adding argument to check if port is secured

src/cli.rs

@@ -12,6 +12,15 @@ pub enum Arguments {
         iptables_save: Option<PathBuf>,
     },
 
+    #[structopt(about = "Check if a port is secured")]
+    IsPortSecured {
+        #[structopt(name = "Port to check", short = "p", long = "port")]
+        port: u16,
+
+        #[structopt(name = "Docker", short = "d", long = "docker")]
+        docker: bool,
+    },
+
     #[structopt(about = "Ban port")]
     BanPort {
         #[structopt(name = "Port to ban", short = "p", long = "port")]

src/iptables_wrapper.rs

@@ -1,5 +1,20 @@
 use iptables::IPTables;
 
+pub fn is_port_secured(port: u16, docker: bool) -> bool {
+    let iptables = iptables::new(false).unwrap();
+    let rules = iptables.list("filter", &get_chain(docker));
+    if rules.is_err() {
+        return false;
+    }
+
+    for rule in rules.unwrap() {
+        if rule.contains(&format!("-p tcp --dport {} -j DROP", port)) {
+            return true;
+        }
+    }
+    false
+}
+
 pub fn ban_port(port: u16, docker: bool, position: Option<i32>) {
     let iptables = iptables::new(false).unwrap();
 

src/main.rs

@@ -4,7 +4,7 @@ pub mod iptables_wrapper;
 pub mod login_attempt;
 
 use cli::Arguments;
-use iptables_wrapper::{allow_ip_port, ban_port, remove_ip_port, unban_port};
+use iptables_wrapper::{allow_ip_port, ban_port, is_port_secured, remove_ip_port, unban_port};
 use linemux::MuxedLines;
 use login_attempt::LoginAttempt;
 use std::path::PathBuf;
@@ -22,6 +22,10 @@ async fn main() {
         } => {
             let _ = start_ban_server(ssh_auth_log, iptables_save).await;
         }
+        Arguments::IsPortSecured { port, docker } => {
+            let is_secured = is_port_secured(port, docker);
+            println!("{}", is_secured);
+        }
         Arguments::BanPort {
             port,
             docker,