/
index.js
63 lines (49 loc) · 1.46 KB
/
index.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
var spawn = require('child_process').spawn;
exports.allow = function (rule) {
rule.target = 'ACCEPT';
newRule(rule);
}
exports.drop = function (rule) {
rule.target = 'DROP';
newRule(rule);
}
exports.reject = function (rule) {
rule.target = 'REJECT';
newRule(rule);
}
exports.newRule = newRule;
exports.deleteRule = deleteRule;
function iptables (rule) {
var args = iptablesArgs(rule);
var cmd = 'iptables';
if (rule.sudo) {
cmd = 'sudo';
args = ['iptables'].concat(args);
}
var proc = spawn(cmd, args);
proc.stderr.on('data', function (buf) {
console.error(buf.toString());
});
}
function iptablesArgs (rule) {
var args = [];
if (!rule.chain) rule.chain = 'INPUT';
if (!rule.action) rule.action = '-A';
if (rule.chain) args = args.concat([rule.action, rule.chain]);
if (rule.protocol) args = args.concat(["-p", rule.protocol]);
if (rule.src) args = args.concat(["--src", rule.src]);
if (rule.dst) args = args.concat(["--dst", rule.dst]);
if (rule.sport) args = args.concat(["--sport", rule.sport]);
if (rule.dport) args = args.concat(["--dport", rule.dport]);
if (rule.in) args = args.concat(["-i", rule.in]);
if (rule.out) args = args.concat(["-o", rule.out]);
if (rule.target) args = args.concat(["-j", rule.target]);
return args;
}
function newRule (rule) {
iptables(rule);
}
function deleteRule (rule) {
rule.action = '-D';
iptables(rule);
}