cleaning shit
This commit is contained in:
parent
691584c46e
commit
47ec0ee6b0
@ -86,25 +86,8 @@ pub fn map_secured_ports_allowed_ips(docker: bool) -> HashMap<u16, Vec<String>>
|
||||
result
|
||||
}
|
||||
|
||||
fn secure_port_rule(iptables: &IPTables, port: u16, docker: bool) -> Option<String> {
|
||||
if docker {
|
||||
let internal_ip = get_internal_ip_for_docker_port(iptables, port)?;
|
||||
Some(format!(
|
||||
"-d {} -p tcp --dport {} -j DROP",
|
||||
internal_ip, port
|
||||
))
|
||||
} else {
|
||||
Some(format!("-p tcp --dport {} -j DROP", port))
|
||||
}
|
||||
}
|
||||
|
||||
fn get_internal_ip_for_docker_port(iptables: &IPTables, port: u16) -> Option<String> {
|
||||
let rules = iptables.list("filter", "DOCKER").unwrap();
|
||||
let rule = rules
|
||||
.iter()
|
||||
.find(|r| r.contains(&format!("-p tcp -m tcp --dport {} -j ACCEPT", port)));
|
||||
|
||||
rule.map(|r| extract_ip(&get_regex_for_ip(), r).unwrap())
|
||||
fn secure_port_rule(port: u16) -> String {
|
||||
format!("-p tcp --dport {} -j DROP", port)
|
||||
}
|
||||
|
||||
pub fn secure_port(
|
||||
@ -116,10 +99,7 @@ pub fn secure_port(
|
||||
|
||||
let table = "filter";
|
||||
let chain = get_chain(docker);
|
||||
let rule = secure_port_rule(&iptables, port, docker);
|
||||
if rule.is_none() {
|
||||
return Err("Err gathering secure port rule".into());
|
||||
}
|
||||
let rule = secure_port_rule(port);
|
||||
|
||||
let position = if docker && position.is_none() {
|
||||
let all_docker_rules = iptables.list("filter", &chain).unwrap();
|
||||
@ -128,7 +108,6 @@ pub fn secure_port(
|
||||
position
|
||||
};
|
||||
|
||||
let rule = rule.unwrap();
|
||||
if let Some(position) = position {
|
||||
insert_unique(&iptables, table, &chain, &rule, position)
|
||||
} else {
|
||||
@ -139,30 +118,12 @@ pub fn secure_port(
|
||||
pub fn unsecure_port(port: u16, docker: bool) -> Result<(), Box<dyn std::error::Error>> {
|
||||
let iptables = iptables::new(false).unwrap();
|
||||
|
||||
let rule = secure_port_rule(&iptables, port, docker);
|
||||
if rule.is_none() {
|
||||
return Err("Err gathering secure port rule".into());
|
||||
}
|
||||
|
||||
let rule = rule.unwrap();
|
||||
let rule = secure_port_rule(port);
|
||||
iptables.delete("filter", &get_chain(docker), &rule)
|
||||
}
|
||||
|
||||
fn allow_ip_for_port_rule(
|
||||
iptables: &IPTables,
|
||||
port: u16,
|
||||
ip: &str,
|
||||
docker: bool,
|
||||
) -> Option<String> {
|
||||
if docker {
|
||||
let internal_ip = get_internal_ip_for_docker_port(iptables, port)?;
|
||||
Some(format!(
|
||||
"-p tcp --dport {} -s {} -d {} -j ACCEPT",
|
||||
port, ip, internal_ip
|
||||
))
|
||||
} else {
|
||||
Some(format!("-p tcp --dport {} -s {} -j ACCEPT", port, ip))
|
||||
}
|
||||
fn allow_ip_for_port_rule(port: u16, ip: &str) -> String {
|
||||
format!("-p tcp --dport {} -s {} -j ACCEPT", port, ip)
|
||||
}
|
||||
|
||||
pub fn allow_ip_for_port(
|
||||
@ -175,12 +136,8 @@ pub fn allow_ip_for_port(
|
||||
|
||||
let table = "filter";
|
||||
let chain = get_chain(docker);
|
||||
let rule = allow_ip_for_port_rule(&iptables, port, ip, docker);
|
||||
if rule.is_none() {
|
||||
return Err("Err gathering allow ip for port rule".into());
|
||||
}
|
||||
let rule = allow_ip_for_port_rule(port, ip);
|
||||
|
||||
let rule = rule.unwrap();
|
||||
if let Some(position) = position {
|
||||
insert_unique(&iptables, table, &chain, &rule, position)
|
||||
} else {
|
||||
@ -194,12 +151,7 @@ pub fn remove_allow_ip_for_port(
|
||||
docker: bool,
|
||||
) -> Result<(), Box<dyn std::error::Error>> {
|
||||
let iptables = iptables::new(false).unwrap();
|
||||
let rule = allow_ip_for_port_rule(&iptables, port, ip, docker);
|
||||
if rule.is_none() {
|
||||
return Err("Err gathering allow ip for port rule".into());
|
||||
}
|
||||
|
||||
let rule = rule.unwrap();
|
||||
let rule = allow_ip_for_port_rule(port, ip);
|
||||
iptables.delete("filter", &get_chain(docker), &rule)
|
||||
}
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user