From 1cd25ed699d3819467c48b5f7ba449d1d0d52c51 Mon Sep 17 00:00:00 2001 From: shw Date: Wed, 10 May 2017 23:00:33 +0000 Subject: [PATCH] Added simple regex-based hostname matching for firewall rules. --- sgfw/rules.go | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/sgfw/rules.go b/sgfw/rules.go index b4d8ec8..7417dca 100644 --- a/sgfw/rules.go +++ b/sgfw/rules.go @@ -10,6 +10,7 @@ import ( "strconv" "strings" "unicode" + "regexp" nfqueue "github.com/subgraph/go-nfnetlink/nfqueue" // "github.com/subgraph/go-nfnetlink" @@ -75,7 +76,7 @@ func (r *Rule) match(src net.IP, dst net.IP, dstPort uint16, hostname string) bo xip := make(net.IP, 4) binary.BigEndian.PutUint32(xip, r.addr) -log.Notice("comparison: ", hostname, " / ", dst, " : ", dstPort, " -> ", xip, " : ", r.port) +log.Notice("comparison: ", hostname, " / ", dst, " : ", dstPort, " -> ", xip, " / ", r.hostname, " : ", r.port) if r.port != matchAny && r.port != dstPort { return false } @@ -83,6 +84,16 @@ log.Notice("comparison: ", hostname, " / ", dst, " : ", dstPort, " -> ", xip, " return true } if r.hostname != "" { + if strings.ContainsAny(r.hostname, "*") { + regstr := strings.Replace(r.hostname, "*", ".?", -1) + match, err := regexp.MatchString(regstr, hostname) + + if err != nil { + log.Errorf("Error comparing hostname against mask %s: %v", regstr, err) + } else { + return match + } + } return r.hostname == hostname } return r.addr == binary.BigEndian.Uint32(dst.To4())