All Downloads are FREE. Search and download functionalities are using the official Maven repository.

brooklyn.util.ssh.IptablesCommands Maven / Gradle / Ivy

Go to download

Utility classes and methods developed for Brooklyn but not dependendent on Brooklyn or much else

There is a newer version: 0.7.0-M1
Show newest version
package brooklyn.util.ssh;

import static brooklyn.util.ssh.BashCommands.sudo;

import com.google.common.annotations.Beta;
import com.google.common.base.Optional;

public class IptablesCommands {

    public enum Chain {
        INPUT, FORWARD, OUTPUT
    }

    public enum Policy {
        ACCEPT, REJECT, DROP, LOG
    }

    public enum Protocol {
        TCP("tcp"), UDP("udp"), ALL("all");

        final String protocol;

        private Protocol(String protocol) {
            this.protocol = protocol;
        }

        @Override
        public String toString() {
            return protocol;
        }
    }

    @Beta // implementation not portable across distros
    public static String iptablesServiceStop() {
        return iptablesService("stop");
    }

    @Beta // implementation not portable across distros
    public static String iptablesServiceStart() {
        return iptablesService("start");
    }

    @Beta // implementation not portable across distros
    public static String iptablesServiceRestart() {
        return iptablesService("restart");
    }

    @Beta // implementation not portable across distros
    public static String iptablesServiceStatus() {
        return iptablesService("status");
    }

    @Beta // implementation not portable across distros
    public static String iptablesService(String cmd) {
        return sudo("/sbin/service iptables "+cmd);
    }

    /**
     * Returns the command that cleans up iptables rules.
     * 
     * @return Returns the command that cleans up iptables rules.
     */
    public static String cleanUpIptablesRules() {
       return sudo("/sbin/iptables -F");
    }
    
    /**
     * Returns the command that saves on disk iptables rules, to make them resilient to reboot.
     * 
     * @return Returns the command that saves on disk iptables rules.
     */
    public static String saveIptablesRules() {
       return sudo("/sbin/service iptables save");
    }
    
    /**
     * Returns the iptables rules.
     * 
     * @return Returns the command that list all the iptables rules.
     */
    public static String listIptablesRule() {
       return sudo("/sbin/iptables -L -v -n");
    }

    /**
     * Returns the command that inserts a rule on top of the iptables' rules to all interfaces.
     * 
     * @return Returns the command that inserts a rule on top of the iptables'
     *         rules.
     */
    public static String insertIptablesRule(Chain chain, Protocol protocol, int port, Policy policy) {
        return addIptablesRule("-I", chain, Optional. absent(), protocol, port, policy);
    }
    
    /**
     * Returns the command that inserts a rule on top of the iptables' rules.
     * 
     * @return Returns the command that inserts a rule on top of the iptables'
     *         rules.
     */
    public static String insertIptablesRule(Chain chain, String networkInterface, Protocol protocol, int port,
            Policy policy) {
        return addIptablesRule("-I", chain, Optional.of(networkInterface), protocol, port, policy);
    }

    /**
     * Returns the command that appends a rule to iptables to all interfaces.
     * 
     * @return Returns the command that appends a rule to iptables.
     */
    public static String appendIptablesRule(Chain chain, Protocol protocol, int port,
            Policy policy) {
        return addIptablesRule("-A", chain, Optional. absent(), protocol, port, policy);
    }
    
    /**
     * Returns the command that appends a rule to iptables.
     * 
     * @return Returns the command that appends a rule to iptables.
     */
    public static String appendIptablesRule(Chain chain, String networkInterface, Protocol protocol, int port,
            Policy policy) {
        return addIptablesRule("-A", chain, Optional.of(networkInterface), protocol, port, policy);
    }

    /**
     * Returns the command that creates a rule to iptables.
     * 
     * @return Returns the command that creates a rule to iptables.
     */
    private static String addIptablesRule(String direction, Chain chain, Optional networkInterface, Protocol protocol, int port,
            Policy policy) {
        String addIptablesRule; 
        if(networkInterface.isPresent()) {  
           addIptablesRule = String.format("/sbin/iptables %s %s -i %s -p %s --dport %d -j %s", direction, chain, networkInterface.get(), protocol, port, policy);
        } else {
           addIptablesRule = String.format("/sbin/iptables %s %s -p %s --dport %d -j %s", direction, chain,
                 protocol, port, policy);
        }
        return sudo(addIptablesRule);
    }

}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy