versions) { var rules = _ruleSets[v]; foreach (var t in c.Tables) { IpTablesRule.ChainCreateMode chainMode = IpTablesRule.ChainCreateMode.DontCreateErrorInstead; rule = c.Rule; string formattedRule; lock (_dynamicLock) { formattedRule = rb.Format(rule, t, v); } if (formattedRule != rule) { rule = formattedRule; chainMode = IpTablesRule.ChainCreateMode.ReturnNewChain; } yield return(IpTablesRule.Parse(rule, _iptables, rules.Chains, v, t, chainMode)); } } } else { IpTablesRule ruleTemplate = null; foreach (var v in c.Versions) { var chains = _ruleSets[v].Chains; foreach (var t in c.Tables) { if (ruleTemplate == null) { ruleTemplate = IpTablesRule.Parse(rule, _iptables, chains, v, t, IpTablesRule.ChainCreateMode.DontCreateErrorInstead); yield return(ruleTemplate); } else { //TODO: IPTables Rule clone var theRule = new IpTablesRule(ruleTemplate); theRule.Chain = chains.GetChainOrDefault(ruleTemplate.Chain.Name, t); yield return(theRule); } } } } }
public void MatchMarkHex() { String rule = "-A INPUT -p tcp -j ACCEPT -m mark --mark 0xc6ff00/0xFFFF00"; String ruleExpect = "-A INPUT -p tcp -j ACCEPT -m mark --mark 13041408/0xFFFF00"; IpTablesChainSet chains = new IpTablesChainSet(4); IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4); Assert.AreEqual(ruleExpect, irule.GetActionCommand()); Assert.AreEqual(IpTablesRule.Parse(ruleExpect, null, chains, 4), irule); }
public void TestXorMark() { Int32 mark = 0; String rule = "-A INPUT -p tcp -j CONNMARK --xor-mark " + mark; String ruleExpect = "-A INPUT -p tcp -j CONNMARK --set-xmark 0x" + mark.ToString("X") + "/0x0"; IpTablesChainSet chains = new IpTablesChainSet(4); IpTablesRule irule = IpTablesRule.Parse(rule, null, chains); Assert.AreEqual(ruleExpect, irule.GetActionCommand()); }
private IpTablesRule CastRule(INetfilterRule rule) { IpTablesRule castRule = rule as IpTablesRule; if (castRule == null) { throw new IpTablesNetException("Invalid rule type, not iptables"); } return(castRule); }
public void TestDoubleSpace() { String rule = "-A INPUT -j ACCEPT -m nfacct --nfacct-name \"test\""; String rule2 = "-A INPUT -j ACCEPT -m nfacct --nfacct-name test"; IpTablesChainSet chains = new IpTablesChainSet(4); IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4); Assert.AreEqual(rule2, irule.GetActionCommand()); Assert.IsTrue(IpTablesRule.Parse(rule2, null, chains, 4).Compare(irule)); }
public void TestRandomRounding() { String rule = "-A CHAIN -t raw -m statistic --mode random --probability 0.03999999911"; String rule2 = "-A CHAIN -t raw -m statistic --mode random --probability 0.03999999957"; IpTablesChainSet chains = new IpTablesChainSet(4); IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4); IpTablesRule irule2 = IpTablesRule.Parse(rule2, null, chains, 4); Assert.IsTrue(irule.Compare(irule2)); }
public void TestSnatRangeSourceAndEquality() { String rule = "-A POSTROUTING -t nat -s 1.1.1.1/24 -j SNAT --to-source 2.2.2.1-2.2.2.250"; IpTablesChainSet chains = new IpTablesChainSet(4); IpTablesRule irule1 = IpTablesRule.Parse(rule, null, chains); IpTablesRule irule2 = IpTablesRule.Parse(rule, null, chains); Assert.AreEqual(irule1, irule2); Assert.AreEqual(rule, irule1.GetActionCommand()); Assert.AreEqual(rule, irule2.GetActionCommand()); }
/// <summary> /// Comparison that detirmines equality based on comment text /// </summary> /// <param name="rule1"></param> /// <param name="rule2"></param> /// <returns></returns> static bool CommentComparer(IpTablesRule rule1, IpTablesRule rule2) { var comment1 = rule1.GetModule <CommentModule>("comment"); var comment2 = rule2.GetModule <CommentModule>("comment"); if (comment1 == null || comment2 == null) { return(false); } return(comment1.CommentText == comment2.CommentText); }
public void TestAddCommentAfter() { String rule1 = "-A INPUT -p tcp ! -f -j DROP -m tcp --sport 53"; String rule2 = "-A INPUT -p tcp ! -f -j DROP -m tcp --sport 53 -m comment --comment 'this is a test rule'"; IpTablesChainSet chains = new IpTablesChainSet(4); IpTablesRule irule1 = IpTablesRule.Parse(rule1, null, chains); irule1.SetComment("this is a test rule"); Assert.AreEqual(rule2, irule1.GetActionCommand()); }
public void TestParse() { String rule1 = "-A PREROUTING -t raw -p tcp -j CT --ctevents new,destroy"; String rule2 = "-A PREROUTING -t raw -p tcp -j CT --ctevents \"destroy, new\""; IpTablesChainSet chains = new IpTablesChainSet(4); IpTablesRule irule1 = IpTablesRule.Parse(rule1, null, chains, 4); IpTablesRule irule2 = IpTablesRule.Parse(rule2, null, chains, 4); irule2.Equals(irule1); Assert.AreEqual(irule1, irule2); }
public void TestDnatRangeSourceAndEquality() { String rule = "-A POSTROUTING -t nat -d 1.1.1.1/24 -j DNAT --to-destination 2.2.2.1-2.2.2.250"; IpTablesChainSet chains = new IpTablesChainSet(4); IpTablesRule irule1 = IpTablesRule.Parse(rule, null, chains, 4); IpTablesRule irule2 = IpTablesRule.Parse(rule, null, chains, 4); Assert.IsTrue(irule2.Compare(irule1)); Assert.AreEqual(rule, irule1.GetActionCommand()); Assert.AreEqual(rule, irule2.GetActionCommand()); }
public void TestLimitComparison() { String rule = "-A INPUT -m limit --limit 100/second --limit-burst 7"; IpTablesChainSet chains = new IpTablesChainSet(4); IpTablesRule irule = IpTablesRule.Parse(rule, null, chains); Assert.AreEqual(rule, irule.GetActionCommand()); IpTablesRule irule2 = IpTablesRule.Parse(rule, null, chains); Assert.AreEqual(irule2, irule); }
public void TestDifficultCharacters() { String rule = "-A kY9xlwGhPJW6N1QCHoRg -t mangle -p tcp -d 107.1.107.1 -g x_ComPlex -m comment --comment 'ABC||+sPeC14l=|1' -m tcp --dport 81"; IpTablesChainSet chains = new IpTablesChainSet(4); IpTablesRule irule = IpTablesRule.Parse(rule, null, chains); Assert.AreEqual(rule, irule.GetActionCommand()); IpTablesRule irule2 = IpTablesRule.Parse(rule, null, chains); Assert.AreEqual(irule2, irule); }
public void AddRule(IpTablesRule rule) { TKey key = _extractor(rule); if (!_protocols.ContainsKey(key)) { _protocols.Add(key, _nestedGenerator(ShortHash.HexHash(_chain + "_" + key), _table)); } var gen = _protocols[key]; gen.AddRule(rule); }
public override void ReplaceRule(IpTablesRule rule) { if (!_inTransaction) { //Revert to using IPTables Binary if non transactional IPTablesBinaryAdapterClient binaryClient = new IPTablesBinaryAdapterClient(_ipVersion, _system, _iptablesBinary); binaryClient.ReplaceRule(rule); } String command = rule.GetActionCommand("-R", false); _builder.AddCommand(rule.Chain.Table, command); }
public override void DeleteRule(IpTablesRule rule) { if (!_inTransaction) { //Revert to using IPTables Binary if non transactional IPTablesBinaryAdapterClient binaryClient = new IPTablesBinaryAdapterClient(_ipVersion, _system, _iptablesBinary); binaryClient.DeleteRule(rule); return; } String command = rule.GetActionCommand("-D", false); _builder.AddCommand(rule.Chain.Table, command); }
public void TestRandomRounding3() { String rule = "-A CHAIN -t raw -m statistic --mode random --probability 0.09000000000"; String rule2 = "-A CHAIN -t raw -m statistic --mode random --probability 0.08999999985"; IpTablesChainSet chains = new IpTablesChainSet(4); IpTablesRule irule = IpTablesRule.Parse(rule, null, chains, 4); IpTablesRule irule2 = IpTablesRule.Parse(rule2, null, chains, 4); Assert.AreEqual(irule.GetActionCommand(), irule2.GetActionCommand()); Assert.IsTrue(irule.Compare(irule2)); }
public void AddRule(IpTablesRule rule) { if (_extractKey == null) { throw new IpTablesNetException("No key extractor provided, key must hence be provided"); } var key = _extractKey(rule); if (!_rules.ContainsKey(key)) { _rules.Add(key, new List <IpTablesRule>()); } _rules[key].Add(rule); }
public override void InsertRule(IpTablesRule rule) { if (!_inTransaction) { //Revert to using IPTables Binary if non transactional IPTablesBinaryAdapterClient binaryClient = new IPTablesBinaryAdapterClient(_ipVersion, _system, _iptablesBinary); binaryClient.InsertRule(rule); return; } String command = rule.GetActionCommand("-I"); if (GetInterface(rule.Chain.Table).ExecuteCommand(_iptablesBinary + " " + command) != 1) { throw new IpTablesNetException(String.Format("Failed to insert rule \"{0}\" due to error: \"{1}\"", command, GetInterface(rule.Chain.Table).GetErrorString())); } }
public abstract void AddRule(IpTablesRule rule);
private void setter(IpTablesRule arg1, IPAddress arg2) { arg1.GetModuleOrLoad<CoreModule>("core").Source = new ValueOrNot<IpCidr>(new IpCidr(arg2)); }
private IPAddress extractor(IpTablesRule arg) { IPAddress addr = arg.GetModule<CoreModule>("core").Source.Value.Address; arg.GetModule<CoreModule>("core").Source = new ValueOrNot<IpCidr>(); return addr; }
public static void SourcePortSetter(IpTablesRule rule, List<PortOrRange> ranges) { var protocol = rule.GetModule<CoreModule>("core").Protocol; if (ranges.Count == 1 && !protocol.Null && !protocol.Not) { if (protocol.Value == "tcp") { var tcp = rule.GetModuleOrLoad<TcpModule>("tcp"); tcp.SourcePort = new ValueOrNot<PortOrRange>(ranges[0]); } else { var tcp = rule.GetModuleOrLoad<UdpModule>("udp"); tcp.SourcePort = new ValueOrNot<PortOrRange>(ranges[0]); } } else { var multiport = rule.GetModuleOrLoad<MultiportModule>("multiport"); multiport.SourcePorts = new ValueOrNot<IEnumerable<PortOrRange>>(ranges); } }
private String extractor(IpTablesRule arg) { String addr = arg.GetModule<CoreModule>("core").InInterface.Value; arg.GetModule<CoreModule>("core").InInterface = new ValueOrNot<String>(); return addr; }
public override void AddRule(IpTablesRule rule) { String command = rule.GetActionCommand(); ExecutionHelper.ExecuteIptables(_system, command, _iptablesBinary); }
public bool IsDynamic(IpTablesRule rule) { return IsDynamic(rule.Chain); }
public void AddRule(IpTablesRule rule) { _rules.Add(rule); }
private IEnumerable<IpTablesRule> ParseAll(RuleBuilder rb, RuleDetails c) { var rule = c.Rule; if (rule.Contains("{")) { foreach (var v in c.Versions) { var rules = _ruleSets[v]; foreach (var t in c.Tables) { IpTablesRule.ChainCreateMode chainMode = IpTablesRule.ChainCreateMode.DontCreateErrorInstead; rule = c.Rule; string formattedRule; lock (_dynamicLock) { formattedRule = rb.Format(rule, t, v); } if (formattedRule != rule) { rule = formattedRule; chainMode = IpTablesRule.ChainCreateMode.ReturnNewChain; } yield return IpTablesRule.Parse(rule, _iptables, rules.Chains, v, t, chainMode); } } } else { IpTablesRule ruleTemplate = null; foreach (var v in c.Versions) { var chains = _ruleSets[v].Chains; foreach (var t in c.Tables) { if (ruleTemplate == null) { ruleTemplate = IpTablesRule.Parse(rule, _iptables, chains, v, t, IpTablesRule.ChainCreateMode.DontCreateErrorInstead); yield return ruleTemplate; } else { //TODO: IPTables Rule clone var theRule = new IpTablesRule(ruleTemplate); theRule.Chain = chains.GetChainOrDefault(ruleTemplate.Chain.Name, t); yield return theRule; } } } } }
public void AddRule(IpTablesRule rule) { Debug.Assert(IsDynamic(rule)); _dynamicChains[rule.Chain].Add(rule); }
private void setter(IpTablesRule arg1, String arg2) { arg1.GetModuleOrLoad<CoreModule>("core").InInterface = new ValueOrNot<String>(arg2); }
/// <summary> /// Add an IPTables rule to the set /// </summary> /// <param name="rule"></param> public void AddRule(IpTablesRule rule) { IpTablesChain ipchain = _chains.GetChainOrAdd(rule.Chain); ipchain.Rules.Add(rule); }
public abstract void ReplaceRule(IpTablesRule rule);
public abstract void InsertRule(IpTablesRule rule);
public abstract void DeleteRule(IpTablesRule rule);
private PortOrRange extractSrcPort(IpTablesRule arg) { return arg.GetModule<UdpModule>("udp").SourcePort.Value; }
private IPAddress extractSrcIp(IpTablesRule arg) { return arg.GetModule<CoreModule>("core").Source.Value.Address; }