Skip to content

Commit a1905d6

Browse files
beyhanbeyhan
authored
Merge pull request #72 from sap-contributions/maxmoehl/add-iptables
feat: add iptables job
2 parents 35547ad + efe182d commit a1905d6

File tree

5 files changed

+81
-0
lines changed

5 files changed

+81
-0
lines changed

jobs/iptables/monit

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
check file iptables
2+
with path /var/vcap/sys/run/iptables/iptables.check
3+
start program "/var/vcap/jobs/iptables/bin/ctl start"
4+
stop program "/var/vcap/jobs/iptables/bin/ctl stop"
5+
group vcap

jobs/iptables/spec

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,16 @@
1+
---
2+
name: iptables
3+
4+
templates:
5+
bin/ctl: bin/ctl
6+
bin/enable.sh: bin/enable.sh
7+
bin/disable.sh: bin/disable.sh
8+
9+
properties:
10+
iptables:
11+
description: "Map of rules per chain per table to apply in iptables"
12+
default: {}
13+
example:
14+
nat: # one of: nat, filter, raw, mangle, security
15+
POSTROUTING: # a valid chain
16+
- -s 10.244.0.0/24 -j MASQUERADE

jobs/iptables/templates/bin/ctl

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,22 @@
1+
#!/bin/bash
2+
3+
set -e -u
4+
5+
mkdir -p /var/vcap/sys/run/iptables
6+
7+
case $1 in
8+
9+
start)
10+
/var/vcap/jobs/iptables/bin/enable.sh
11+
touch /var/vcap/sys/run/iptables/iptables.check
12+
;;
13+
14+
stop)
15+
/var/vcap/jobs/iptables/bin/disable.sh
16+
rm /var/vcap/sys/run/iptables/iptables.check
17+
;;
18+
*)
19+
20+
esac
21+
22+
exit 0

jobs/iptables/templates/bin/disable.sh

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
#!/bin/bash
2+
3+
<% p("iptables").each do |table, chains|
4+
chains.each do |chain, rules| %>
5+
6+
iptables -t "<%= table %>" -F "pfbr-custom-<%= chain %>"
7+
8+
<% end %>
9+
<% end %>

jobs/iptables/templates/bin/enable.sh

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,29 @@
1+
#!/bin/bash
2+
3+
set -e
4+
5+
function setup_chain {
6+
table=$1
7+
orig_chain=$2
8+
target_chain=$3
9+
10+
if ! iptables -t "${table}" -L "${target_chain}" >/dev/null 2>&1; then
11+
iptables -t "${table}" -N "${target_chain}"
12+
fi
13+
14+
if ! iptables -t "${table}" -C "${orig_chain}" -j "${target_chain}" 2>/dev/null; then
15+
iptables -t "${table}" -A "${orig_chain}" -j "${target_chain}"
16+
fi
17+
}
18+
19+
<% p("iptables").each do |table, chains|
20+
chains.each do |chain, rules| %>
21+
22+
setup_chain "<%= table %>" "<%= chain %>" "pfbr-custom-<%= chain %>"
23+
24+
<% rules.each do |rule| %>
25+
iptables -t "${table}" -A "pfbr-custom-<%= chain %>" <%= rule %>
26+
<% end %>
27+
28+
<% end %>
29+
<% end %>

0 commit comments

Comments
 (0)