private List<String> createIptablesRulesForNetworkInterface(Iterable<Integer> ports) { List<String> iptablesRules = Lists.newArrayList(); for (Integer port : ports) { iptablesRules.add(IptablesCommands.insertIptablesRule(Chain.INPUT, Protocol.TCP, port, Policy.ACCEPT)); } return iptablesRules; }
/** * Returns the command that adds firewalld direct rule. * * @return Returns the command that adds firewalld direct rule. */ public static String addFirewalldRule(Chain chain, org.apache.brooklyn.util.net.Protocol protocol, int port, Policy policy) { return addFirewalldRule(chain, Optional.<String>absent(), protocol, port, policy); }
/** @deprecated since 0.7.0; use {@link #appendIptablesRule(Chain, org.apache.brooklyn.util.net.Protocol, int, Policy)} */ @Deprecated public static String appendIptablesRule(Chain chain, Protocol protocol, int port, Policy policy) { return appendIptablesRule(chain, protocol.convert(), port, policy); }
protected void stopIptablesImpl(final SshMachineLocation machine) { log.info("Stopping iptables for {} at {}", entity(), machine); List<String> cmds = ImmutableList.<String>of(); Task<Integer> checkFirewall = checkLocationFirewall(machine); if (checkFirewall.getUnchecked() == 0) { cmds = ImmutableList.of(IptablesCommands.firewalldServiceStop(), IptablesCommands.firewalldServiceStatus()); } else { cmds = ImmutableList.of(IptablesCommands.iptablesServiceStop(), IptablesCommands.iptablesServiceStatus()); } subTaskHelperAllowingNonZeroExitCode("execute stop iptables", machine, cmds.toArray(new String[cmds.size()])); }
protected void openIptablesImpl(Iterable<Integer> inboundPorts, SshMachineLocation machine) { if (inboundPorts == null || Iterables.isEmpty(inboundPorts)) { log.info("No ports to open in iptables (no inbound ports) for {} at {}", machine, this); } else { log.info("Opening ports in iptables for {} at {}", entity(), machine); List<String> iptablesRules = Lists.newArrayList(); String iptablesInstallCommands = null; Task<Integer> checkFirewall = checkLocationFirewall(machine); if (checkFirewall.getUnchecked() == 0) { for (Integer port : inboundPorts) { iptablesRules.add(IptablesCommands.addFirewalldRule(Chain.INPUT, Protocol.TCP, port, Policy.ACCEPT)); } } else { iptablesRules = createIptablesRulesForNetworkInterface(inboundPorts); iptablesInstallCommands = IptablesCommands.saveIptablesRules(); } insertIptablesRules(iptablesRules, iptablesInstallCommands, machine); listIptablesRules(machine); } }
@Beta // implementation not portable across distros public static String firewalldServiceStart() { return firewalldService("start"); }
/** * Returns a queued {@link Task} which checks if location firewall is enabled. */ public Task<Integer> checkLocationFirewall(final SshMachineLocation machine) { return subTaskHelperAllowingNonZeroExitCode("check if firewall is active", machine, IptablesCommands.firewalldServiceIsActive()); }
@Test public void testSaveIptablesRules() { Assert.assertEquals(IptablesCommands.saveIptablesRules(), saveIptablesRules); } }
@Test public void testFirewalldServiceStop() { Assert.assertEquals(IptablesCommands.firewalldServiceStop(), firewalldServiceStop); }
@Test public void testFirewalldServiceStatus() { Assert.assertEquals(IptablesCommands.firewalldServiceStatus(), firewalldServiceStatus); }
@Beta // implementation not portable across distros public static String firewalldServiceRestart() { return firewalldService("restart"); }
@Test public void testFirewalldServiceIsActive() { Assert.assertEquals(IptablesCommands.firewalldServiceIsActive(), firewalldServiceIsActive); } }
/** @deprecated since 0.7.0; use {@link #insertIptablesRule(Chain, String, org.apache.brooklyn.util.net.Protocol, int, Policy)} */ @Deprecated public static String insertIptablesRule(Chain chain, String networkInterface, Protocol protocol, int port, Policy policy) { return insertIptablesRule(chain, networkInterface, protocol.convert(), port, policy); }
@Beta // implementation not portable across distros public static String firewalldServiceStatus() { return firewalldService("status"); }
@Test public void testAddFirewalldRule() { Assert.assertEquals(IptablesCommands.addFirewalldRule(Chain.INPUT, Protocol.TCP, 3306, Policy.ACCEPT), addFirewalldRule); }
/** @deprecated since 0.7.0; use {@link #appendIptablesRule(Chain, String, org.apache.brooklyn.util.net.Protocol, int, Policy)} */ @Deprecated public static String appendIptablesRule(Chain chain, String networkInterface, Protocol protocol, int port, Policy policy) { return appendIptablesRule(chain, networkInterface, protocol.convert(), port, policy); }
/** @deprecated since 0.7.0; use {@link #insertIptablesRule(Chain, org.apache.brooklyn.util.net.Protocol, int, Policy)} */ @Deprecated public static String insertIptablesRule(Chain chain, Protocol protocol, int port, Policy policy) { return insertIptablesRule(chain, protocol.convert(), port, policy); }
@Beta // implementation not portable across distros public static String firewalldServiceStop() { return firewalldService("stop"); }
@Test public void testAppendIptablesRulesForAllInterfaces() { Assert.assertEquals(IptablesCommands.appendIptablesRule(Chain.INPUT, Protocol.TCP, 3306, Policy.ACCEPT), appendIptablesRuleAll); }
@Test public void testInsertIptablesRulesForAllInterfaces() { Assert.assertEquals(IptablesCommands.insertIptablesRule(Chain.INPUT, Protocol.TCP, 3306, Policy.ACCEPT), insertIptablesRuleAll); }