private void FlushIPsInternal() { using var adapter = System.GetTableAdapter(4); var sync = new DefaultNetfilterSync <IpTablesRule>(); (System.GetChain(adapter, IpTable, IpChain) as IpTablesChain).Sync(adapter, Enumerable.Empty <IpTablesRule>(), sync); }
public void TestDeleteAndUpdate() { var mock = new MockIptablesSystemFactory(); var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter()); IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10 -m comment --comment \"ID1\"", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2 -m comment --comment \"ID2\"", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2 -m comment --comment \"ID3\"", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2 -m comment --comment \"ID4\"" }, system); IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 28 -m comment --comment \"ID2\"", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 1 -m comment --comment \"ID3\"", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2 -m comment --comment \"ID4\"" }, system); using (var client = system.GetTableAdapter(4)) { var sync = new DefaultNetfilterSync <IpTablesRule>(CommentComparer); mock.TestSync(client, rulesOriginal, rulesNew, sync); var commands = (client as IMockIpTablesRestoreGetOutput).GetOutput().ToList(); Assert.AreEqual(5, commands.Count); Assert.True(commands[1].StartsWith("-D INPUT 1")); Assert.True(commands[2].StartsWith("-R INPUT 1")); Assert.True(commands[3].StartsWith("-R INPUT 2")); } }
public void TestUpdateMiddle() { var mock = new MockIptablesSystemFactory(); var system = new IpTablesSystem(mock, new IPTablesBinaryAdapter()); IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10 -m comment --comment \"ID1\"", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2 -m comment --comment \"ID2\"", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2 -m comment --comment \"ID3\"" }, system); IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10 -m comment --comment \"ID1\"", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 28 -m comment --comment \"ID2\"", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2 -m comment --comment \"ID3\"" }, system); List <String> expectedCommands = new List <String>() { rulesNew.Chains.First().Rules[1].GetActionCommand("-R") }; var sync = new DefaultNetfilterSync <IpTablesRule>(CommentComparer); mock.TestSync(system.GetTableAdapter(4), rulesOriginal, rulesNew, sync, expectedCommands); }
public void TestDeleteMultiples() { var mock = new MockIptablesSystemFactory(); var system = new IpTablesSystem(mock, new IPTablesBinaryAdapter()); IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10", "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 5", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2" }, system); IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 5" }, system); List <String> expectedCommands = new List <String>() { "-D INPUT 1", "-D INPUT 2" }; var sync = new DefaultNetfilterSync <IpTablesRule>(); mock.TestSync(system.GetTableAdapter(4), rulesOriginal, rulesNew, sync, expectedCommands); }
public void TestRuleAdd() { if (IsLinux) { Assert.AreEqual(0, IptcInterface.RefCount); var system = new IpTablesSystem(null, new IPTablesLibAdapter()); using (var client = system.GetTableAdapter(_ipVersion)) { Assert.IsTrue(client is IPTablesLibAdapterClient); var rules = client.ListRules("filter"); var chain = new IpTablesChainSet(4); foreach (var c in rules.Chains) { chain.AddChain(c as IpTablesChain); } var rule = IpTablesRule.Parse("-A test2 -p 80 -j ACCEPT", system, chain); client.StartTransaction(); client.AddRule(rule); client.EndTransactionCommit(); var proc = Process.Start(new ProcessStartInfo("/sbin/" + GetBinary(), "-L test2") { RedirectStandardOutput = true, UseShellExecute = false }); proc.WaitForExit(); String listOutput = proc.StandardOutput.ReadToEnd(); Assert.IsTrue(listOutput.Contains("anywhere"), "must have created rule"); } Assert.AreEqual(0, IptcInterface.RefCount); } }
public void TestNatDoNothing() { var mock = new MockIptablesSystemFactory(); var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter()); IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>() { "-A PREROUTING -t nat -j DNAT -p tcp -m tcp --dport 80 --to-destination 99.99.99.99:80", "-A PREROUTING -t nat -j SNAT --to-source 99.99.99.99:80" }, system); IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>() { "-A PREROUTING -t nat -j DNAT -p tcp -m tcp --dport 80 --to-destination 99.99.99.99:80", "-A PREROUTING -t nat -j SNAT --to-source 99.99.99.99:80" }, system); List <String> expectedCommands = new List <String>() { }; using (var client = system.GetTableAdapter(4)) { var sync = new DefaultNetfilterSync <IpTablesRule>(); var rulesSynced = rulesOriginal.DeepClone(); mock.TestSync(client, rulesSynced, rulesNew, sync); CollectionAssert.AreEqual(expectedCommands, (client as IMockIpTablesRestoreGetOutput).GetOutput()); TestApply(rulesOriginal, rulesSynced, rulesNew, expectedCommands); } }
public void TestQuotes() { var mock = new MockIptablesSystemFactory(); var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter()); IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP", }, system); IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP", "-A INPUT -m comment --comment 'test space'" }, system); List <String> expectedCommands = new List <String> { "*filter", "-A INPUT -m comment --comment \"test space\"", "COMMIT" }; using (var client = system.GetTableAdapter(4)) { var sync = new DefaultNetfilterSync <IpTablesRule>(); var rulesSynced = rulesOriginal.DeepClone(); mock.TestSync(client, rulesSynced, rulesNew, sync); CollectionAssert.AreEqual(expectedCommands, (client as IMockIpTablesRestoreGetOutput).GetOutput()); TestApply(rulesOriginal, rulesSynced, rulesNew, expectedCommands); } }
public void TestUpdateMiddle() { var mock = new MockIptablesSystemFactory(); var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter()); IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10 -m comment --comment \"ID1\"", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2 -m comment --comment \"ID2\"", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2 -m comment --comment \"ID3\"" }, system); IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10 -m comment --comment \"ID1\"", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 28 -m comment --comment \"ID2\"", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2 -m comment --comment \"ID3\"" }, system); List <String> expectedCommands = new List <String>() { "*filter", rulesNew.Chains.First().Rules[1].GetActionCommand("-R"), "COMMIT" }; mock.TestSync(rulesOriginal, rulesNew, CommentComparer); CollectionAssert.AreEqual((system.GetTableAdapter(4) as IMockIpTablesRestoreGetOutput).GetOutput(), expectedCommands); }
public void TestUpdateMiddle() { var mock = new MockIptablesSystemFactory(); var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter()); IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10 -m comment --comment \"ID1\"", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2 -m comment --comment \"ID2\"", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2 -m comment --comment \"ID3\"" }, system); IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10 -m comment --comment \"ID1\"", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 28 -m comment --comment \"ID2\"", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2 -m comment --comment \"ID3\"" }, system); List <String> expectedCommands = new List <String>() { "*filter", rulesNew.Chains.First().Rules[1].GetActionCommand("-R"), "COMMIT" }; using (var client = system.GetTableAdapter(4)) { var sync = new DefaultNetfilterSync <IpTablesRule>(); var rulesSynced = rulesOriginal.DeepClone(); mock.TestSync(client, rulesSynced, rulesNew, sync); CollectionAssert.AreEqual(expectedCommands, (client as IMockIpTablesRestoreGetOutput).GetOutput()); TestApply(rulesOriginal, rulesSynced, rulesNew, expectedCommands); } }
public void TestDeleteMultiplesMiddle() { var mock = new MockIptablesSystemFactory(); var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter()); IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10", "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 5", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 3" }, system); IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 3" }, system); List <String> expectedCommands = new List <String>() { "*filter", "-D INPUT 2", "-D INPUT 2", "COMMIT" }; using (var client = system.GetTableAdapter(4)) { var sync = new DefaultNetfilterSync <IpTablesRule>(); var rulesSynced = rulesOriginal.DeepClone(); mock.TestSync(client, rulesSynced, rulesNew, sync); CollectionAssert.AreEqual(expectedCommands, (client as IMockIpTablesRestoreGetOutput).GetOutput()); TestApply(rulesOriginal, rulesSynced, rulesNew, expectedCommands); } }
public void TestInsertMiddle() { var mock = new MockIptablesSystemFactory(); var system = new IpTablesSystem(mock, new IPTablesBinaryAdapter()); IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2" }, system); IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10", "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 5", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2" }, system); List <String> expectedCommands = new List <String>() { "-D INPUT 2", rulesNew.Chains.First().Rules[1].GetActionCommand(), rulesNew.Chains.First().Rules[2].GetActionCommand() }; mock.TestSync(system.GetTableAdapter(4), rulesOriginal, rulesNew, expectedCommands); }
public void TestSimpleDoNothing() { var mock = new MockIptablesSystemFactory(); var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter()); IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2" }, system); IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2" }, system); List <String> expectedCommands = new List <String>() { }; using (var client = system.GetTableAdapter(4)) { mock.TestSync(client, rulesOriginal, rulesNew); CollectionAssert.AreEqual((client as IMockIpTablesRestoreGetOutput).GetOutput(), expectedCommands); } }
public void TestAdd() { var mock = new MockIptablesSystemFactory(); var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter()); IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2" }, system); IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2", "-A INPUT -d 1.2.3.4/16 -j DROP" }, system); List <String> expectedCommands = new List <String> { "*filter", rulesNew.Chains.First().Rules[2].GetActionCommand(), "COMMIT" }; using (var client = system.GetTableAdapter(4)) { mock.TestSync(client, rulesOriginal, rulesNew); CollectionAssert.AreEqual((client as IMockIpTablesRestoreGetOutput).GetOutput(), expectedCommands); } }
public void TestAddFromEmpty() { var mock = new MockIptablesSystemFactory(); var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter()); IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>() { }, system); rulesOriginal.Chains.AddChain("INPUT", "filter", system); IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -d 1.2.3.4/16 -j DROP" }, system); List <String> expectedCommands = new List <String> { "*filter", rulesNew.Chains.First().Rules[0].GetActionCommand(), "COMMIT" }; using (var client = system.GetTableAdapter(4)) { var sync = new DefaultNetfilterSync <IpTablesRule>(); var rulesSynced = rulesOriginal.DeepClone(); mock.TestSync(client, rulesSynced, rulesNew, sync); CollectionAssert.AreEqual(expectedCommands, (client as IMockIpTablesRestoreGetOutput).GetOutput()); TestApply(rulesOriginal, rulesSynced, rulesNew, expectedCommands); } }
public void TestAddDuplicate() { var mock = new MockIptablesSystemFactory(); var system = new IpTablesSystem(mock, new IPTablesBinaryAdapter()); IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2", }, system); IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2", "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10", }, system); List <String> expectedCommands = new List <String>() { rulesNew.Chains.First().Rules[2].GetActionCommand() }; var sync = new DefaultNetfilterSync <IpTablesRule>(); mock.TestSync(system.GetTableAdapter(4), rulesOriginal, rulesNew, sync, expectedCommands); }
private async Task RefreshIPWhiteListAsync() { await AccessSemaphore.WaitAsync(); Logger.LogInformation("Refreshing iptables whitelist..."); FlushIPsInternal(); try { using var scope = Provider.CreateScope(); var dbContext = scope.ServiceProvider.GetRequiredService <MinerContext>(); using var adapter = System.GetTableAdapter(4); var miners = await dbContext.Miners.ToListAsync(); var rules = new List <string>(); foreach (var miner in miners.Where(x => x.LastAddress != null && //Has an IP x.NextIncrement >= DateTimeOffset.UtcNow - TimeSpan.FromHours(1))) //Has updated { rules.Add(GetAcceptRule(miner.LastAddress)); } var ruleSet = new IpTablesRuleSet(4, rules, System); var sync = new DefaultNetfilterSync <IpTablesRule>(); (System.GetChain(adapter, IpTable, IpChain) as IpTablesChain).Sync(adapter, ruleSet.Rules, sync); Logger.LogInformation("Finished refreshing iptables whitelist"); } catch (Exception ex) { Logger.LogError(ex, "There was an error while refreshing iptables whitelist"); } finally { AccessSemaphore.Release(); } }
public void TestNatDoNothing() { var mock = new MockIptablesSystemFactory(); var system = new IpTablesSystem(mock, new IPTablesBinaryAdapter()); IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4,new List<String>() { "-A PREROUTING -t nat -j DNAT -p tcp -m tcp --dport 80 --to-destination 99.99.99.99:80", "-A PREROUTING -t nat -j SNAT --to-source 99.99.99.99:80" }, system); IpTablesRuleSet rulesNew = new IpTablesRuleSet(4,new List<String>() { "-A PREROUTING -t nat -j DNAT -p tcp -m tcp --dport 80 --to-destination 99.99.99.99:80", "-A PREROUTING -t nat -j SNAT --to-source 99.99.99.99:80" }, system); List<String> expectedCommands = new List<String>() { }; mock.TestSync(system.GetTableAdapter(4), rulesOriginal, rulesNew, expectedCommands); }
public void TestSimpleDoNothing() { var mock = new MockIptablesSystemFactory(); var system = new IpTablesSystem(mock, new IPTablesBinaryAdapter()); IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4,new List<String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2" }, system); IpTablesRuleSet rulesNew = new IpTablesRuleSet(4,new List<String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2" }, system); List<String> expectedCommands = new List<String>() { }; mock.TestSync(system.GetTableAdapter(4), rulesOriginal, rulesNew, expectedCommands); }
public void TestSimpleDoNothing() { var mock = new MockIptablesSystemFactory(); var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter()); IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4,new List<String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2" }, system); IpTablesRuleSet rulesNew = new IpTablesRuleSet(4,new List<String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2" }, system); List<String> expectedCommands = new List<String>() {}; mock.TestSync(rulesOriginal, rulesNew); CollectionAssert.AreEqual((system.GetTableAdapter(4) as IMockIpTablesRestoreGetOutput).GetOutput(), expectedCommands); }
public void TestAdd() { var mock = new MockIptablesSystemFactory(); var system = new IpTablesSystem(mock, new IPTablesBinaryAdapter()); IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4,new List<String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2" }, system); IpTablesRuleSet rulesNew = new IpTablesRuleSet(4,new List<String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2", "-A INPUT -d 1.2.3.4/16 -j DROP" }, system); List<String> expectedCommands = new List<String>() { rulesNew.Chains.First().Rules[2].GetActionCommand() }; mock.TestSync(system.GetTableAdapter(4), rulesOriginal, rulesNew, expectedCommands); }
public void TestSimpleDoNothing() { var mock = new MockIptablesSystemFactory(); var system = new IpTablesSystem(mock, new IPTablesBinaryAdapter()); IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2" }, system); IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2" }, system); List <String> expectedCommands = new List <String>() { }; mock.TestSync(system.GetTableAdapter(4), rulesOriginal, rulesNew, expectedCommands); }
public void TestNatDoNothing() { var mock = new MockIptablesSystemFactory(); var system = new IpTablesSystem(mock, new IPTablesBinaryAdapter()); IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>() { "-A PREROUTING -t nat -j DNAT -p tcp -m tcp --dport 80 --to-destination 99.99.99.99:80", "-A PREROUTING -t nat -j SNAT --to-source 99.99.99.99:80" }, system); IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>() { "-A PREROUTING -t nat -j DNAT -p tcp -m tcp --dport 80 --to-destination 99.99.99.99:80", "-A PREROUTING -t nat -j SNAT --to-source 99.99.99.99:80" }, system); List <String> expectedCommands = new List <String>() { }; mock.TestSync(system.GetTableAdapter(4), rulesOriginal, rulesNew, expectedCommands); }
public void TestAdd() { var mock = new MockIptablesSystemFactory(); var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter()); IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4,new List<String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2" }, system); IpTablesRuleSet rulesNew = new IpTablesRuleSet(4,new List<String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2", "-A INPUT -d 1.2.3.4/16 -j DROP" }, system); List<String> expectedCommands = new List<String> { "*filter", rulesNew.Chains.First().Rules[2].GetActionCommand(), "COMMIT" }; mock.TestSync(rulesOriginal, rulesNew); CollectionAssert.AreEqual((system.GetTableAdapter(4) as IMockIpTablesRestoreGetOutput).GetOutput(), expectedCommands); }
public void TestQuotes() { var mock = new MockIptablesSystemFactory(); var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter()); IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4,new List<String>() { "-A INPUT -p tcp -j DROP", }, system); IpTablesRuleSet rulesNew = new IpTablesRuleSet(4,new List<String>() { "-A INPUT -p tcp -j DROP", "-A INPUT -m comment --comment 'test space'" }, system); List<String> expectedCommands = new List<String> { "*filter", "-A INPUT -m comment --comment \"test space\"", "COMMIT" }; mock.TestSync(rulesOriginal, rulesNew); var output = (system.GetTableAdapter(4) as IMockIpTablesRestoreGetOutput).GetOutput(); CollectionAssert.AreEqual(output, expectedCommands); }
public void TestNatDoNothing() { var mock = new MockIptablesSystemFactory(); var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter()); IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>() { "-A PREROUTING -t nat -j DNAT -p tcp -m tcp --dport 80 --to-destination 99.99.99.99:80", "-A PREROUTING -t nat -j SNAT --to-source 99.99.99.99:80" }, system); IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>() { "-A PREROUTING -t nat -j DNAT -p tcp -m tcp --dport 80 --to-destination 99.99.99.99:80", "-A PREROUTING -t nat -j SNAT --to-source 99.99.99.99:80" }, system); List <String> expectedCommands = new List <String>() { }; mock.TestSync(rulesOriginal, rulesNew); CollectionAssert.AreEqual((system.GetTableAdapter(4) as IMockIpTablesRestoreGetOutput).GetOutput(), expectedCommands); }
public void TestRuleOutput() { if (IsLinux) { Assert.AreEqual(0, IptcInterface.RefCount); var system = new IpTablesSystem(null, new IPTablesLibAdapter()); using (var client = system.GetTableAdapter(_ipVersion)) { Debug.Assert(client is IPTablesLibAdapterClient); var rules = client.ListRules("filter"); foreach (var chain in rules.Chains) { Assert.AreEqual(_ipVersion, chain.IpVersion, "Incorrect IP Version for chain: " + chain); } Assert.AreNotEqual(0, rules.Chains.SelectMany((a) => a.Rules).Count()); foreach (var rule in rules.Chains.SelectMany((a) => a.Rules)) { Assert.AreEqual(_ipVersion, rule.IpVersion, "Incorrect IP Version for rule: " + rule); } } Assert.AreEqual(0, IptcInterface.RefCount); } }
public void TestRuleOutput() { if (IsLinux) { Assert.AreEqual(0, IptcInterface.RefCount); var system = new IpTablesSystem(null, new IPTablesLibAdapter()); using (var client = system.GetTableAdapter(_ipVersion)) { Debug.Assert(client is IPTablesLibAdapterClient); var rules = client.ListRules("filter"); foreach (var chain in rules.Chains) { Assert.AreEqual(_ipVersion, chain.IpVersion, "Incorrect IP Version for chain: " + chain); } Assert.AreNotEqual(0, rules.Chains.SelectMany((a)=>a.Rules).Count()); foreach (var rule in rules.Chains.SelectMany((a) => a.Rules)) { Assert.AreEqual(_ipVersion, rule.IpVersion, "Incorrect IP Version for rule: " + rule); } } Assert.AreEqual(0, IptcInterface.RefCount); } }
public void TestDelete() { var mock = new MockIptablesSystemFactory(); var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter()); IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2" }, system); IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10", }, system); List <String> expectedCommands = new List <String>() { "*filter", "-D INPUT 2", "COMMIT" }; mock.TestSync(rulesOriginal, rulesNew); CollectionAssert.AreEqual((system.GetTableAdapter(4) as IMockIpTablesRestoreGetOutput).GetOutput(), expectedCommands);; }
public void TestQuotes() { var mock = new MockIptablesSystemFactory(); var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter()); IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP", }, system); IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List <String>() { "-A INPUT -p tcp -j DROP", "-A INPUT -m comment --comment 'test space'" }, system); List <String> expectedCommands = new List <String> { "*filter", "-A INPUT -m comment --comment \"test space\"", "COMMIT" }; mock.TestSync(rulesOriginal, rulesNew); var output = (system.GetTableAdapter(4) as IMockIpTablesRestoreGetOutput).GetOutput(); CollectionAssert.AreEqual(output, expectedCommands); }
/// <summary> /// Sync with an IPTables system /// </summary> /// <param name="sync"></param> /// <param name="canDeleteChain"></param> /// <param name="maxRetries"></param> public void Sync(INetfilterSync <IpTablesRule> sync, Func <IpTablesChain, bool> canDeleteChain = null, int maxRetries = 10) { var tableAdapter = _system.GetTableAdapter(_ipVersion); List <IpTablesChain> chainsToAdd = new List <IpTablesChain>(); bool needed; int retries = maxRetries; do { try { //Start transaction tableAdapter.StartTransaction(); //Load all chains, figure out what to add var tableChains = new Dictionary <string, List <IpTablesChain> >(); foreach (IpTablesChain chain in Chains) { if (!tableChains.ContainsKey(chain.Table)) { var chains = _system.GetChains(chain.Table, _ipVersion).ToList(); tableChains.Add(chain.Table, chains); } if ( tableChains[chain.Table].FirstOrDefault(a => a.Name == chain.Name && a.Table == chain.Table) == null) { //Chain doesnt exist, to create chainsToAdd.Add(chain); } } //Add the new chains / rules foreach (var chain in chainsToAdd) { tableChains[chain.Table].Add(_system.AddChain(chain)); } chainsToAdd.Clear(); //Special case if (tableAdapter is IPTablesLibAdapterClient) { //Sync chain adds before starting rule adds tableAdapter.EndTransactionCommit(); tableAdapter.StartTransaction(); } //Update chains with differing rules foreach (IpTablesChain chain in Chains) { IpTablesChain realChain = tableChains[chain.Table].First(a => a.Name == chain.Name && a.Table == chain.Table); if (realChain != null) { //Update chain realChain.SyncInternal(chain.Rules, sync); } } //End Transaction: COMMIT tableAdapter.EndTransactionCommit(); if (canDeleteChain != null) { //Start transaction //Needs new transaction, bug in libiptc? tableAdapter.StartTransaction(); foreach (string table in Chains.Select(a => a.Table).Distinct()) { foreach (IpTablesChain chain in _system.GetChains(table, _ipVersion)) { if (!_chains.HasChain(chain.Name, chain.Table) && canDeleteChain(chain)) { chain.Delete(); } } } //End Transaction: COMMIT tableAdapter.EndTransactionCommit(); } needed = false; } catch (IpTablesNetExceptionErrno ex) { if (ex.Errno == 11 && retries != 0)//Resource Temporarily unavailable { Thread.Sleep(100 * (maxRetries - retries)); retries--; needed = true; } else { throw; } } } while (needed); }
public void TestDeleteMultiples() { var mock = new MockIptablesSystemFactory(); var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter()); IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List<String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10", "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 5", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2" }, system); IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List<String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 5" }, system); List<String> expectedCommands = new List<String>() { "*filter", "-D INPUT 1", "-D INPUT 2", "COMMIT" }; using (var client = system.GetTableAdapter(4)) { mock.TestSync(client, rulesOriginal, rulesNew); CollectionAssert.AreEqual((client as IMockIpTablesRestoreGetOutput).GetOutput(), expectedCommands); } }
public void TestUpdateMiddle() { var mock = new MockIptablesSystemFactory(); var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter()); IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List<String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10 -m comment --comment \"ID1\"", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2 -m comment --comment \"ID2\"", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2 -m comment --comment \"ID3\"" }, system); IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List<String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10 -m comment --comment \"ID1\"", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 28 -m comment --comment \"ID2\"", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2 -m comment --comment \"ID3\"" }, system); List<String> expectedCommands = new List<String>() { "*filter", rulesNew.Chains.First().Rules[1].GetActionCommand("-R"), "COMMIT" }; using (var client = system.GetTableAdapter(4)) { mock.TestSync(client, rulesOriginal, rulesNew, CommentComparer); CollectionAssert.AreEqual((client as IMockIpTablesRestoreGetOutput).GetOutput(), expectedCommands); } }
public void TestUpdateMiddle() { var mock = new MockIptablesSystemFactory(); var system = new IpTablesSystem(mock, new IPTablesBinaryAdapter()); IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4,new List<String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10 -m comment --comment \"ID1\"", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2 -m comment --comment \"ID2\"", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2 -m comment --comment \"ID3\"" }, system); IpTablesRuleSet rulesNew = new IpTablesRuleSet(4,new List<String>() { "-A INPUT -p tcp -j DROP -m connlimit --connlimit-above 10 -m comment --comment \"ID1\"", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 28 -m comment --comment \"ID2\"", "-A INPUT -p udp -j DROP -m connlimit --connlimit-above 2 -m comment --comment \"ID3\"" }, system); List<String> expectedCommands = new List<String>() { rulesNew.Chains.First().Rules[1].GetActionCommand("-R") }; mock.TestSync(system.GetTableAdapter(4), rulesOriginal, rulesNew, expectedCommands, CommentComparer); }
public void TestNatDoNothing() { var mock = new MockIptablesSystemFactory(); var system = new IpTablesSystem(mock, new MockIpTablesRestoreAdapter()); IpTablesRuleSet rulesOriginal = new IpTablesRuleSet(4, new List<String>() { "-A PREROUTING -t nat -j DNAT -p tcp -m tcp --dport 80 --to-destination 99.99.99.99:80", "-A PREROUTING -t nat -j SNAT --to-source 99.99.99.99:80" }, system); IpTablesRuleSet rulesNew = new IpTablesRuleSet(4, new List<String>() { "-A PREROUTING -t nat -j DNAT -p tcp -m tcp --dport 80 --to-destination 99.99.99.99:80", "-A PREROUTING -t nat -j SNAT --to-source 99.99.99.99:80" }, system); List<String> expectedCommands = new List<String>() { }; using (var client = system.GetTableAdapter(4)) { mock.TestSync(client, rulesOriginal, rulesNew); CollectionAssert.AreEqual((client as IMockIpTablesRestoreGetOutput).GetOutput(), expectedCommands); } }