Shikong/iptables-helper
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

完善解析

Browse Source
This commit is contained in:
shikong 2023-11-02 20:43:44 +08:00
parent 2a107c474b
commit a76ff7220c
3 changed files with 58 additions and 67 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

99
pkg/utils/iptables/flag_test.go
View File

@ -200,6 +200,42 @@ func TestParser(t *testing.T) {
-A ufw-skip-to-policy-output -j ACCEPT
-A ufw-track-output -p tcp -m conntrack --ctstate NEW -j ACCEPT
-A ufw-track-output -p udp -m conntrack --ctstate NEW -j ACCEPT
-A ufw-user-input -s 217.133.27.74/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 124.64.22.154/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 182.43.24.106/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 143.198.126.248/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 185.206.231.221/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 137.184.35.139/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 20.25.65.86/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 49.0.129.17/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 45.124.84.203/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 143.198.164.196/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 111.193.228.107/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 189.195.123.54/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 51.89.107.199/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 170.106.168.224/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 43.153.63.44/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 102.220.22.188/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 49.0.116.196/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 42.96.47.163/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 41.221.168.198/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 143.64.45.166/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 120.48.48.41/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 115.135.204.196/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 34.92.176.182/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 36.133.209.119/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 117.50.118.93/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 152.228.164.249/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 146.59.250.225/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 124.156.202.69/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 41.223.99.89/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 14.29.198.201/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 43.254.158.178/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 154.209.4.238/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 124.225.162.207/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 167.172.229.92/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 201.186.40.250/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 157.7.215.143/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 43.163.200.216/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 43.134.85.220/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 43.153.229.30/32 -j REJECT --reject-with icmp-port-unreachable
@ -285,69 +321,6 @@ func TestParser(t *testing.T) {
-A ufw-user-input -s 43.159.49.103/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 117.50.172.41/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 120.48.124.21/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 91.92.250.6/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 220.250.41.11/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 43.156.216.43/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 134.209.97.29/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 103.200.22.209/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 103.182.155.223/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 114.207.113.200/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 81.70.77.96/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 43.156.68.36/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 152.32.156.127/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 119.136.27.180/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 43.153.17.62/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 43.133.59.215/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 43.156.106.71/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 45.71.33.220/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 139.59.64.84/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 178.128.98.121/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 202.157.184.3/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 157.245.89.180/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 43.153.38.127/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 101.34.91.253/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 58.246.77.82/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 187.44.180.230/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 34.123.134.194/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 123.58.216.78/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 107.151.241.98/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 60.220.185.149/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 179.189.241.11/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 186.31.95.163/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 103.160.148.170/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 101.43.86.4/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 185.187.169.243/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 210.183.21.48/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 64.227.3.169/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 186.16.42.74/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 122.169.49.107/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 49.0.129.3/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 190.27.34.197/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 43.155.91.190/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 106.53.150.5/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 118.195.234.184/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 179.41.2.183/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 43.134.15.82/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 95.130.227.252/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 51.145.134.83/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 142.93.129.80/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 43.156.7.9/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 128.199.183.107/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 189.206.165.62/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 43.153.6.237/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 188.36.123.6/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 107.174.172.198/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 43.163.197.146/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 43.134.227.248/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 43.134.230.140/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 43.163.237.49/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 91.215.147.69/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 129.226.144.58/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 220.80.223.144/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 107.209.60.51/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 217.218.56.142/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 150.109.245.113/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -s 104.131.93.177/32 -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-input -p tcp -m tcp --dport 20 -j ACCEPT
-A ufw-user-input -p tcp -m tcp --dport 21 -j ACCEPT
-A ufw-user-input -p tcp -m tcp --dport 22 -j ACCEPT

7
pkg/utils/iptables/iptables.go
View File

@ -54,6 +54,13 @@ type Rule struct {
// --sport example: 22 80
SrcPort string `json:"srcPort"`
// --sports example: 20000:40000
SrcPorts string `json:"srcPorts"`
// --dport example: 80
DstPort string `json:"dstPort"`
// --dports example: 45000:46000
DstPorts string `json:"dstPorts"`
// --limit example: 3/min
Limit string `json:"limit"`
}

19
pkg/utils/iptables/parser.go
View File

@ -83,7 +83,11 @@ func Parse(rules string) {
match := flagSet.StringP("match", "m", "", "")
srcPort := flagSet.String("sport", "", "")
srcPorts := flagSet.String("sports", "", "")
dstPort := flagSet.String("dport", "", "")
dstPorts := flagSet.String("dports", "", "")
limit := flagSet.String("limit", "", "")
_ = flagSet.Parse(args)
r := Rule{
@ -104,9 +108,16 @@ func Parse(rules string) {
ExcludeProtocol: *excludeProtocol,
Jump: Chain(*jump),
Goto: Chain(*gotoChain),
Match: *match,
SrcPort: *srcPort,
DstPort: *dstPort,
Match: *match,
SrcPort: *srcPort,
SrcPorts: *srcPorts,
DstPort: *dstPort,
DstPorts: *dstPorts,
Limit: *limit,
}
ruleList = append(ruleList, r)
}
@ -126,6 +137,6 @@ func Parse(rules string) {
}
for _, rule := range ruleList {
logger.Log().Infof("规则: %+v", utils.Json(rule))
fmt.Printf("规则: %+v\n", utils.Json(rule))
}
}