forked from pkrumins/node-iptables
-
Notifications
You must be signed in to change notification settings - Fork 0
/
index.js
103 lines (87 loc) · 2.55 KB
/
index.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
var spawn = require('child_process').spawn;
var lazy = require('lazy');
exports.allow = function (rule) {
rule.target = 'ACCEPT';
if (!rule.action) rule.action = '-A';
newRule(rule);
}
exports.drop = function (rule) {
rule.target = 'DROP';
if (!rule.action) rule.action = '-A';
newRule(rule);
}
exports.reject = function (rule) {
rule.target = 'REJECT';
if (!rule.action) rule.action = '-A';
newRule(rule);
}
exports.list = function(chain, cb) {
var rule = {
list : true,
chain : chain,
action : '-L',
sudo : true
};
lazy(iptables(rule).stdout)
.lines
.map(String)
.skip(2)
.map(function (line) {
// packets, bytes, target, pro, opt, in, out, src, dst, opts
var fields = line.trim().split(/\s+/, 9);
return {
parsed : {
packets : fields[0],
bytes : fields[1],
target : fields[2],
protocol : fields[3],
opt : fields[4],
in : fields[5],
out : fields[6],
src : fields[7],
dst : fields[8]
},
raw : line.trim()
};
})
.join(function (rules) {
cb(rules);
})
}
exports.newRule = newRule;
exports.deleteRule = deleteRule;
function iptables (rule) {
var args = iptablesArgs(rule);
var cmd = 'iptables';
if (rule.sudo) {
cmd = 'sudo';
args = ['iptables'].concat(args);
}
var proc = spawn(cmd, args);
proc.stderr.on('data', function (buf) {
console.error(buf.toString());
});
return proc;
}
function iptablesArgs (rule) {
var args = [];
if (!rule.chain) rule.chain = 'INPUT';
if (rule.chain) args = args.concat([rule.action, rule.chain]);
if (rule.protocol) args = args.concat(["-p", rule.protocol]);
if (rule.src) args = args.concat(["--src", rule.src]);
if (rule.dst) args = args.concat(["--dst", rule.dst]);
if (rule.sport) args = args.concat(["--sport", rule.sport]);
if (rule.dport) args = args.concat(["--dport", rule.dport]);
if (rule.in) args = args.concat(["-i", rule.in]);
if (rule.out) args = args.concat(["-o", rule.out]);
if (rule.target) args = args.concat(["-j", rule.target]);
if (rule.list) args = args.concat(["-n", "-v"]);
return args;
}
function newRule (rule) {
iptables(rule);
}
function deleteRule (rule) {
rule.action = '-D';
iptables(rule);
}