Skip to content

Commit

Permalink
Minor Refactors
Browse files Browse the repository at this point in the history 
Tweak rules.js, to ensure no rule injection.
Updated insertFinalCounters to use nft interface.
Added insertFinalCounters to init workflow.
  • Loading branch information
Dustyn Blackmore committed Apr 17, 2018
1 parent 8ca295d commit b0f0958
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 4 deletions.
9 changes: 6 additions & 3 deletions index.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,15 +61,15 @@ function execute (command) {
// Sets base rules, with default to 'drop', but allows established and related connections.
function insertFinalCounters () {
return Promise.all([
execute('nft --handle --echo add rule ip filter input counter'),
execute('nft --handle --echo add rule ip filter output counter'),
nft.add('rule ip filter input counter'),
nft.add('rule ip filter output counter'),
])
}

function insertInterfaceRules (interface) {
return Promise.all([
nft.add('rule ip filter input iif ' + interface.name + ' ct state new counter nftrace set 1 queue num ' + interface.number),
nft.add('add rule ip filter output oif ' + interface.name + ' ct state new counter nftrace set 1 queue num 100' + interface.number)
nft.add('rule ip filter output oif ' + interface.name + ' ct state new counter nftrace set 1 queue num 100' + interface.number)
]);
}

Expand Down Expand Up @@ -175,4 +175,7 @@ nft.flush().then(
).then(
(resolved) => bindQueueHandlers(),
(reject) => console.log('Failed to setup interfaces')
).then(
(resolved) => insertFinalCounters(),
(reject) => console.log('Failed to bind queue handlers')
);
2 changes: 1 addition & 1 deletion src/nftables/rules.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ function executeReturnHandle (exec, command) {

const rules = (exec) => ({
add: (rule) => {
return executeReturnHandle(exec, rule);
return executeReturnHandle(exec, 'add ' + rule);
},
flush: () => {
return execute(exec, 'flush ruleset');
Expand Down

0 comments on commit b0f0958

Please sign in to comment.