iptables-save every minute

Cargo.lock

@@ -104,21 +104,6 @@ dependencies = [
  "windows-sys 0.52.0",
 ]
 
-[[package]]
-name = "foreign-types"
-version = "0.3.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1"
-dependencies = [
- "foreign-types-shared",
-]
-
-[[package]]
-name = "foreign-types-shared"
-version = "0.1.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b"
-
 [[package]]
 name = "futures-core"
 version = "0.3.30"
@@ -243,7 +228,6 @@ version = "0.1.0"
 dependencies = [
  "iptables",
  "linemux",
- "openssl",
  "regex",
  "tokio",
 ]
@@ -322,60 +306,6 @@ dependencies = [
  "memchr",
 ]
 
-[[package]]
-name = "once_cell"
-version = "1.19.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92"
-
-[[package]]
-name = "openssl"
-version = "0.10.64"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "95a0481286a310808298130d22dd1fef0fa571e05a8f44ec801801e84b216b1f"
-dependencies = [
- "bitflags 2.5.0",
- "cfg-if",
- "foreign-types",
- "libc",
- "once_cell",
- "openssl-macros",
- "openssl-sys",
-]
-
-[[package]]
-name = "openssl-macros"
-version = "0.1.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn",
-]
-
-[[package]]
-name = "openssl-src"
-version = "300.2.3+3.2.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5cff92b6f71555b61bb9315f7c64da3ca43d87531622120fea0195fc761b4843"
-dependencies = [
- "cc",
-]
-
-[[package]]
-name = "openssl-sys"
-version = "0.9.102"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c597637d56fbc83893a35eb0dd04b2b8e7a50c91e64e9493e398b5df4fb45fa2"
-dependencies = [
- "cc",
- "libc",
- "openssl-src",
- "pkg-config",
- "vcpkg",
-]
-
 [[package]]
 name = "pin-project-lite"
 version = "0.2.14"
@@ -388,12 +318,6 @@ version = "0.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184"
 
-[[package]]
-name = "pkg-config"
-version = "0.3.30"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d231b230927b5e4ad203db57bbcbee2802f6bce620b1e4a9024a07d94e2907ec"
-
 [[package]]
 name = "proc-macro2"
 version = "1.0.82"
@@ -528,12 +452,6 @@ version = "1.0.12"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b"
 
-[[package]]
-name = "vcpkg"
-version = "0.2.15"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426"
-
 [[package]]
 name = "walkdir"
 version = "2.5.0"

Cargo.toml

@@ -8,4 +8,3 @@ iptables = "0.5.1"
 linemux = "0.3.0"
 regex = "1.10.4"
 tokio = { version = "1.37.0", features = ["macros", "rt", "rt-multi-thread", "signal"]}
-openssl = { version = "0.10.64", features = ["vendored"] }

Dockerfile

@@ -1,16 +1,11 @@
 FROM rust:latest as builder
 
-RUN rustup target add x86_64-unknown-linux-musl
-RUN apt update && apt install -y musl-tools musl-dev
-RUN update-ca-certificates
-
 COPY . .
-
+RUN cargo build --release
-RUN cargo build --target x86_64-unknown-linux-musl --release
 
 FROM ubuntu:latest
 
 RUN apt update && apt upgrade -y && apt install iptables iptables-persistent -y
-COPY --from=builder /target/x86_64-unknown-linux-musl/release/martillo-maldito ./
+COPY --from=builder /target/release/martillo-maldito ./
 
 CMD ["/martillo-maldito"]

src/iptables_save.rs

@@ -2,7 +2,6 @@ use std::process::Command;
 
 pub fn save_iptables() {
     let _ = Command::new("iptables-save")
-        .arg(">")
+        .args(&["-f", "/host_iptables/rules.v4"])
-        .arg("/host_iptables/rules.v4")
         .output();
 }

src/main.rs

@@ -3,7 +3,7 @@ pub mod login_attempt;
 
 use linemux::MuxedLines;
 use login_attempt::LoginAttempt;
-use std::collections::HashMap;
+use std::{collections::HashMap, thread::sleep, time::Duration};
 
 #[tokio::main]
 async fn main() -> std::io::Result<()> {
@@ -12,6 +12,19 @@ async fn main() -> std::io::Result<()> {
     lines.add_file("/host_ssh/auth.log").await?;
     let mut login_attempts: HashMap<String, usize> = HashMap::new();
 
+    let seconds_iptables = Duration::from_secs(60);
+    println!(
+        "starting iptables-save, run every {} seconds",
+        seconds_iptables.as_secs()
+    );
+    tokio::spawn(async move {
+        loop {
+            sleep(seconds_iptables);
+            iptables_save::save_iptables();
+            println!("saved iptables rules");
+        }
+    });
+
     println!("listening to changes over /host_ssh/auth.log");
     while let Ok(Some(line)) = lines.next_line().await {
         if let Some(login_attempt) = LoginAttempt::capture(line.line()) {