iptables-save every minute

src/iptables_save.rs

@@ -2,7 +2,6 @@ use std::process::Command;
 
 pub fn save_iptables() {
     let _ = Command::new("iptables-save")
-        .arg(">")
-        .arg("/host_iptables/rules.v4")
+        .args(&["-f", "/host_iptables/rules.v4"])
         .output();
 }

src/main.rs

@@ -3,7 +3,7 @@ pub mod login_attempt;
 
 use linemux::MuxedLines;
 use login_attempt::LoginAttempt;
-use std::collections::HashMap;
+use std::{collections::HashMap, thread::sleep, time::Duration};
 
 #[tokio::main]
 async fn main() -> std::io::Result<()> {
@@ -12,6 +12,19 @@ async fn main() -> std::io::Result<()> {
     lines.add_file("/host_ssh/auth.log").await?;
     let mut login_attempts: HashMap<String, usize> = HashMap::new();
 
+    let seconds_iptables = Duration::from_secs(60);
+    println!(
+        "starting iptables-save, run every {} seconds",
+        seconds_iptables.as_secs()
+    );
+    tokio::spawn(async move {
+        loop {
+            sleep(seconds_iptables);
+            iptables_save::save_iptables();
+            println!("saved iptables rules");
+        }
+    });
+
     println!("listening to changes over /host_ssh/auth.log");
     while let Ok(Some(line)) = lines.next_line().await {
         if let Some(login_attempt) = LoginAttempt::capture(line.line()) {