From b0f0958c3a3e78c10222891e1c6fd6f4af22c44c Mon Sep 17 00:00:00 2001 From: Dustyn Blackmore Date: Tue, 17 Apr 2018 15:03:27 +1000 Subject: [PATCH] Minor Refactors Tweak rules.js, to ensure no rule injection. Updated insertFinalCounters to use nft interface. Added insertFinalCounters to init workflow. --- index.js | 9 ++++++--- src/nftables/rules.js | 2 +- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/index.js b/index.js index 5ae17fd..ca83d15 100644 --- a/index.js +++ b/index.js @@ -61,15 +61,15 @@ function execute (command) { // Sets base rules, with default to 'drop', but allows established and related connections. function insertFinalCounters () { return Promise.all([ - execute('nft --handle --echo add rule ip filter input counter'), - execute('nft --handle --echo add rule ip filter output counter'), + nft.add('rule ip filter input counter'), + nft.add('rule ip filter output counter'), ]) } function insertInterfaceRules (interface) { return Promise.all([ nft.add('rule ip filter input iif ' + interface.name + ' ct state new counter nftrace set 1 queue num ' + interface.number), - nft.add('add rule ip filter output oif ' + interface.name + ' ct state new counter nftrace set 1 queue num 100' + interface.number) + nft.add('rule ip filter output oif ' + interface.name + ' ct state new counter nftrace set 1 queue num 100' + interface.number) ]); } @@ -175,4 +175,7 @@ nft.flush().then( ).then( (resolved) => bindQueueHandlers(), (reject) => console.log('Failed to setup interfaces') +).then( + (resolved) => insertFinalCounters(), + (reject) => console.log('Failed to bind queue handlers') ); diff --git a/src/nftables/rules.js b/src/nftables/rules.js index 17acffe..5af8466 100644 --- a/src/nftables/rules.js +++ b/src/nftables/rules.js @@ -33,7 +33,7 @@ function executeReturnHandle (exec, command) { const rules = (exec) => ({ add: (rule) => { - return executeReturnHandle(exec, rule); + return executeReturnHandle(exec, 'add ' + rule); }, flush: () => { return execute(exec, 'flush ruleset');