WIP list banned ips

src/cli.rs

@@ -11,12 +11,11 @@ pub enum Arguments {
         #[structopt(name = "Iptables save file", short = "s", long = "iptables-save")]
         iptables_save: Option<PathBuf>,
     },
-
+    ListBannedIps,
     #[structopt(about = "Check if a port is secured")]
     IsPortSecured {
         #[structopt(name = "Port to check", short = "p", long = "port")]
         port: u16,
-
         #[structopt(name = "Docker", short = "d", long = "docker")]
         docker: bool,
     },

src/iptables_wrapper.rs

@@ -15,6 +15,24 @@ pub fn is_port_secured(port: u16, docker: bool) -> bool {
     false
 }
 
+pub fn list_banned_ips() -> Vec<String> {
+    let iptables = iptables::new(false).unwrap();
+    let rules = iptables.list("filter", &get_chain(false));
+    if rules.is_err() {
+        return vec![];
+    }
+
+    // TODO: Remove after testing
+    println!("{:?}", rules);
+
+    rules
+        .unwrap()
+        .iter()
+        .filter(|r| r.contains("--source") && r.contains("-j DROP"))
+        .map(|r| r.to_string())
+        .collect()
+}
+
 pub fn ban_port(port: u16, docker: bool, position: Option<i32>) {
     let iptables = iptables::new(false).unwrap();
 

src/main.rs

@@ -4,7 +4,9 @@ pub mod iptables_wrapper;
 pub mod login_attempt;
 
 use cli::Arguments;
-use iptables_wrapper::{allow_ip_port, ban_port, is_port_secured, remove_ip_port, unban_port};
+use iptables_wrapper::{
+    allow_ip_port, ban_port, is_port_secured, list_banned_ips, remove_ip_port, unban_port,
+};
 use linemux::MuxedLines;
 use login_attempt::LoginAttempt;
 use std::path::PathBuf;
@@ -22,6 +24,11 @@ async fn main() {
         } => {
             let _ = start_ban_server(ssh_auth_log, iptables_save).await;
         }
+        Arguments::ListBannedIps => {
+            for ip in list_banned_ips() {
+                println!("{}", ip);
+            }
+        }
         Arguments::IsPortSecured { port, docker } => {
             let is_secured = is_port_secured(port, docker);
             println!("{}", is_secured);