/**
* Parse raw iptables data into objects.
* $rawData is a raw dump of: `iptables -nL --line-numbers -t TABLENAME`
*
* @param Table $table
* @return Chain[]
*/
public function parseIptablesChains(Table $table)
{
$data = explode("\n", $table->getRaw());
$patterns = ['chain' => '/(?:Chain\\s)
(?<chain>[^\\s]+)
(?:.*\\()
(?<policy>.*)
(?:\\).*)/x', 'rule' => '/(?<id>\\d+)\\s+
(?<target>\\w+)\\s+
(?<protocol>\\w+)\\s+
(?<opt>[\\w-]+)\\s+
(?<source>[0-9\\.\\/]+)\\s+
(?<destination>[0-9\\.\\/]+)\\s+
?(?<options>.*)/x'];
foreach ($data as $row) {
if (preg_match($patterns['chain'], $row, $out)) {
$chain = new Chain($out['chain'], $table->getName(), $out['policy']);
$table->addChain($chain);
$this->tables[$table->getName()] = $table;
}
if (isset($chain) && preg_match($patterns['rule'], $row, $out)) {
$rule = new Rule($out['target'], $out['protocol'], $out['source'], $out['destination'], trim($out['options']));
$rule->setNum($out['id']);
$chain->insertRule($rule, $out['id']);
}
}
return $table->getChainsList();
}
/**
* @test
*/
public function shouldCreateRule()
{
$rule = new Rule('ACCEPT', 'tcp', '127.0.0.1');
$expected = ' --proto tcp --source 127.0.0.1 --jump ACCEPT';
$this->assertEquals($expected, (string) $rule);
$rule = new Rule('ACCEPT', 'tcp', '127.0.0.1', '0.0.0.0/0', ['--match' => ['mac --mac-source 00:11:22:33:44:55:66']]);
$expected = ' --proto tcp --source 127.0.0.1 --match mac --mac-source 00:11:22:33:44:55:66 --jump ACCEPT';
$this->assertEquals($expected, (string) $rule);
$rule->setNum(2);
$this->assertEquals(2, $rule->getNum());
}