完善解析
This commit is contained in:
parent
2a107c474b
commit
a76ff7220c
@ -200,6 +200,42 @@ func TestParser(t *testing.T) {
|
|||||||
-A ufw-skip-to-policy-output -j ACCEPT
|
-A ufw-skip-to-policy-output -j ACCEPT
|
||||||
-A ufw-track-output -p tcp -m conntrack --ctstate NEW -j ACCEPT
|
-A ufw-track-output -p tcp -m conntrack --ctstate NEW -j ACCEPT
|
||||||
-A ufw-track-output -p udp -m conntrack --ctstate NEW -j ACCEPT
|
-A ufw-track-output -p udp -m conntrack --ctstate NEW -j ACCEPT
|
||||||
|
-A ufw-user-input -s 217.133.27.74/32 -j REJECT --reject-with icmp-port-unreachable
|
||||||
|
-A ufw-user-input -s 124.64.22.154/32 -j REJECT --reject-with icmp-port-unreachable
|
||||||
|
-A ufw-user-input -s 182.43.24.106/32 -j REJECT --reject-with icmp-port-unreachable
|
||||||
|
-A ufw-user-input -s 143.198.126.248/32 -j REJECT --reject-with icmp-port-unreachable
|
||||||
|
-A ufw-user-input -s 185.206.231.221/32 -j REJECT --reject-with icmp-port-unreachable
|
||||||
|
-A ufw-user-input -s 137.184.35.139/32 -j REJECT --reject-with icmp-port-unreachable
|
||||||
|
-A ufw-user-input -s 20.25.65.86/32 -j REJECT --reject-with icmp-port-unreachable
|
||||||
|
-A ufw-user-input -s 49.0.129.17/32 -j REJECT --reject-with icmp-port-unreachable
|
||||||
|
-A ufw-user-input -s 45.124.84.203/32 -j REJECT --reject-with icmp-port-unreachable
|
||||||
|
-A ufw-user-input -s 143.198.164.196/32 -j REJECT --reject-with icmp-port-unreachable
|
||||||
|
-A ufw-user-input -s 111.193.228.107/32 -j REJECT --reject-with icmp-port-unreachable
|
||||||
|
-A ufw-user-input -s 189.195.123.54/32 -j REJECT --reject-with icmp-port-unreachable
|
||||||
|
-A ufw-user-input -s 51.89.107.199/32 -j REJECT --reject-with icmp-port-unreachable
|
||||||
|
-A ufw-user-input -s 170.106.168.224/32 -j REJECT --reject-with icmp-port-unreachable
|
||||||
|
-A ufw-user-input -s 43.153.63.44/32 -j REJECT --reject-with icmp-port-unreachable
|
||||||
|
-A ufw-user-input -s 102.220.22.188/32 -j REJECT --reject-with icmp-port-unreachable
|
||||||
|
-A ufw-user-input -s 49.0.116.196/32 -j REJECT --reject-with icmp-port-unreachable
|
||||||
|
-A ufw-user-input -s 42.96.47.163/32 -j REJECT --reject-with icmp-port-unreachable
|
||||||
|
-A ufw-user-input -s 41.221.168.198/32 -j REJECT --reject-with icmp-port-unreachable
|
||||||
|
-A ufw-user-input -s 143.64.45.166/32 -j REJECT --reject-with icmp-port-unreachable
|
||||||
|
-A ufw-user-input -s 120.48.48.41/32 -j REJECT --reject-with icmp-port-unreachable
|
||||||
|
-A ufw-user-input -s 115.135.204.196/32 -j REJECT --reject-with icmp-port-unreachable
|
||||||
|
-A ufw-user-input -s 34.92.176.182/32 -j REJECT --reject-with icmp-port-unreachable
|
||||||
|
-A ufw-user-input -s 36.133.209.119/32 -j REJECT --reject-with icmp-port-unreachable
|
||||||
|
-A ufw-user-input -s 117.50.118.93/32 -j REJECT --reject-with icmp-port-unreachable
|
||||||
|
-A ufw-user-input -s 152.228.164.249/32 -j REJECT --reject-with icmp-port-unreachable
|
||||||
|
-A ufw-user-input -s 146.59.250.225/32 -j REJECT --reject-with icmp-port-unreachable
|
||||||
|
-A ufw-user-input -s 124.156.202.69/32 -j REJECT --reject-with icmp-port-unreachable
|
||||||
|
-A ufw-user-input -s 41.223.99.89/32 -j REJECT --reject-with icmp-port-unreachable
|
||||||
|
-A ufw-user-input -s 14.29.198.201/32 -j REJECT --reject-with icmp-port-unreachable
|
||||||
|
-A ufw-user-input -s 43.254.158.178/32 -j REJECT --reject-with icmp-port-unreachable
|
||||||
|
-A ufw-user-input -s 154.209.4.238/32 -j REJECT --reject-with icmp-port-unreachable
|
||||||
|
-A ufw-user-input -s 124.225.162.207/32 -j REJECT --reject-with icmp-port-unreachable
|
||||||
|
-A ufw-user-input -s 167.172.229.92/32 -j REJECT --reject-with icmp-port-unreachable
|
||||||
|
-A ufw-user-input -s 201.186.40.250/32 -j REJECT --reject-with icmp-port-unreachable
|
||||||
|
-A ufw-user-input -s 157.7.215.143/32 -j REJECT --reject-with icmp-port-unreachable
|
||||||
-A ufw-user-input -s 43.163.200.216/32 -j REJECT --reject-with icmp-port-unreachable
|
-A ufw-user-input -s 43.163.200.216/32 -j REJECT --reject-with icmp-port-unreachable
|
||||||
-A ufw-user-input -s 43.134.85.220/32 -j REJECT --reject-with icmp-port-unreachable
|
-A ufw-user-input -s 43.134.85.220/32 -j REJECT --reject-with icmp-port-unreachable
|
||||||
-A ufw-user-input -s 43.153.229.30/32 -j REJECT --reject-with icmp-port-unreachable
|
-A ufw-user-input -s 43.153.229.30/32 -j REJECT --reject-with icmp-port-unreachable
|
||||||
@ -285,69 +321,6 @@ func TestParser(t *testing.T) {
|
|||||||
-A ufw-user-input -s 43.159.49.103/32 -j REJECT --reject-with icmp-port-unreachable
|
-A ufw-user-input -s 43.159.49.103/32 -j REJECT --reject-with icmp-port-unreachable
|
||||||
-A ufw-user-input -s 117.50.172.41/32 -j REJECT --reject-with icmp-port-unreachable
|
-A ufw-user-input -s 117.50.172.41/32 -j REJECT --reject-with icmp-port-unreachable
|
||||||
-A ufw-user-input -s 120.48.124.21/32 -j REJECT --reject-with icmp-port-unreachable
|
-A ufw-user-input -s 120.48.124.21/32 -j REJECT --reject-with icmp-port-unreachable
|
||||||
-A ufw-user-input -s 91.92.250.6/32 -j REJECT --reject-with icmp-port-unreachable
|
|
||||||
-A ufw-user-input -s 220.250.41.11/32 -j REJECT --reject-with icmp-port-unreachable
|
|
||||||
-A ufw-user-input -s 43.156.216.43/32 -j REJECT --reject-with icmp-port-unreachable
|
|
||||||
-A ufw-user-input -s 134.209.97.29/32 -j REJECT --reject-with icmp-port-unreachable
|
|
||||||
-A ufw-user-input -s 103.200.22.209/32 -j REJECT --reject-with icmp-port-unreachable
|
|
||||||
-A ufw-user-input -s 103.182.155.223/32 -j REJECT --reject-with icmp-port-unreachable
|
|
||||||
-A ufw-user-input -s 114.207.113.200/32 -j REJECT --reject-with icmp-port-unreachable
|
|
||||||
-A ufw-user-input -s 81.70.77.96/32 -j REJECT --reject-with icmp-port-unreachable
|
|
||||||
-A ufw-user-input -s 43.156.68.36/32 -j REJECT --reject-with icmp-port-unreachable
|
|
||||||
-A ufw-user-input -s 152.32.156.127/32 -j REJECT --reject-with icmp-port-unreachable
|
|
||||||
-A ufw-user-input -s 119.136.27.180/32 -j REJECT --reject-with icmp-port-unreachable
|
|
||||||
-A ufw-user-input -s 43.153.17.62/32 -j REJECT --reject-with icmp-port-unreachable
|
|
||||||
-A ufw-user-input -s 43.133.59.215/32 -j REJECT --reject-with icmp-port-unreachable
|
|
||||||
-A ufw-user-input -s 43.156.106.71/32 -j REJECT --reject-with icmp-port-unreachable
|
|
||||||
-A ufw-user-input -s 45.71.33.220/32 -j REJECT --reject-with icmp-port-unreachable
|
|
||||||
-A ufw-user-input -s 139.59.64.84/32 -j REJECT --reject-with icmp-port-unreachable
|
|
||||||
-A ufw-user-input -s 178.128.98.121/32 -j REJECT --reject-with icmp-port-unreachable
|
|
||||||
-A ufw-user-input -s 202.157.184.3/32 -j REJECT --reject-with icmp-port-unreachable
|
|
||||||
-A ufw-user-input -s 157.245.89.180/32 -j REJECT --reject-with icmp-port-unreachable
|
|
||||||
-A ufw-user-input -s 43.153.38.127/32 -j REJECT --reject-with icmp-port-unreachable
|
|
||||||
-A ufw-user-input -s 101.34.91.253/32 -j REJECT --reject-with icmp-port-unreachable
|
|
||||||
-A ufw-user-input -s 58.246.77.82/32 -j REJECT --reject-with icmp-port-unreachable
|
|
||||||
-A ufw-user-input -s 187.44.180.230/32 -j REJECT --reject-with icmp-port-unreachable
|
|
||||||
-A ufw-user-input -s 34.123.134.194/32 -j REJECT --reject-with icmp-port-unreachable
|
|
||||||
-A ufw-user-input -s 123.58.216.78/32 -j REJECT --reject-with icmp-port-unreachable
|
|
||||||
-A ufw-user-input -s 107.151.241.98/32 -j REJECT --reject-with icmp-port-unreachable
|
|
||||||
-A ufw-user-input -s 60.220.185.149/32 -j REJECT --reject-with icmp-port-unreachable
|
|
||||||
-A ufw-user-input -s 179.189.241.11/32 -j REJECT --reject-with icmp-port-unreachable
|
|
||||||
-A ufw-user-input -s 186.31.95.163/32 -j REJECT --reject-with icmp-port-unreachable
|
|
||||||
-A ufw-user-input -s 103.160.148.170/32 -j REJECT --reject-with icmp-port-unreachable
|
|
||||||
-A ufw-user-input -s 101.43.86.4/32 -j REJECT --reject-with icmp-port-unreachable
|
|
||||||
-A ufw-user-input -s 185.187.169.243/32 -j REJECT --reject-with icmp-port-unreachable
|
|
||||||
-A ufw-user-input -s 210.183.21.48/32 -j REJECT --reject-with icmp-port-unreachable
|
|
||||||
-A ufw-user-input -s 64.227.3.169/32 -j REJECT --reject-with icmp-port-unreachable
|
|
||||||
-A ufw-user-input -s 186.16.42.74/32 -j REJECT --reject-with icmp-port-unreachable
|
|
||||||
-A ufw-user-input -s 122.169.49.107/32 -j REJECT --reject-with icmp-port-unreachable
|
|
||||||
-A ufw-user-input -s 49.0.129.3/32 -j REJECT --reject-with icmp-port-unreachable
|
|
||||||
-A ufw-user-input -s 190.27.34.197/32 -j REJECT --reject-with icmp-port-unreachable
|
|
||||||
-A ufw-user-input -s 43.155.91.190/32 -j REJECT --reject-with icmp-port-unreachable
|
|
||||||
-A ufw-user-input -s 106.53.150.5/32 -j REJECT --reject-with icmp-port-unreachable
|
|
||||||
-A ufw-user-input -s 118.195.234.184/32 -j REJECT --reject-with icmp-port-unreachable
|
|
||||||
-A ufw-user-input -s 179.41.2.183/32 -j REJECT --reject-with icmp-port-unreachable
|
|
||||||
-A ufw-user-input -s 43.134.15.82/32 -j REJECT --reject-with icmp-port-unreachable
|
|
||||||
-A ufw-user-input -s 95.130.227.252/32 -j REJECT --reject-with icmp-port-unreachable
|
|
||||||
-A ufw-user-input -s 51.145.134.83/32 -j REJECT --reject-with icmp-port-unreachable
|
|
||||||
-A ufw-user-input -s 142.93.129.80/32 -j REJECT --reject-with icmp-port-unreachable
|
|
||||||
-A ufw-user-input -s 43.156.7.9/32 -j REJECT --reject-with icmp-port-unreachable
|
|
||||||
-A ufw-user-input -s 128.199.183.107/32 -j REJECT --reject-with icmp-port-unreachable
|
|
||||||
-A ufw-user-input -s 189.206.165.62/32 -j REJECT --reject-with icmp-port-unreachable
|
|
||||||
-A ufw-user-input -s 43.153.6.237/32 -j REJECT --reject-with icmp-port-unreachable
|
|
||||||
-A ufw-user-input -s 188.36.123.6/32 -j REJECT --reject-with icmp-port-unreachable
|
|
||||||
-A ufw-user-input -s 107.174.172.198/32 -j REJECT --reject-with icmp-port-unreachable
|
|
||||||
-A ufw-user-input -s 43.163.197.146/32 -j REJECT --reject-with icmp-port-unreachable
|
|
||||||
-A ufw-user-input -s 43.134.227.248/32 -j REJECT --reject-with icmp-port-unreachable
|
|
||||||
-A ufw-user-input -s 43.134.230.140/32 -j REJECT --reject-with icmp-port-unreachable
|
|
||||||
-A ufw-user-input -s 43.163.237.49/32 -j REJECT --reject-with icmp-port-unreachable
|
|
||||||
-A ufw-user-input -s 91.215.147.69/32 -j REJECT --reject-with icmp-port-unreachable
|
|
||||||
-A ufw-user-input -s 129.226.144.58/32 -j REJECT --reject-with icmp-port-unreachable
|
|
||||||
-A ufw-user-input -s 220.80.223.144/32 -j REJECT --reject-with icmp-port-unreachable
|
|
||||||
-A ufw-user-input -s 107.209.60.51/32 -j REJECT --reject-with icmp-port-unreachable
|
|
||||||
-A ufw-user-input -s 217.218.56.142/32 -j REJECT --reject-with icmp-port-unreachable
|
|
||||||
-A ufw-user-input -s 150.109.245.113/32 -j REJECT --reject-with icmp-port-unreachable
|
|
||||||
-A ufw-user-input -s 104.131.93.177/32 -j REJECT --reject-with icmp-port-unreachable
|
|
||||||
-A ufw-user-input -p tcp -m tcp --dport 20 -j ACCEPT
|
-A ufw-user-input -p tcp -m tcp --dport 20 -j ACCEPT
|
||||||
-A ufw-user-input -p tcp -m tcp --dport 21 -j ACCEPT
|
-A ufw-user-input -p tcp -m tcp --dport 21 -j ACCEPT
|
||||||
-A ufw-user-input -p tcp -m tcp --dport 22 -j ACCEPT
|
-A ufw-user-input -p tcp -m tcp --dport 22 -j ACCEPT
|
||||||
|
@ -54,6 +54,13 @@ type Rule struct {
|
|||||||
|
|
||||||
// --sport example: 22 80
|
// --sport example: 22 80
|
||||||
SrcPort string `json:"srcPort"`
|
SrcPort string `json:"srcPort"`
|
||||||
|
// --sports example: 20000:40000
|
||||||
|
SrcPorts string `json:"srcPorts"`
|
||||||
// --dport example: 80
|
// --dport example: 80
|
||||||
DstPort string `json:"dstPort"`
|
DstPort string `json:"dstPort"`
|
||||||
|
// --dports example: 45000:46000
|
||||||
|
DstPorts string `json:"dstPorts"`
|
||||||
|
|
||||||
|
// --limit example: 3/min
|
||||||
|
Limit string `json:"limit"`
|
||||||
}
|
}
|
||||||
|
@ -83,7 +83,11 @@ func Parse(rules string) {
|
|||||||
match := flagSet.StringP("match", "m", "", "")
|
match := flagSet.StringP("match", "m", "", "")
|
||||||
|
|
||||||
srcPort := flagSet.String("sport", "", "")
|
srcPort := flagSet.String("sport", "", "")
|
||||||
|
srcPorts := flagSet.String("sports", "", "")
|
||||||
dstPort := flagSet.String("dport", "", "")
|
dstPort := flagSet.String("dport", "", "")
|
||||||
|
dstPorts := flagSet.String("dports", "", "")
|
||||||
|
|
||||||
|
limit := flagSet.String("limit", "", "")
|
||||||
|
|
||||||
_ = flagSet.Parse(args)
|
_ = flagSet.Parse(args)
|
||||||
r := Rule{
|
r := Rule{
|
||||||
@ -104,9 +108,16 @@ func Parse(rules string) {
|
|||||||
ExcludeProtocol: *excludeProtocol,
|
ExcludeProtocol: *excludeProtocol,
|
||||||
Jump: Chain(*jump),
|
Jump: Chain(*jump),
|
||||||
Goto: Chain(*gotoChain),
|
Goto: Chain(*gotoChain),
|
||||||
Match: *match,
|
|
||||||
SrcPort: *srcPort,
|
Match: *match,
|
||||||
DstPort: *dstPort,
|
|
||||||
|
SrcPort: *srcPort,
|
||||||
|
SrcPorts: *srcPorts,
|
||||||
|
|
||||||
|
DstPort: *dstPort,
|
||||||
|
DstPorts: *dstPorts,
|
||||||
|
|
||||||
|
Limit: *limit,
|
||||||
}
|
}
|
||||||
ruleList = append(ruleList, r)
|
ruleList = append(ruleList, r)
|
||||||
}
|
}
|
||||||
@ -126,6 +137,6 @@ func Parse(rules string) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
for _, rule := range ruleList {
|
for _, rule := range ruleList {
|
||||||
logger.Log().Infof("规则: %+v", utils.Json(rule))
|
fmt.Printf("规则: %+v\n", utils.Json(rule))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user