public synchronized List<String> generateFilterTable(
List<SecurityGroup> securityGroups, List<String> existingChains) {
LOG.debug(String.format("generateFilterTable(%s, %s)", securityGroups, existingChains));
lines = new ArrayList<String>();
// if (!existingChains.contains(PI_CHAIN))
// addChain(PI_CHAIN);
// addForwardAllToChain(PI_CHAIN);
for (SecurityGroup securityGroup : securityGroups) {
if (!validateSecurityGroup(securityGroup)) {
LOG.debug(String.format(SKIPPING_SECURITY_GROUP_S_AS_IT_IS_NOT_POPULATED, securityGroup));
continue;
}
LOG.debug(String.format("Processing Security group: %s for filter rules.", securityGroup));
String filterChainName =
getChainNameForSecurityGroup(FLTR_PREFIX, securityGroup.getSecurityGroupId());
String destinationNetwork =
String.format(S_SLASH_S, securityGroup.getNetworkAddress(), securityGroup.getSlashnet());
if (!existingChains.contains(filterChainName))
lines.add(ipTablesHelper.addChain(filterChainName));
lines.add(
ipTablesHelper.appendForwardChainToChain(PI_CHAIN, destinationNetwork, filterChainName));
// TODO: Handle case where rule name specificed instead of network
for (NetworkRule networkRule : securityGroup.getNetworkRules()) {
for (String sourceNetwork : networkRule.getSourceNetworks()) {
addFilterRule(
filterChainName,
sourceNetwork,
destinationNetwork,
networkRule.getNetworkProtocol(),
networkRule.getPortRangeMin(),
networkRule.getPortRangeMax());
}
}
}
logFlushRules("Generated filter iptables:\n%s", lines);
return lines;
}