public void PerformSync(string matches)
{
var whitelist = _aclProvider.GetWhitelisted();
IpSetSet set = new IpSetSet(IpSetType.HashIp,"wl_ip",0, _system, IpSetSyncMode.SetAndEntries);
foreach (var w in whitelist)
{
set.Entries.Add(new IpSetEntry(set, new IpCidr(w)));
}
IpSetSets sets = new IpSetSets(_system);
sets.AddSet(set);
sets.Sync();
IpTablesRuleSet rules = new IpTablesRuleSet(4, _system);
rules.AddRule("-A INPUT -m set --match-set wl_ip src -j ACCEPT -m comment --comment WLRULE");
rules.AddRule("-A INPUT " + matches + " j DROP -m comment --comment DROPRULE");
rules.Sync(new DefaultNetfilterSync<IpTablesRule>(Comparer));
}
public void TestParseEntry1()
{
var set = IpSetSet.Parse("test_set hash:ip family inet hashsize 10 maxelem 14", null);
IpSetSets sets = new IpSetSets(null);
sets.AddSet(set);
String toParse = "test_set 8.8.8.8";
var entry = IpSetEntry.Parse(toParse, sets);
Assert.AreEqual("test_set", entry.Set.Name);
Assert.AreEqual(IPAddress.Parse("8.8.8.8"), entry.Cidr.Address);
}
public static IpSetEntry Parse(String command, IpSetSets sets)
{
var parts = command.Split(new char[] { ' ' });
if (parts.Length < 2)
{
return(null);
}
IpSetEntry entry = new IpSetEntry(null);
string[] arguments = ArgumentHelper.SplitArguments(command);
var parser = new IpSetEntryParser(arguments, entry, sets);
for (int i = 0; i < arguments.Length; i++)
{
i += parser.FeedToSkip(i);
}
return(entry);
}
public void TestSyncDelete()
{
var systemFactory = new MockIpsetSystemFactory();
var system = new MockIpsetBinaryAdapter(systemFactory);
var iptables = new IpTablesSystem(systemFactory, null, system);
IpSetSets rulesOriginal = new IpSetSets(new List<String>()
{
"create test hash:ip",
"add test 8.8.8.8"
}, iptables);
system.SetSets(rulesOriginal);
IpSetSets rulesNew = new IpSetSets(new List<String>()
{
}, iptables);
systemFactory.TestSync(rulesNew, new List<string>
{
"destroy test"
});
}
public static IpSetEntry Parse(String command, IpSetSets sets)
{
var parts = command.Split(new char[] {' '});
if (parts.Length < 2)
{
return null;
}
IpSetEntry entry = new IpSetEntry(null);
string[] arguments = ArgumentHelper.SplitArguments(command);
var parser = new IpSetEntryParser(arguments, entry, sets);
for (int i = 0; i < arguments.Length; i++)
{
i += parser.FeedToSkip(i);
}
return entry;
}
public void TestSyncCreateNet()
{
var systemFactory = new MockIpsetSystemFactory();
var system = new MockIpsetBinaryAdapter(systemFactory);
var iptables = new IpTablesSystem(systemFactory, null, system);
IpSetSets rulesOriginal = new IpSetSets(new List<String>()
{
}, iptables);
system.SetSets(rulesOriginal);
IpSetSets rulesNew = new IpSetSets(new List<String>()
{
"create test hash:net",
"add test 8.8.8.8/32"
}, iptables);
systemFactory.TestSync(rulesNew, new List<string>
{
"create test hash:net family inet hashsize 1024 maxelem 65536",
"add test 8.8.8.8"
});
}
public void TestBitmapPortNoChange()
{
var systemFactory = new MockIpsetSystemFactory();
var system = new MockIpsetBinaryAdapter(systemFactory);
var iptables = new IpTablesSystem(systemFactory, null, system);
IpSetSets rulesOriginal = new IpSetSets(new List<String>()
{
"create test bitmap:port range 1-65535",
"add test 80",
"add test 81"
}, iptables);
rulesOriginal.Sets.FirstOrDefault().SyncMode = IpSetSyncMode.SetAndEntries;
system.SetSets(rulesOriginal);
IpSetSets rulesNew = new IpSetSets(new List<String>()
{
"create test bitmap:port bitmap:port range 1-65535",
"add test 81",
"add test 80"
}, iptables);
rulesNew.Sets.FirstOrDefault().SyncMode = IpSetSyncMode.SetAndEntries;
systemFactory.TestSync(rulesNew, new List<string>
{
});
}
public void TestBitmapPort()
{
var systemFactory = new MockIpsetSystemFactory();
var system = new MockIpsetBinaryAdapter(systemFactory);
var iptables = new IpTablesSystem(systemFactory, null, system);
IpSetSets rulesOriginal = new IpSetSets(new List<String>()
{
"create test bitmap:port family inet",
"add test 80"
}, iptables);
system.SetSets(rulesOriginal);
IpSetSets rulesNew = new IpSetSets(new List<String>()
{
"create test bitmap:port"
}, iptables);
rulesNew.Sets.FirstOrDefault().SyncMode = IpSetSyncMode.SetOnly;
systemFactory.TestSync(rulesNew, new List<string>
{
});
}
public void TestSyncEntryNotValues()
{
var systemFactory = new MockIpsetSystemFactory();
var system = new MockIpsetBinaryAdapter(systemFactory);
var iptables = new IpTablesSystem(systemFactory, null, system);
IpSetSets rulesOriginal = new IpSetSets(new List<String>()
{
"create test hash:ip family inet hashsize 1024 maxelem 65536",
"add test 8.8.8.8"
}, iptables);
system.SetSets(rulesOriginal);
IpSetSets rulesNew = new IpSetSets(new List<String>()
{
"create test hash:ip"
}, iptables);
rulesNew.Sets.FirstOrDefault().SyncMode = IpSetSyncMode.SetOnly;
systemFactory.TestSync(rulesNew, new List<string>
{
});
}
public ModelLoad(IpTablesSystem iptables, Dictionary<int, IpTablesRuleSet> ruleSets, IpSetSets sets)
{
_iptables = iptables;
_ruleSets = ruleSets;
_sets = sets;
}
public void TestSync(IpSetSets rulesNew, List<string> expectedCommands)
{
TestSync(rulesNew);
CollectionAssert.AreEqual(expectedCommands, Commands.Select(a => a.Value).ToList());
}
public void TestSync(IpSetSets rulesNew)
{
rulesNew.Sync((a)=>true, false);
}
