简单解析测试

2023-11-02 18:30:54 +08:00 · 2023-11-02 18:30:54 +08:00 · ccec58bfb9
commit ccec58bfb9
parent 5d19f406ec
6 changed files with 456 additions and 3 deletions
--- a/go.mod
+++ b/go.mod
@ -4,9 +4,11 @@ go 1.18

 require (
 	github.com/fsnotify/fsnotify v1.6.0
+	github.com/goccy/go-json v0.10.2
 	github.com/gofiber/fiber/v2 v2.50.0
 	github.com/gofiber/swagger v0.1.14
 	github.com/pelletier/go-toml/v2 v2.1.0
+	github.com/spf13/pflag v1.0.5
 	github.com/spf13/viper v1.17.0
 	github.com/swaggo/swag v1.16.2
 	go.uber.org/atomic v1.11.0
@ -38,7 +40,6 @@ require (
 	github.com/sourcegraph/conc v0.3.0 // indirect
 	github.com/spf13/afero v1.10.0 // indirect
 	github.com/spf13/cast v1.5.1 // indirect
-	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/subosito/gotenv v1.6.0 // indirect
 	github.com/swaggo/files/v2 v2.0.0 // indirect
 	github.com/valyala/bytebufferpool v1.0.0 // indirect
--- a/go.sum
+++ b/go.sum
@ -81,6 +81,8 @@ github.com/go-openapi/spec v0.20.4/go.mod h1:faYFR1CvsJZ0mNsmsphTMSoRrNV3TEDoAM7
 github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
 github.com/go-openapi/swag v0.19.15 h1:D2NRCBzS9/pEY3gP9Nl8aDqGUcPFrwG2p+CNFrLyrCM=
 github.com/go-openapi/swag v0.19.15/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ=
+github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU=
+github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
 github.com/gofiber/fiber/v2 v2.50.0 h1:ia0JaB+uw3GpNSCR5nvC5dsaxXjRU5OEu36aytx+zGw=
 github.com/gofiber/fiber/v2 v2.50.0/go.mod h1:21eytvay9Is7S6z+OgPi7c7n4++tnClWmhpimVHMimw=
 github.com/gofiber/swagger v0.1.14 h1:o524wh4QaS4eKhUCpj7M0Qhn8hvtzcyxDsfZLXuQcRI=
--- a/pkg/utils/iptables/flag_test.go
+++ b/pkg/utils/iptables/flag_test.go
@ -10,3 +10,418 @@ func TestFlag(t *testing.T) {
 	result := cmder.ExecuteWithResult("sudo iptables -S")
 	Parse(result)
 }
+
+func TestParser(t *testing.T) {
+	result := `
+-P INPUT DROP
+-P FORWARD DROP
+-P OUTPUT ACCEPT
+-N DOCKER
+-N DOCKER-ISOLATION-STAGE-1
+-N DOCKER-ISOLATION-STAGE-2
+-N DOCKER-USER
+-N ufw-after-forward
+-N ufw-after-input
+-N ufw-after-logging-forward
+-N ufw-after-logging-input
+-N ufw-after-logging-output
+-N ufw-after-output
+-N ufw-before-forward
+-N ufw-before-input
+-N ufw-before-logging-forward
+-N ufw-before-logging-input
+-N ufw-before-logging-output
+-N ufw-before-output
+-N ufw-logging-allow
+-N ufw-logging-deny
+-N ufw-not-local
+-N ufw-reject-forward
+-N ufw-reject-input
+-N ufw-reject-output
+-N ufw-skip-to-policy-forward
+-N ufw-skip-to-policy-input
+-N ufw-skip-to-policy-output
+-N ufw-track-forward
+-N ufw-track-input
+-N ufw-track-output
+-N ufw-user-forward
+-N ufw-user-input
+-N ufw-user-limit
+-N ufw-user-limit-accept
+-N ufw-user-logging-forward
+-N ufw-user-logging-input
+-N ufw-user-logging-output
+-N ufw-user-output
+-A INPUT -j ufw-before-logging-input
+-A INPUT -j ufw-before-input
+-A INPUT -j ufw-after-input
+-A INPUT -j ufw-after-logging-input
+-A INPUT -j ufw-reject-input
+-A INPUT -j ufw-track-input
+-A FORWARD -j DOCKER-USER
+-A FORWARD -j DOCKER-ISOLATION-STAGE-1
+-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+-A FORWARD -o docker0 -j DOCKER
+-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
+-A FORWARD -i docker0 -o docker0 -j ACCEPT
+-A FORWARD -o br-31ea98354f2d -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+-A FORWARD -o br-31ea98354f2d -j DOCKER
+-A FORWARD -i br-31ea98354f2d ! -o br-31ea98354f2d -j ACCEPT
+-A FORWARD -i br-31ea98354f2d -o br-31ea98354f2d -j ACCEPT
+-A FORWARD -i br-d6435c261f29 -o br-d6435c261f29 -j ACCEPT
+-A FORWARD -o br-ca99b8f388bd -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+-A FORWARD -o br-ca99b8f388bd -j DOCKER
+-A FORWARD -i br-ca99b8f388bd ! -o br-ca99b8f388bd -j ACCEPT
+-A FORWARD -i br-ca99b8f388bd -o br-ca99b8f388bd -j ACCEPT
+-A FORWARD -o br-c0b2ba195992 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+-A FORWARD -o br-c0b2ba195992 -j DOCKER
+-A FORWARD -i br-c0b2ba195992 ! -o br-c0b2ba195992 -j ACCEPT
+-A FORWARD -i br-c0b2ba195992 -o br-c0b2ba195992 -j ACCEPT
+-A FORWARD -o br-6bc729452407 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+-A FORWARD -o br-6bc729452407 -j DOCKER
+-A FORWARD -i br-6bc729452407 ! -o br-6bc729452407 -j ACCEPT
+-A FORWARD -i br-6bc729452407 -o br-6bc729452407 -j ACCEPT
+-A FORWARD -o br-5308f1f43b74 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+-A FORWARD -o br-5308f1f43b74 -j DOCKER
+-A FORWARD -i br-5308f1f43b74 ! -o br-5308f1f43b74 -j ACCEPT
+-A FORWARD -i br-5308f1f43b74 -o br-5308f1f43b74 -j ACCEPT
+-A FORWARD -o br-4cd1bda01d71 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+-A FORWARD -o br-4cd1bda01d71 -j DOCKER
+-A FORWARD -i br-4cd1bda01d71 ! -o br-4cd1bda01d71 -j ACCEPT
+-A FORWARD -i br-4cd1bda01d71 -o br-4cd1bda01d71 -j ACCEPT
+-A FORWARD -o br-be41738be207 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+-A FORWARD -o br-be41738be207 -j DOCKER
+-A FORWARD -i br-be41738be207 ! -o br-be41738be207 -j ACCEPT
+-A FORWARD -i br-be41738be207 -o br-be41738be207 -j ACCEPT
+-A FORWARD -o br-9a979e4b5d4f -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+-A FORWARD -o br-9a979e4b5d4f -j DOCKER
+-A FORWARD -i br-9a979e4b5d4f ! -o br-9a979e4b5d4f -j ACCEPT
+-A FORWARD -i br-9a979e4b5d4f -o br-9a979e4b5d4f -j ACCEPT
+-A FORWARD -o br-311821febf2e -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+-A FORWARD -o br-311821febf2e -j DOCKER
+-A FORWARD -i br-311821febf2e ! -o br-311821febf2e -j ACCEPT
+-A FORWARD -i br-311821febf2e -o br-311821febf2e -j ACCEPT
+-A FORWARD -j ufw-before-logging-forward
+-A FORWARD -j ufw-before-forward
+-A FORWARD -j ufw-after-forward
+-A FORWARD -j ufw-after-logging-forward
+-A FORWARD -j ufw-reject-forward
+-A FORWARD -j ufw-track-forward
+-A OUTPUT -j ufw-before-logging-output
+-A OUTPUT -j ufw-before-output
+-A OUTPUT -j ufw-after-output
+-A OUTPUT -j ufw-after-logging-output
+-A OUTPUT -j ufw-reject-output
+-A OUTPUT -j ufw-track-output
+-A DOCKER -d 172.22.0.2/32 ! -i br-be41738be207 -o br-be41738be207 -p tcp -m tcp --dport 80 -j ACCEPT
+-A DOCKER -d 172.24.0.2/32 ! -i br-c0b2ba195992 -o br-c0b2ba195992 -p tcp -m tcp --dport 34000 -j ACCEPT
+-A DOCKER -d 172.19.0.2/32 ! -i br-6bc729452407 -o br-6bc729452407 -p tcp -m tcp --dport 8008 -j ACCEPT
+-A DOCKER -d 172.24.0.2/32 ! -i br-c0b2ba195992 -o br-c0b2ba195992 -p tcp -m tcp --dport 9993 -j ACCEPT
+-A DOCKER -d 172.24.0.2/32 ! -i br-c0b2ba195992 -o br-c0b2ba195992 -p udp -m udp --dport 9993 -j ACCEPT
+-A DOCKER -d 172.24.0.2/32 ! -i br-c0b2ba195992 -o br-c0b2ba195992 -p tcp -m tcp --dport 3180 -j ACCEPT
+-A DOCKER -d 172.17.0.2/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 9000 -j ACCEPT
+-A DOCKER -d 172.20.0.2/32 ! -i br-311821febf2e -o br-311821febf2e -p tcp -m tcp --dport 80 -j ACCEPT
+-A DOCKER -d 172.25.0.2/32 ! -i br-9a979e4b5d4f -o br-9a979e4b5d4f -p tcp -m tcp --dport 2380 -j ACCEPT
+-A DOCKER -d 172.21.0.2/32 ! -i br-4cd1bda01d71 -o br-4cd1bda01d71 -p tcp -m tcp --dport 80 -j ACCEPT
+-A DOCKER -d 172.26.0.2/32 ! -i br-ca99b8f388bd -o br-ca99b8f388bd -p tcp -m tcp --dport 21119 -j ACCEPT
+-A DOCKER -d 172.25.0.2/32 ! -i br-9a979e4b5d4f -o br-9a979e4b5d4f -p tcp -m tcp --dport 2379 -j ACCEPT
+-A DOCKER -d 172.26.0.2/32 ! -i br-ca99b8f388bd -o br-ca99b8f388bd -p tcp -m tcp --dport 21118 -j ACCEPT
+-A DOCKER -d 172.26.0.2/32 ! -i br-ca99b8f388bd -o br-ca99b8f388bd -p tcp -m tcp --dport 21117 -j ACCEPT
+-A DOCKER -d 172.26.0.2/32 ! -i br-ca99b8f388bd -o br-ca99b8f388bd -p tcp -m tcp --dport 21116 -j ACCEPT
+-A DOCKER -d 172.26.0.2/32 ! -i br-ca99b8f388bd -o br-ca99b8f388bd -p udp -m udp --dport 21116 -j ACCEPT
+-A DOCKER -d 172.26.0.2/32 ! -i br-ca99b8f388bd -o br-ca99b8f388bd -p tcp -m tcp --dport 21115 -j ACCEPT
+-A DOCKER -d 10.10.27.2/32 ! -i br-31ea98354f2d -o br-31ea98354f2d -p tcp -m tcp --dport 3000 -j ACCEPT
+-A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
+-A DOCKER-ISOLATION-STAGE-1 ! -s 172.18.0.0/16 -o br-d6435c261f29 -j DROP
+-A DOCKER-ISOLATION-STAGE-1 ! -d 172.18.0.0/16 -i br-d6435c261f29 -j DROP
+-A DOCKER-ISOLATION-STAGE-1 -i br-9a979e4b5d4f ! -o br-9a979e4b5d4f -j DOCKER-ISOLATION-STAGE-2
+-A DOCKER-ISOLATION-STAGE-1 -i br-6bc729452407 ! -o br-6bc729452407 -j DOCKER-ISOLATION-STAGE-2
+-A DOCKER-ISOLATION-STAGE-1 -i br-5308f1f43b74 ! -o br-5308f1f43b74 -j DOCKER-ISOLATION-STAGE-2
+-A DOCKER-ISOLATION-STAGE-1 -i br-311821febf2e ! -o br-311821febf2e -j DOCKER-ISOLATION-STAGE-2
+-A DOCKER-ISOLATION-STAGE-1 -i br-ca99b8f388bd ! -o br-ca99b8f388bd -j DOCKER-ISOLATION-STAGE-2
+-A DOCKER-ISOLATION-STAGE-1 -i br-c0b2ba195992 ! -o br-c0b2ba195992 -j DOCKER-ISOLATION-STAGE-2
+-A DOCKER-ISOLATION-STAGE-1 -i br-be41738be207 ! -o br-be41738be207 -j DOCKER-ISOLATION-STAGE-2
+-A DOCKER-ISOLATION-STAGE-1 -i br-4cd1bda01d71 ! -o br-4cd1bda01d71 -j DOCKER-ISOLATION-STAGE-2
+-A DOCKER-ISOLATION-STAGE-1 -i br-31ea98354f2d ! -o br-31ea98354f2d -j DOCKER-ISOLATION-STAGE-2
+-A DOCKER-ISOLATION-STAGE-1 -j RETURN
+-A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
+-A DOCKER-ISOLATION-STAGE-2 -o br-9a979e4b5d4f -j DROP
+-A DOCKER-ISOLATION-STAGE-2 -o br-6bc729452407 -j DROP
+-A DOCKER-ISOLATION-STAGE-2 -o br-5308f1f43b74 -j DROP
+-A DOCKER-ISOLATION-STAGE-2 -o br-311821febf2e -j DROP
+-A DOCKER-ISOLATION-STAGE-2 -o br-ca99b8f388bd -j DROP
+-A DOCKER-ISOLATION-STAGE-2 -o br-c0b2ba195992 -j DROP
+-A DOCKER-ISOLATION-STAGE-2 -o br-be41738be207 -j DROP
+-A DOCKER-ISOLATION-STAGE-2 -o br-4cd1bda01d71 -j DROP
+-A DOCKER-ISOLATION-STAGE-2 -o br-31ea98354f2d -j DROP
+-A DOCKER-ISOLATION-STAGE-2 -j RETURN
+-A DOCKER-USER -j RETURN
+-A ufw-after-input -p udp -m udp --dport 137 -j ufw-skip-to-policy-input
+-A ufw-after-input -p udp -m udp --dport 138 -j ufw-skip-to-policy-input
+-A ufw-after-input -p tcp -m tcp --dport 139 -j ufw-skip-to-policy-input
+-A ufw-after-input -p tcp -m tcp --dport 445 -j ufw-skip-to-policy-input
+-A ufw-after-input -p udp -m udp --dport 67 -j ufw-skip-to-policy-input
+-A ufw-after-input -p udp -m udp --dport 68 -j ufw-skip-to-policy-input
+-A ufw-after-input -m addrtype --dst-type BROADCAST -j ufw-skip-to-policy-input
+-A ufw-after-logging-forward -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+-A ufw-after-logging-input -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+-A ufw-before-forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+-A ufw-before-forward -p icmp -m icmp --icmp-type 3 -j ACCEPT
+-A ufw-before-forward -p icmp -m icmp --icmp-type 11 -j ACCEPT
+-A ufw-before-forward -p icmp -m icmp --icmp-type 12 -j ACCEPT
+-A ufw-before-forward -p icmp -m icmp --icmp-type 8 -j ACCEPT
+-A ufw-before-forward -j ufw-user-forward
+-A ufw-before-input -i lo -j ACCEPT
+-A ufw-before-input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+-A ufw-before-input -m conntrack --ctstate INVALID -j ufw-logging-deny
+-A ufw-before-input -m conntrack --ctstate INVALID -j DROP
+-A ufw-before-input -p icmp -m icmp --icmp-type 3 -j ACCEPT
+-A ufw-before-input -p icmp -m icmp --icmp-type 11 -j ACCEPT
+-A ufw-before-input -p icmp -m icmp --icmp-type 12 -j ACCEPT
+-A ufw-before-input -p icmp -m icmp --icmp-type 8 -j ACCEPT
+-A ufw-before-input -p udp -m udp --sport 67 --dport 68 -j ACCEPT
+-A ufw-before-input -j ufw-not-local
+-A ufw-before-input -d 224.0.0.251/32 -p udp -m udp --dport 5353 -j ACCEPT
+-A ufw-before-input -d 239.255.255.250/32 -p udp -m udp --dport 1900 -j ACCEPT
+-A ufw-before-input -j ufw-user-input
+-A ufw-before-output -o lo -j ACCEPT
+-A ufw-before-output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+-A ufw-before-output -j ufw-user-output
+-A ufw-logging-allow -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+-A ufw-logging-deny -m conntrack --ctstate INVALID -m limit --limit 3/min --limit-burst 10 -j RETURN
+-A ufw-logging-deny -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+-A ufw-not-local -m addrtype --dst-type LOCAL -j RETURN
+-A ufw-not-local -m addrtype --dst-type MULTICAST -j RETURN
+-A ufw-not-local -m addrtype --dst-type BROADCAST -j RETURN
+-A ufw-not-local -m limit --limit 3/min --limit-burst 10 -j ufw-logging-deny
+-A ufw-not-local -j DROP
+-A ufw-skip-to-policy-forward -j DROP
+-A ufw-skip-to-policy-input -j DROP
+-A ufw-skip-to-policy-output -j ACCEPT
+-A ufw-track-output -p tcp -m conntrack --ctstate NEW -j ACCEPT
+-A ufw-track-output -p udp -m conntrack --ctstate NEW -j ACCEPT
+-A ufw-user-input -s 43.163.200.216/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 43.134.85.220/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 43.153.229.30/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 64.227.120.14/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 157.245.101.46/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 81.17.22.118/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 43.153.71.29/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 154.72.194.207/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 165.227.87.78/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 154.8.163.130/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 42.193.49.248/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 103.146.50.38/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 165.227.101.226/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 185.216.119.133/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 104.236.111.25/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 162.0.211.141/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 43.128.81.234/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 110.40.130.12/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 46.148.227.157/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 223.240.113.145/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 82.156.133.4/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 185.4.65.46/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 146.190.131.132/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 135.148.144.180/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 14.18.104.182/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 103.146.158.62/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 5.255.110.148/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 43.139.181.235/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 103.39.226.216/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 43.135.157.181/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 43.153.78.101/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 165.22.223.172/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 1.15.224.240/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 144.217.195.24/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 143.110.230.201/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 106.52.33.34/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 170.81.231.187/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 182.253.238.218/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 58.136.162.188/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 13.70.39.68/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 58.119.1.146/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 106.52.121.177/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 34.92.146.210/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 43.156.239.2/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 129.226.146.163/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 80.80.218.227/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 43.163.210.67/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 81.68.171.45/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 43.131.242.180/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 162.14.123.193/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 43.139.158.253/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 119.28.105.34/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 79.127.79.140/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 187.191.99.99/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 43.156.240.75/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 180.106.24.70/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 195.239.91.210/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 101.34.69.51/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 43.139.129.154/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 101.42.229.98/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 89.208.103.87/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 14.51.236.218/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 119.29.237.11/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 69.49.231.8/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 2.56.247.25/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 20.229.13.167/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 162.62.224.129/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 143.110.247.138/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 113.83.130.36/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 36.112.137.127/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 43.155.166.220/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 82.157.63.72/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 43.159.51.114/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 195.19.98.251/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 121.181.166.176/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 45.12.80.150/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 200.52.65.20/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 62.210.10.39/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 43.134.180.14/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 101.43.67.29/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 123.140.114.196/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 58.186.161.180/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 43.159.49.103/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 117.50.172.41/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 120.48.124.21/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 91.92.250.6/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 220.250.41.11/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 43.156.216.43/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 134.209.97.29/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 103.200.22.209/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 103.182.155.223/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 114.207.113.200/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 81.70.77.96/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 43.156.68.36/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 152.32.156.127/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 119.136.27.180/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 43.153.17.62/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 43.133.59.215/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 43.156.106.71/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 45.71.33.220/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 139.59.64.84/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 178.128.98.121/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 202.157.184.3/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 157.245.89.180/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 43.153.38.127/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 101.34.91.253/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 58.246.77.82/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 187.44.180.230/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 34.123.134.194/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 123.58.216.78/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 107.151.241.98/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 60.220.185.149/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 179.189.241.11/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 186.31.95.163/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 103.160.148.170/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 101.43.86.4/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 185.187.169.243/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 210.183.21.48/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 64.227.3.169/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 186.16.42.74/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 122.169.49.107/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 49.0.129.3/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 190.27.34.197/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 43.155.91.190/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 106.53.150.5/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 118.195.234.184/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 179.41.2.183/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 43.134.15.82/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 95.130.227.252/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 51.145.134.83/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 142.93.129.80/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 43.156.7.9/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 128.199.183.107/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 189.206.165.62/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 43.153.6.237/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 188.36.123.6/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 107.174.172.198/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 43.163.197.146/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 43.134.227.248/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 43.134.230.140/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 43.163.237.49/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 91.215.147.69/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 129.226.144.58/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 220.80.223.144/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 107.209.60.51/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 217.218.56.142/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 150.109.245.113/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -s 104.131.93.177/32 -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-input -p tcp -m tcp --dport 20 -j ACCEPT
+-A ufw-user-input -p tcp -m tcp --dport 21 -j ACCEPT
+-A ufw-user-input -p tcp -m tcp --dport 22 -j ACCEPT
+-A ufw-user-input -p tcp -m tcp --dport 80 -j ACCEPT
+-A ufw-user-input -p tcp -m tcp --dport 888 -j ACCEPT
+-A ufw-user-input -p tcp -m multiport --dports 39000:40000 -j ACCEPT
+-A ufw-user-input -p tcp -m tcp --dport 10240 -j ACCEPT
+-A ufw-user-input -p udp -m udp --dport 10240 -j ACCEPT
+-A ufw-user-input -p tcp -m tcp --dport 22222 -j ACCEPT
+-A ufw-user-input -p tcp -m tcp --dport 47475 -j ACCEPT
+-A ufw-user-input -p udp -m udp --dport 47471 -j ACCEPT
+-A ufw-user-input -p tcp -m tcp --dport 25565 -j ACCEPT
+-A ufw-user-input -p udp -m udp --dport 25565 -j ACCEPT
+-A ufw-user-input -p tcp -m tcp --dport 39200 -j ACCEPT
+-A ufw-user-input -p tcp -m tcp --dport 35601 -j ACCEPT
+-A ufw-user-input -p tcp -m tcp --dport 33133 -j ACCEPT
+-A ufw-user-input -p tcp -m tcp --dport 60200 -j ACCEPT
+-A ufw-user-input -p tcp -m tcp --dport 22460 -j ACCEPT
+-A ufw-user-input -p tcp -m tcp --dport 22470 -j ACCEPT
+-A ufw-user-input -p tcp -m tcp --dport 18082 -j ACCEPT
+-A ufw-user-input -p tcp -m multiport --dports 60000:60001 -j ACCEPT
+-A ufw-user-input -p tcp -m tcp --dport 63306 -j ACCEPT
+-A ufw-user-input -p tcp -m tcp --dport 60900 -j ACCEPT
+-A ufw-user-input -p tcp -m tcp --dport 63790 -j ACCEPT
+-A ufw-user-input -p tcp -m tcp --dport 60222 -j ACCEPT
+-A ufw-user-input -p tcp -m tcp --dport 21312 -j ACCEPT
+-A ufw-user-input -p tcp -m tcp --dport 63002 -j ACCEPT
+-A ufw-user-input -p tcp -m tcp --dport 9000 -j ACCEPT
+-A ufw-user-input -p tcp -m tcp --dport 63000 -j ACCEPT
+-A ufw-user-input -p tcp -m tcp --dport 63001 -j ACCEPT
+-A ufw-user-input -p tcp -m tcp --dport 5050 -j ACCEPT
+-A ufw-user-input -p tcp -m tcp --dport 3478 -j ACCEPT
+-A ufw-user-input -p tcp -m multiport --dports 50000:52000 -j ACCEPT
+-A ufw-user-input -p tcp -m tcp --dport 28080 -j ACCEPT
+-A ufw-user-input -p udp -m udp --dport 28080 -j ACCEPT
+-A ufw-user-input -p tcp -m tcp --dport 29090 -j ACCEPT
+-A ufw-user-input -p udp -m udp --dport 29090 -j ACCEPT
+-A ufw-user-input -p udp -m udp --dport 3478 -j ACCEPT
+-A ufw-user-input -p tcp -m tcp --dport 443 -j ACCEPT
+-A ufw-user-input -p tcp -m tcp --dport 10801 -j ACCEPT
+-A ufw-user-input -p tcp -m tcp --dport 10808 -j ACCEPT
+-A ufw-user-input -p tcp -m tcp --dport 12580 -j ACCEPT
+-A ufw-user-input -p tcp -m tcp --dport 32123 -j ACCEPT
+-A ufw-user-input -p tcp -m tcp --dport 18081 -j ACCEPT
+-A ufw-user-input -p tcp -m tcp --dport 23333 -j ACCEPT
+-A ufw-user-input -p tcp -m tcp --dport 3578 -j ACCEPT
+-A ufw-user-input -p udp -m udp --dport 3578 -j ACCEPT
+-A ufw-user-input -p udp -m udp --dport 13478 -j ACCEPT
+-A ufw-user-input -p tcp -m tcp --dport 12333 -j ACCEPT
+-A ufw-user-input -p udp -m udp --dport 12333 -j ACCEPT
+-A ufw-user-input -p tcp -m tcp --dport 9993 -j ACCEPT
+-A ufw-user-input -p udp -m udp --dport 9993 -j ACCEPT
+-A ufw-user-input -p tcp -m tcp --dport 34000 -j ACCEPT
+-A ufw-user-input -p tcp -m tcp --dport 2379 -j ACCEPT
+-A ufw-user-input -p tcp -m tcp --dport 2380 -j ACCEPT
+-A ufw-user-input -p tcp -m tcp --dport 32380 -j ACCEPT
+-A ufw-user-input -p udp -m udp --dport 32380 -j ACCEPT
+-A ufw-user-input -p tcp -m tcp --dport 32379 -j ACCEPT
+-A ufw-user-input -p udp -m udp --dport 32379 -j ACCEPT
+-A ufw-user-input -p tcp -m tcp --dport 3678 -j ACCEPT
+-A ufw-user-input -p udp -m udp --dport 3678 -j ACCEPT
+-A ufw-user-input -p tcp -m multiport --dports 21115:21119 -j ACCEPT
+-A ufw-user-input -p udp -m udp --dport 21116 -j ACCEPT
+-A ufw-user-input -p tcp -m tcp --dport 33300 -j ACCEPT
+-A ufw-user-input -p tcp -m multiport --dports 34540:34545 -j ACCEPT
+-A ufw-user-input -p udp -m multiport --dports 34540:34545 -j ACCEPT
+-A ufw-user-input -p tcp -m multiport --dports 45000:46000 -j ACCEPT
+-A ufw-user-input -p tcp -m tcp --dport 36573 -j ACCEPT
+-A ufw-user-input -p tcp -m tcp --dport 28088 -j ACCEPT
+-A ufw-user-input -p tcp -m tcp --dport 47470 -j ACCEPT
+-A ufw-user-input -p udp -m udp --dport 47470 -j ACCEPT
+-A ufw-user-limit -m limit --limit 3/min -j LOG --log-prefix "[UFW LIMIT BLOCK] "
+-A ufw-user-limit -j REJECT --reject-with icmp-port-unreachable
+-A ufw-user-limit-accept -j ACCEPT`
+
+	Parse(result)
+}
--- a/pkg/utils/iptables/iptables.go
+++ b/pkg/utils/iptables/iptables.go
@ -21,6 +21,8 @@ type Rule struct {
 	Chain Chain `json:"chain"`
 	// -j [target Chain]
 	Jump Chain `json:"jump"`
+	// -g [chain Chain]
+	Goto Chain `json:"goto"`

 	// -i [interface]
 	InputInterface string `json:"inputInterface"`
--- a/pkg/utils/iptables/parser.go
+++ b/pkg/utils/iptables/parser.go
@ -4,6 +4,7 @@ import (
 	"fmt"
 	flag "github.com/spf13/pflag"
 	"iptables-helper/pkg/logger"
+	utils "iptables-helper/pkg/utils/json"
 	"strings"
 )

@ -68,6 +69,18 @@ func Parse(rules string) {
 			destination := flagSet.StringP("destination", "d", "", "")
 			excludeDestination := flagSet.String("excludeD", "", "")

+			inputInterface := flagSet.StringP("in-interface", "i", "", "")
+			excludeInputInterface := flagSet.String("excludeI", "", "")
+
+			outputInterface := flagSet.StringP("out-interface", "o", "", "")
+			excludeOutputInterface := flagSet.String("excludeO", "", "")
+
+			protocol := flagSet.StringP("protocol", "p", "", "")
+			excludeProtocol := flagSet.String("excludeP", "", "")
+
+			jump := flagSet.StringP("jump", "j", "", "")
+			gotoChain := flagSet.StringP("goto", "g", "", "")
+
 			_ = flagSet.Parse(args)
 			r := Rule{
 				Chain:         Chain(appendRule),
@ -76,7 +89,17 @@ func Parse(rules string) {

 				Destination:        *destination,
 				ExcludeDestination: *excludeDestination,
-				//Jump: Chain(),
+
+				InputInterface:        *inputInterface,
+				ExcludeInputInterface: *excludeInputInterface,
+
+				OutputInterface:        *outputInterface,
+				ExcludeOutputInterface: *excludeOutputInterface,
+
+				Protocol:        *protocol,
+				ExcludeProtocol: *excludeProtocol,
+				Jump:            Chain(*jump),
+				Goto:            Chain(*gotoChain),
 			}
 			ruleList = append(ruleList, r)
 		}
@ -96,6 +119,6 @@ func Parse(rules string) {
 	}

 	for _, rule := range ruleList {
-		logger.Log().Infof("规则： %+v", rule)
+		logger.Log().Infof("规则： %+v", utils.Json(rule))
 	}
 }
--- a/pkg/utils/json/json.go
+++ b/pkg/utils/json/json.go
@ -0,0 +1,10 @@
+package utils
+
+import (
+	"github.com/goccy/go-json"
+)
+
+func Json(data interface{}) string {
+	jsonBytes, _ := json.MarshalIndent(data, "", "  ")
+	return string(jsonBytes)
+}