public List<String> generateNatFlushRules( String[] chainNames, String[] existingPiRules, List<String> newChains) { LOG.debug( String.format("generateNatFlushRules(%s, %s, %s)", chainNames, existingPiRules, newChains)); List<String> res = new ArrayList<String>(); for (String rule : existingPiRules) { boolean isNatRule = rule.contains("SNAT") || rule.contains("DNAT"); boolean isPostroutingRule = rule.contains(POSTROUTING) && rule.contains(POST_PREFIX); if (rule.startsWith(DASH_A) && (isNatRule || isPostroutingRule)) { res.add(rule.replaceFirst(DASH_A, "-D")); } } for (String chainName : chainNames) { if (chainName.startsWith(POST_PREFIX)) { res.add(ipTablesHelper.generateFlushChainRule(chainName)); // NOTE: for the moment, we comment this out as it causes issues when run within a single // commit. // The 'right' way to do this is to rewrite all our chains and rules from scratch, rather // than // incrementally // if (!newChains.contains(chainName)) // res.add(generateRemoveChainRule(chainName)); } else { LOG.debug(String.format("Skipping non-nat chain name: %s", chainName)); } } logFlushRules("Generated nat flush rules:\n%s", res); return res; }
public List<String> generateFilterFlushRules(String[] chainNames, List<String> newChains) { LOG.debug(String.format("generateFilterFlushRules(%s, %s)", chainNames, newChains)); List<String> res = new ArrayList<String>(); for (String chainName : chainNames) { if (chainName.equals(PI_CHAIN)) { res.add("-D FORWARD -j " + PI_CHAIN); res.add(ipTablesHelper.generateFlushChainRule(chainName)); } else if (chainName.startsWith(FLTR_PREFIX)) { res.add(ipTablesHelper.generateFlushChainRule(chainName)); } else { LOG.debug(String.format("Skipping non-filter chain name: %s", chainName)); } } for (String chainName : chainNames) { if (!newChains.contains(chainName) && chainName.startsWith(FLTR_PREFIX)) { res.add(ipTablesHelper.generateRemoveChainRule(chainName)); } } logFlushRules("Generated chain flush rules:\n%s", res); return res; }