chrisboulton · July 1, 2013 02:05
diff --git a/test_parse.rb b/test_parse.rb
 lines = '# Generated by iptables-save v1.4.8 on Sun Jun 30 20:28:03 2013
 *raw
 :PREROUTING ACCEPT [389063:480408960]
 :OUTPUT ACCEPT [365429:736377112]
 -A PREROUTING -p udp -m udp --dport 8125 -m comment --comment "disable conntrack for statsd" -j NOTRACK
 COMMIT
 # Completed on Sun Jun 30 20:28:03 2013
 # Generated by iptables-save v1.4.8 on Sun Jun 30 20:28:03 2013
 *nat
 :PREROUTING ACCEPT [6621:379806]
 :INPUT ACCEPT [6621:379806]
 :OUTPUT ACCEPT [18515:1365643]
 :POSTROUTING ACCEPT [18487:1361815]
 COMMIT
 # Completed on Sun Jun 30 20:28:03 2013
 # Generated by iptables-save v1.4.8 on Sun Jun 30 20:28:03 2013
 *filter
 :INPUT DROP [0:0]
 :FORWARD DROP [0:0]
 :OUTPUT DROP [0:0]
 :fail2ban-smtp-in - [0:0]
 :fail2ban-ssh - [0:0]
 -A INPUT -p tcp -m multiport --dports 465,587 -j fail2ban-smtp-auth
 -A INPUT -s 10.0.0.0/8 -i bond1 -m comment --comment "000 block bogon 10.0.0.0/8" -j DROP
 -A INPUT -s 127.0.0.0/8 -i bond1 -m comment --comment "000 block bogon 127.0.0.0/8 " -j DROP
 -A INPUT -s 172.16.0.0/12 -i bond1 -m comment --comment "000 block bogon 172.16.0.0/12" -j DROP
 -A INPUT -s 192.168.0.0/16 -i bond1 -m comment --comment "000 block bogon 192.168.0.0/16" -j DROP
 -A INPUT -s 169.254.0.0/16 -i bond1 -m comment --comment "001 block bogon 169.254.0.0/16" -j DROP
 -A INPUT -m state --state ESTABLISHED -m comment --comment "111 allow established/related in" -j ACCEPT
 -A INPUT -m state --state RELATED -m comment --comment "111 allow related in" -j ACCEPT
 -A fail2ban-smtp-in -j RETURN
 COMMIT
 # Completed on Sun Jun 30 20:28:03 2013
 # Generated by iptables-save v1.4.8 on Sun Jun 30 20:28:03 2013
 *mangle
 :PREROUTING ACCEPT [10112035:14323028702]
 :INPUT ACCEPT [10112035:14323028702]
 :FORWARD ACCEPT [0:0]
 :OUTPUT ACCEPT [9632138:20757032236]
 :POSTROUTING ACCEPT [9621243:20756512227]
 COMMIT
 # Completed on Sun Jun 30 20:28:03 2013'

 current_table     = ''
 current_rules     = []
 table_chain_order = {}
 default_policies  = {}
 table_order       = []

 lines.split("\n").each do |line|
  line.strip!

  # strip comments
  next if /^#/.match(line)

  # chains: :PREROUTING ACCEPT [0:0]
  if chain_matches = line.match('^:([\w\-]+) ([\w]+)')
    junk, chain, policy = chain_matches

    # when rebuilding the file, reset packet/byte counters
    line.sub!(/\[\d+:\d+\]/, '[0:0]')

    table_chain_order[current_table] ||= []
    table_chain_order[current_table].push(chain)

    default_policies[current_table] ||= {}

    # if this chain is unknown and a default (custom chains have a - for the default policy), add it to the list of default_policies
    default_policies[current_table][chain] ||= 'ACCEPT' if chain_matches[2] != '-'

    current_rules.push(line)
  # tables: *nat
  elsif table_matches = line.match('^\*([\w]+)$')
    current_table = table_matches[1]
    table_order << current_table
    table_chain_order[current_table] = []
  # everything else should just be appended as is
  else
      current_rules.push(line)
  end
 end

 require 'pp'
 pp default_policies
 pp current_rules
	lines = '# Generated by iptables-save v1.4.8 on Sun Jun 30 20:28:03 2013
	*raw
	:PREROUTING ACCEPT [389063:480408960]
	:OUTPUT ACCEPT [365429:736377112]
	-A PREROUTING -p udp -m udp --dport 8125 -m comment --comment "disable conntrack for statsd" -j NOTRACK
	COMMIT
	# Completed on Sun Jun 30 20:28:03 2013
	# Generated by iptables-save v1.4.8 on Sun Jun 30 20:28:03 2013
	*nat
	:PREROUTING ACCEPT [6621:379806]
	:INPUT ACCEPT [6621:379806]
	:OUTPUT ACCEPT [18515:1365643]
	:POSTROUTING ACCEPT [18487:1361815]
	COMMIT
	# Completed on Sun Jun 30 20:28:03 2013
	# Generated by iptables-save v1.4.8 on Sun Jun 30 20:28:03 2013
	*filter
	:INPUT DROP [0:0]
	:FORWARD DROP [0:0]
	:OUTPUT DROP [0:0]
	:fail2ban-smtp-in - [0:0]
	:fail2ban-ssh - [0:0]
	-A INPUT -p tcp -m multiport --dports 465,587 -j fail2ban-smtp-auth
	-A INPUT -s 10.0.0.0/8 -i bond1 -m comment --comment "000 block bogon 10.0.0.0/8" -j DROP
	-A INPUT -s 127.0.0.0/8 -i bond1 -m comment --comment "000 block bogon 127.0.0.0/8 " -j DROP
	-A INPUT -s 172.16.0.0/12 -i bond1 -m comment --comment "000 block bogon 172.16.0.0/12" -j DROP
	-A INPUT -s 192.168.0.0/16 -i bond1 -m comment --comment "000 block bogon 192.168.0.0/16" -j DROP
	-A INPUT -s 169.254.0.0/16 -i bond1 -m comment --comment "001 block bogon 169.254.0.0/16" -j DROP
	-A INPUT -m state --state ESTABLISHED -m comment --comment "111 allow established/related in" -j ACCEPT
	-A INPUT -m state --state RELATED -m comment --comment "111 allow related in" -j ACCEPT
	-A fail2ban-smtp-in -j RETURN
	COMMIT
	# Completed on Sun Jun 30 20:28:03 2013
	# Generated by iptables-save v1.4.8 on Sun Jun 30 20:28:03 2013
	*mangle
	:PREROUTING ACCEPT [10112035:14323028702]
	:INPUT ACCEPT [10112035:14323028702]
	:FORWARD ACCEPT [0:0]
	:OUTPUT ACCEPT [9632138:20757032236]
	:POSTROUTING ACCEPT [9621243:20756512227]
	COMMIT
	# Completed on Sun Jun 30 20:28:03 2013'

	current_table = ''
	current_rules = []
	table_chain_order = {}
	default_policies = {}
	table_order = []

	lines.split("\n").each do \|line\|
	line.strip!

	# strip comments
	next if /^#/.match(line)

	# chains: :PREROUTING ACCEPT [0:0]
	if chain_matches = line.match('^:([\w\-]+) ([\w]+)')
	junk, chain, policy = chain_matches

	# when rebuilding the file, reset packet/byte counters
	line.sub!(/\[\d+:\d+\]/, '[0:0]')

	table_chain_order[current_table] \|\|= []
	table_chain_order[current_table].push(chain)

	default_policies[current_table] \|\|= {}

	# if this chain is unknown and a default (custom chains have a - for the default policy), add it to the list of default_policies
	default_policies[current_table][chain] \|\|= 'ACCEPT' if chain_matches[2] != '-'

	current_rules.push(line)
	# tables: *nat
	elsif table_matches = line.match('^\*([\w]+)$')
	current_table = table_matches[1]
	table_order << current_table
	table_chain_order[current_table] = []
	# everything else should just be appended as is
	else
	current_rules.push(line)
	end
	end

	require 'pp'
	pp default_policies
	pp current_rules
No results found