/** * Parse raw iptables data into objects. * $rawData is a raw dump of: `iptables -nL --line-numbers -t TABLENAME` * * @param Table $table * @return Chain[] */ public function parseIptablesChains(Table $table) { $data = explode("\n", $table->getRaw()); $patterns = ['chain' => '/(?:Chain\\s) (?<chain>[^\\s]+) (?:.*\\() (?<policy>.*) (?:\\).*)/x', 'rule' => '/(?<id>\\d+)\\s+ (?<target>\\w+)\\s+ (?<protocol>\\w+)\\s+ (?<opt>[\\w-]+)\\s+ (?<source>[0-9\\.\\/]+)\\s+ (?<destination>[0-9\\.\\/]+)\\s+ ?(?<options>.*)/x']; foreach ($data as $row) { if (preg_match($patterns['chain'], $row, $out)) { $chain = new Chain($out['chain'], $table->getName(), $out['policy']); $table->addChain($chain); $this->tables[$table->getName()] = $table; } if (isset($chain) && preg_match($patterns['rule'], $row, $out)) { $rule = new Rule($out['target'], $out['protocol'], $out['source'], $out['destination'], trim($out['options'])); $rule->setNum($out['id']); $chain->insertRule($rule, $out['id']); } } return $table->getChainsList(); }
/** * @test */ public function shouldCreateRule() { $rule = new Rule('ACCEPT', 'tcp', '127.0.0.1'); $expected = ' --proto tcp --source 127.0.0.1 --jump ACCEPT'; $this->assertEquals($expected, (string) $rule); $rule = new Rule('ACCEPT', 'tcp', '127.0.0.1', '0.0.0.0/0', ['--match' => ['mac --mac-source 00:11:22:33:44:55:66']]); $expected = ' --proto tcp --source 127.0.0.1 --match mac --mac-source 00:11:22:33:44:55:66 --jump ACCEPT'; $this->assertEquals($expected, (string) $rule); $rule->setNum(2); $this->assertEquals(2, $rule->getNum()); }