print true/false depending of result
This commit is contained in:
@ -1,7 +1,7 @@
|
||||
use std::{path::Path, process::Command};
|
||||
|
||||
pub fn save_iptables(path: &Path) {
|
||||
let _ = Command::new("iptables-save")
|
||||
pub fn save_iptables(path: &Path) -> std::io::Result<std::process::Output> {
|
||||
Command::new("iptables-save")
|
||||
.args(["-f", path.to_str().unwrap()])
|
||||
.output();
|
||||
.output()
|
||||
}
|
||||
|
||||
@ -1,7 +1,6 @@
|
||||
use std::collections::HashMap;
|
||||
|
||||
use iptables::IPTables;
|
||||
use regex::Regex;
|
||||
use std::collections::HashMap;
|
||||
|
||||
pub fn is_port_secured(port: u16, docker: bool) -> bool {
|
||||
let iptables = iptables::new(false).unwrap();
|
||||
@ -80,11 +79,15 @@ pub fn map_secured_ports_allowed_ips(docker: bool) -> HashMap<u16, Vec<String>>
|
||||
result
|
||||
}
|
||||
|
||||
pub fn secure_port_rule(port: u16) -> String {
|
||||
fn secure_port_rule(port: u16) -> String {
|
||||
format!("-p tcp --dport {} -j DROP", port)
|
||||
}
|
||||
|
||||
pub fn secure_port(port: u16, docker: bool, position: Option<i32>) {
|
||||
pub fn secure_port(
|
||||
port: u16,
|
||||
docker: bool,
|
||||
position: Option<i32>,
|
||||
) -> Result<(), Box<dyn std::error::Error>> {
|
||||
let iptables = iptables::new(false).unwrap();
|
||||
|
||||
let table = "filter";
|
||||
@ -95,22 +98,23 @@ pub fn secure_port(port: u16, docker: bool, position: Option<i32>) {
|
||||
} else {
|
||||
append_unique(&iptables, table, &chain, &rule)
|
||||
}
|
||||
|
||||
println!("Port {} secured", port);
|
||||
}
|
||||
|
||||
pub fn unsecure_port(port: u16, docker: bool) {
|
||||
pub fn unsecure_port(port: u16, docker: bool) -> Result<(), Box<dyn std::error::Error>> {
|
||||
let iptables = iptables::new(false).unwrap();
|
||||
let _ = iptables.delete("filter", &get_chain(docker), &secure_port_rule(port));
|
||||
|
||||
println!("Port {} unsecured", port);
|
||||
iptables.delete("filter", &get_chain(docker), &secure_port_rule(port))
|
||||
}
|
||||
|
||||
pub fn allow_ip_for_port_rule(port: u16, ip: &str) -> String {
|
||||
fn allow_ip_for_port_rule(port: u16, ip: &str) -> String {
|
||||
format!("-p tcp --dport {} -s {} -j ACCEPT", port, ip)
|
||||
}
|
||||
|
||||
pub fn allow_ip_for_port(ip: &str, port: u16, docker: bool, position: Option<i32>) {
|
||||
pub fn allow_ip_for_port(
|
||||
ip: &str,
|
||||
port: u16,
|
||||
docker: bool,
|
||||
position: Option<i32>,
|
||||
) -> Result<(), Box<dyn std::error::Error>> {
|
||||
let iptables = iptables::new(false).unwrap();
|
||||
|
||||
let table = "filter";
|
||||
@ -121,18 +125,19 @@ pub fn allow_ip_for_port(ip: &str, port: u16, docker: bool, position: Option<i32
|
||||
} else {
|
||||
append_unique(&iptables, table, &chain, &rule)
|
||||
}
|
||||
|
||||
println!("Allowed {} to access {}", ip, port);
|
||||
}
|
||||
|
||||
pub fn remove_allow_ip_for_port(ip: &str, port: u16, docker: bool) {
|
||||
pub fn remove_allow_ip_for_port(
|
||||
ip: &str,
|
||||
port: u16,
|
||||
docker: bool,
|
||||
) -> Result<(), Box<dyn std::error::Error>> {
|
||||
let iptables = iptables::new(false).unwrap();
|
||||
let _ = iptables.delete(
|
||||
iptables.delete(
|
||||
"filter",
|
||||
&get_chain(docker),
|
||||
&allow_ip_for_port_rule(port, ip),
|
||||
);
|
||||
println!("Removed access of {} to {}", ip, port);
|
||||
)
|
||||
}
|
||||
|
||||
fn get_chain(docker: bool) -> String {
|
||||
@ -143,12 +148,23 @@ fn get_chain(docker: bool) -> String {
|
||||
}
|
||||
}
|
||||
|
||||
fn append_unique(iptables: &IPTables, table: &str, chain: &str, rule: &str) {
|
||||
let _ = iptables.append_unique(table, chain, rule);
|
||||
fn append_unique(
|
||||
iptables: &IPTables,
|
||||
table: &str,
|
||||
chain: &str,
|
||||
rule: &str,
|
||||
) -> Result<(), Box<dyn std::error::Error>> {
|
||||
iptables.append_unique(table, chain, rule)
|
||||
}
|
||||
|
||||
fn insert_unique(iptables: &IPTables, table: &str, chain: &str, rule: &str, position: i32) {
|
||||
let _ = iptables.insert_unique(table, chain, rule, position);
|
||||
fn insert_unique(
|
||||
iptables: &IPTables,
|
||||
table: &str,
|
||||
chain: &str,
|
||||
rule: &str,
|
||||
position: i32,
|
||||
) -> Result<(), Box<dyn std::error::Error>> {
|
||||
iptables.insert_unique(table, chain, rule, position)
|
||||
}
|
||||
|
||||
fn extract_ip(regex: &Regex, input: &str) -> Option<String> {
|
||||
|
||||
18
src/main.rs
18
src/main.rs
@ -46,19 +46,22 @@ async fn main() {
|
||||
port,
|
||||
docker,
|
||||
position,
|
||||
} => secure_port(port, docker, position),
|
||||
Cli::UnsecurePort { port, docker } => unsecure_port(port, docker),
|
||||
} => println!("{}", secure_port(port, docker, position).is_ok()),
|
||||
Cli::UnsecurePort { port, docker } => println!("{}", unsecure_port(port, docker).is_ok()),
|
||||
Cli::AllowIpForPort {
|
||||
ip,
|
||||
port,
|
||||
docker,
|
||||
position,
|
||||
} => allow_ip_for_port(&ip, port, docker, position),
|
||||
} => println!("{}", allow_ip_for_port(&ip, port, docker, position).is_ok()),
|
||||
Cli::OnlyIpForPort { ip, port, docker } => {
|
||||
allow_ip_for_port(&ip, port, docker, Some(1));
|
||||
secure_port(port, docker, Some(2));
|
||||
let allowed = allow_ip_for_port(&ip, port, docker, Some(1));
|
||||
let secured = secure_port(port, docker, Some(2));
|
||||
println!("{}", allowed.is_ok() && secured.is_ok());
|
||||
}
|
||||
Cli::RemoveAllowIpPort { ip, port, docker } => {
|
||||
println!("{}", remove_allow_ip_for_port(&ip, port, docker).is_ok())
|
||||
}
|
||||
Cli::RemoveAllowIpPort { ip, port, docker } => remove_allow_ip_for_port(&ip, port, docker),
|
||||
Cli::SaveIPTables { iptables_save } => {
|
||||
let path = if let Some(iptables_save) = iptables_save {
|
||||
iptables_save
|
||||
@ -66,8 +69,7 @@ async fn main() {
|
||||
PathBuf::from("/etc/iptables/rules.v4")
|
||||
};
|
||||
|
||||
iptables_save::save_iptables(&path);
|
||||
println!("Saved IPTables to {}", path.display());
|
||||
println!("{}", iptables_save::save_iptables(&path).is_ok())
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user