diff --git a/pkg/utils/iptables/flag_test.go b/pkg/utils/iptables/flag_test.go index e6513b0..9a3da2d 100644 --- a/pkg/utils/iptables/flag_test.go +++ b/pkg/utils/iptables/flag_test.go @@ -1,77 +1,12 @@ package iptables import ( - "fmt" - flag "github.com/spf13/pflag" - "iptables-helper/pkg/logger" "iptables-helper/pkg/utils/command" - "strings" "testing" ) func TestFlag(t *testing.T) { cmder := command.Commander{} result := cmder.ExecuteWithResult("sudo iptables -S") - results := strings.Split(result, "\n") - - policyList := make([]Policy, 0) - chainList := make([]Chain, 0) - - for _, rule := range results { - logger.Log().Debug("解析规则: ", rule) - - //rule := "-A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER" - // 转化以便解析 - rule = strings.ReplaceAll(rule, " ! ", " -! ") - - flagSet := flag.FlagSet{} - flagSet.ParseErrorsWhitelist = flag.ParseErrorsWhitelist{UnknownFlags: true} - - var reverse bool - var dst string - - // 优先解析/判断 P N A 三个基本类型 - var policy string - // 策略 - flagSet.StringVarP(&policy, "policy", "P", "", "") - var appendRule string - // 追加规则 - flagSet.StringVarP(&appendRule, "append", "A", "", "") - var newChain string - // 创建自定义规则链 - flagSet.StringVarP(&newChain, "new-chain", "N", "", "") - - flagSet.BoolVarP(&reverse, "!", "!", false, "") - flagSet.StringVarP(&dst, "destination", "d", "", "") - - _ = flagSet.Parse(strings.Split(rule, " ")) - - if len(policy) > 0 { - target := flagSet.Arg(0) - logger.Log().Infof("默认策略 %+v %+v", policy, target) - chain := Chain(policy) - chainList = append(chainList, chain) - policyList = append(policyList, Policy{chain, PolicyTarget(target)}) - continue - } - - if len(newChain) > 0 { - chainList = append(chainList, Chain(newChain)) - continue - } - - //logger.Log().Debugf("appendRule %+v", appendRule) - //logger.Log().Debugf("reverse %+v", reverse) - } - - for i := 0; i < 50; i++ { - fmt.Print("=") - } - fmt.Println() - for _, policy := range policyList { - logger.Log().Infof("默认策略: %s => %s", policy.Name, policy.Target) - } - for _, chain := range chainList { - logger.Log().Infof("自定义规则链: %s", chain) - } + Parse(result) } diff --git a/pkg/utils/iptables/iptables.go b/pkg/utils/iptables/iptables.go index 47d1833..a6d2ded 100644 --- a/pkg/utils/iptables/iptables.go +++ b/pkg/utils/iptables/iptables.go @@ -19,5 +19,31 @@ type Chain string type Rule struct { Chain Chain `json:"chain"` - Jump Chain `json:"jump"` + // -j [target Chain] + Jump Chain `json:"jump"` + + // -i [interface] + InputInterface string `json:"inputInterface"` + // ! -i [interface] + ExcludeInputInterface string `json:"excludeInputInterface"` + + // -o [interface] + OutputInterface string `json:"outputInterface"` + // ! -o [interface] + ExcludeOutputInterface string `json:"excludeOutputInterface"` + + // -s [source] example: 192.168.1.1, 192.168.1.0/24 + Source string `json:"source"` + // ! -s [source] example: 192.168.1.1, 192.168.1.0/24 + ExcludeSource string `json:"excludeSource"` + + // -d [dest] example: 192.168.1.1, 192.168.1.0/24 + Destination string `json:"destination"` + // ! -s [source] example: 192.168.1.1, 192.168.1.0/24 + ExcludeDestination string `json:"excludeDestination"` + + // -p [proto] example: all, tcp, udp, icmp + Protocol string `json:"protocol"` + // ! -p [proto] example: all, tcp, udp, icmp + ExcludeProtocol string `json:"excludeProtocol"` } diff --git a/pkg/utils/iptables/parser.go b/pkg/utils/iptables/parser.go new file mode 100644 index 0000000..b920891 --- /dev/null +++ b/pkg/utils/iptables/parser.go @@ -0,0 +1,101 @@ +package iptables + +import ( + "fmt" + flag "github.com/spf13/pflag" + "iptables-helper/pkg/logger" + "strings" +) + +// Parse +// iptables 规则解析 +func Parse(rules string) { + results := strings.Split(rules, "\n") + + policyList := make([]Policy, 0) + chainList := make([]Chain, 0) + ruleList := make([]Rule, 0) + + for _, rule := range results { + logger.Log().Debug("解析规则: ", rule) + + //rule := "-A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER" + // 转化以便解析 + rule = strings.ReplaceAll(rule, "! -s", "--excludeS") + rule = strings.ReplaceAll(rule, "! -d", "--excludeD") + rule = strings.ReplaceAll(rule, "! -i", "--excludeI") + rule = strings.ReplaceAll(rule, "! -o", "--excludeO") + + flagSet := flag.FlagSet{} + flagSet.ParseErrorsWhitelist = flag.ParseErrorsWhitelist{UnknownFlags: true} + + //var reverse bool + //var dst string + + // 优先解析/判断 P N A 三个基本类型 + var policy string + // 策略 + flagSet.StringVarP(&policy, "policy", "P", "", "") + var appendRule string + // 追加规则 + flagSet.StringVarP(&appendRule, "append", "A", "", "") + var newChain string + // 创建自定义规则链 + flagSet.StringVarP(&newChain, "new-chain", "N", "", "") + + args := strings.Split(rule, " ") + // 解析一部分 + _ = flagSet.Parse(args) + + if len(policy) > 0 { + target := PolicyTarget(flagSet.Arg(0)) + chain := Chain(policy) + chainList = append(chainList, chain) + policyList = append(policyList, Policy{chain, target}) + continue + } + + if len(newChain) > 0 { + chainList = append(chainList, Chain(newChain)) + continue + } + + if len(appendRule) > 0 { + // 来源 + source := flagSet.StringP("source", "s", "", "") + excludeSource := flagSet.String("excludeS", "", "") + // 目标 + destination := flagSet.StringP("destination", "d", "", "") + excludeDestination := flagSet.String("excludeD", "", "") + + _ = flagSet.Parse(args) + r := Rule{ + Chain: Chain(appendRule), + Source: *source, + ExcludeSource: *excludeSource, + + Destination: *destination, + ExcludeDestination: *excludeDestination, + //Jump: Chain(), + } + ruleList = append(ruleList, r) + } + //logger.Log().Debugf("appendRule %+v", appendRule) + //logger.Log().Debugf("reverse %+v", reverse) + } + + for i := 0; i < 50; i++ { + fmt.Print("=") + } + fmt.Println() + for _, policy := range policyList { + logger.Log().Infof("默认策略: %s => %s", policy.Name, policy.Target) + } + for _, chain := range chainList { + logger.Log().Infof("自定义规则链: %s", chain) + } + + for _, rule := range ruleList { + logger.Log().Infof("规则: %+v", rule) + } +}