aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/fw.rs40
1 files changed, 28 insertions, 12 deletions
diff --git a/src/fw.rs b/src/fw.rs
index 07282af..7650b3a 100644
--- a/src/fw.rs
+++ b/src/fw.rs
@@ -1,6 +1,8 @@
use iptables;
use regex::Regex;
use std::collections::HashSet;
+use std::io;
+
#[derive(PartialEq,Eq,Debug,Hash)]
pub struct Port {
@@ -8,22 +10,35 @@ pub struct Port {
number: u16,
}
-pub fn setup(ipt: &iptables::IPTables) {
- ipt.new_chain("filter", "DIPLONAT").unwrap();
- ipt.insert("filter", "INPUT", "-j DIPLONAT", 1).unwrap();
+#[derive(Debug)]
+pub struct FirewallError(String);
+
+impl From<iptables::error::IPTError> for FirewallError {
+ fn from(error: iptables::error::IPTError) -> Self {
+ FirewallError(error.to_string())
+ }
+
}
-pub fn open_ports(ipt: &iptables::IPTables, ports: Vec<Port>) {
+pub fn setup(ipt: &iptables::IPTables) -> Result<(), FirewallError> {
+ ipt.new_chain("filter", "DIPLONAT")?;
+ ipt.insert("filter", "INPUT", "-j DIPLONAT", 1)?;
+ Ok(())
+}
+
+pub fn open_ports(ipt: &iptables::IPTables, ports: Vec<Port>) -> Result<(), FirewallError> {
for p in ports {
- ipt.append("filter", "DIPLONAT", &format!("-p {} --dport {} -j ACCEPT", p.proto, p.number)).unwrap();
+ ipt.append("filter", "DIPLONAT", &format!("-p {} --dport {} -j ACCEPT", p.proto, p.number))?;
}
+
+ Ok(())
}
-pub fn get_opened_ports(ipt: &iptables::IPTables) -> HashSet<Port> {
+pub fn get_opened_ports(ipt: &iptables::IPTables) -> Result<HashSet<Port>, FirewallError> {
let mut opened_ports: HashSet<Port> = HashSet::new();
- let list = ipt.list("filter", "DIPLONAT").unwrap();
+ let list = ipt.list("filter", "DIPLONAT")?;
let re = Regex::new(r"\-A.*? \-p (\w+).*\-\-dport (\d+).*?\-j ACCEPT").unwrap();
for i in list {
let caps = re.captures(&i);
@@ -41,13 +56,14 @@ pub fn get_opened_ports(ipt: &iptables::IPTables) -> HashSet<Port> {
}
}
- opened_ports
+ Ok(opened_ports)
}
-pub fn cleanup(ipt: &iptables::IPTables) {
- ipt.flush_chain("filter", "DIPLONAT").unwrap();
- ipt.delete("filter", "INPUT", "-j DIPLONAT").unwrap();
- ipt.delete_chain("filter", "DIPLONAT").unwrap();
+pub fn cleanup(ipt: &iptables::IPTables) -> Result<(), FirewallError> {
+ ipt.flush_chain("filter", "DIPLONAT")?;
+ ipt.delete("filter", "INPUT", "-j DIPLONAT")?;
+ ipt.delete_chain("filter", "DIPLONAT")?;
+ Ok(())
}
/*
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-09 16:20:55 +0000