diff --git a/pkg/utils/iptables/flag_test.go b/pkg/utils/iptables/flag_test.go index b435199..a944c15 100644 --- a/pkg/utils/iptables/flag_test.go +++ b/pkg/utils/iptables/flag_test.go @@ -1,7 +1,9 @@ package iptables import ( + "fmt" "iptables-helper/pkg/utils/command" + utils "iptables-helper/pkg/utils/json" "testing" ) @@ -396,5 +398,7 @@ func TestParser(t *testing.T) { -A ufw-user-limit -j REJECT --reject-with icmp-port-unreachable -A ufw-user-limit-accept -j ACCEPT` - Parse(result) + info := Parse(result) + fmt.Printf("%+v\n", utils.Json(info)) + fmt.Printf("解析 策略: %d, 策略链: %d, 规则: %d\n", len(info.Policies), len(info.Chains), len(info.Rules)) } diff --git a/pkg/utils/iptables/iptables.go b/pkg/utils/iptables/iptables.go index d438925..48ed59b 100644 --- a/pkg/utils/iptables/iptables.go +++ b/pkg/utils/iptables/iptables.go @@ -1,8 +1,11 @@ package iptables +// iptables 内置动作 var ( ACCEPT Action = "ACCEPT" DROP Action = "DROP" + REJECT Action = "REJECT" + RETURN Action = "RETURN" ) type Action string @@ -64,3 +67,9 @@ type Rule struct { // --limit example: 3/min Limit string `json:"limit"` } + +type Info struct { + Policies []Policy `json:"policies"` + Chains []Chain `json:"chains"` + Rules []Rule `json:"rules"` +} diff --git a/pkg/utils/iptables/parser.go b/pkg/utils/iptables/parser.go index 5213c46..d00988c 100644 --- a/pkg/utils/iptables/parser.go +++ b/pkg/utils/iptables/parser.go @@ -1,16 +1,14 @@ package iptables import ( - "fmt" flag "github.com/spf13/pflag" "iptables-helper/pkg/logger" - utils "iptables-helper/pkg/utils/json" "strings" ) // Parse // iptables 规则解析 -func Parse(rules string) { +func Parse(rules string) Info { results := strings.Split(rules, "\n") policyList := make([]Policy, 0) @@ -18,6 +16,11 @@ func Parse(rules string) { ruleList := make([]Rule, 0) for _, rule := range results { + rule = strings.TrimSpace(rule) + if len(rule) == 0 { + continue + } + logger.Log().Debug("解析规则: ", rule) //rule := "-A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER" @@ -54,14 +57,10 @@ func Parse(rules string) { chainList = append(chainList, chain) policyList = append(policyList, Policy{chain, target}) continue - } - - if len(newChain) > 0 { + } else if len(newChain) > 0 { chainList = append(chainList, Chain(newChain)) continue - } - - if len(appendRule) > 0 { + } else if len(appendRule) > 0 { // 来源 source := flagSet.StringP("source", "s", "", "") excludeSource := flagSet.String("excludeS", "", "") @@ -120,23 +119,16 @@ func Parse(rules string) { Limit: *limit, } ruleList = append(ruleList, r) + } else { + logger.Log().Warnf("无法解析的规则: %+v", rule) } //logger.Log().Debugf("appendRule %+v", appendRule) //logger.Log().Debugf("reverse %+v", reverse) } - for i := 0; i < 50; i++ { - fmt.Print("=") - } - fmt.Println() - for _, policy := range policyList { - logger.Log().Infof("默认策略: %s => %s", policy.Name, policy.Target) - } - for _, chain := range chainList { - logger.Log().Infof("自定义规则链: %s", chain) - } - - for _, rule := range ruleList { - fmt.Printf("规则: %+v\n", utils.Json(rule)) + return Info{ + policyList, + chainList, + ruleList, } }