// applyRules renders desired rules and passes them as stdin to iptables-restore.
func (i *IPTsaveFirewall) applyRules(iptables *iptsave.IPtables) error {
cmd := i.os.Cmd(iptablesRestoreBin, []string{"--noflush"})
reader := bytes.NewReader([]byte(iptables.Render()))
log.Tracef(trace.Inside, "In applyRules allocating stdin pipe")
stdin, err := cmd.StdinPipe()
if err != nil {
return fmt.Errorf("Failed to allocate stdin for iptables-restore - %s", err)
}
log.Tracef(trace.Inside, "In applyRules starting the command")
if err := cmd.Start(); err != nil {
return err
}
log.Tracef(trace.Inside, "In applyRules sending the rules")
_, err = reader.WriteTo(stdin)
if err != nil {
return err
}
stdin.Close()
log.Tracef(trace.Inside, "In applyRules waiting for command to complete")
if err := cmd.Wait(); err != nil {
log.Tracef(trace.Inside, "In applyRules failed to apply")
return err
}
return nil
}
func main() {
flag.Parse()
ipt := iptsave.IPtables{}
ipt.Parse(os.Stdin)
fmt.Println(ipt.Render())
}
// makeDbRules aggregates all rules from given iptables table and converts them
// into a format acceptible by firewall store.
func makeDbRules(iptables *iptsave.IPtables) ([]*IPtablesRule, error) {
var res []*IPtablesRule
// This function operates on "filter" table.
table := iptables.TableByName("filter")
if table == nil {
return nil, fmt.Errorf("In createNewDbRules() firewall doesn't have filter table")
}
for _, chain := range table.Chains {
chainRules := chain2rules(*chain)
res = append(res, chainRules...)
}
return res, nil
}