Example #1
0
// applyRules renders desired rules and passes them as stdin to iptables-restore.
func (i *IPTsaveFirewall) applyRules(iptables *iptsave.IPtables) error {
	cmd := i.os.Cmd(iptablesRestoreBin, []string{"--noflush"})
	reader := bytes.NewReader([]byte(iptables.Render()))

	log.Tracef(trace.Inside, "In applyRules allocating stdin pipe")
	stdin, err := cmd.StdinPipe()
	if err != nil {
		return fmt.Errorf("Failed to allocate stdin for iptables-restore - %s", err)
	}

	log.Tracef(trace.Inside, "In applyRules starting the command")
	if err := cmd.Start(); err != nil {
		return err
	}

	log.Tracef(trace.Inside, "In applyRules sending the rules")
	_, err = reader.WriteTo(stdin)
	if err != nil {
		return err
	}

	stdin.Close()

	log.Tracef(trace.Inside, "In applyRules waiting for command to complete")
	if err := cmd.Wait(); err != nil {
		log.Tracef(trace.Inside, "In applyRules failed to apply")
		return err
	}

	return nil
}
Example #2
0
File: main.go Project: romana/core
func main() {
	flag.Parse()

	ipt := iptsave.IPtables{}
	ipt.Parse(os.Stdin)

	fmt.Println(ipt.Render())
}
Example #3
0
// makeDbRules aggregates all rules from given iptables table and converts them
// into a format acceptible by firewall store.
func makeDbRules(iptables *iptsave.IPtables) ([]*IPtablesRule, error) {

	var res []*IPtablesRule

	// This function operates on "filter" table.
	table := iptables.TableByName("filter")
	if table == nil {
		return nil, fmt.Errorf("In createNewDbRules() firewall doesn't have filter table")
	}

	for _, chain := range table.Chains {
		chainRules := chain2rules(*chain)
		res = append(res, chainRules...)
	}

	return res, nil
}