Added simple regex-based hostname matching for firewall rules.

shw_dev
shw 8 years ago
parent 0708f9127c
commit 1cd25ed699

@ -10,6 +10,7 @@ import (
"strconv" "strconv"
"strings" "strings"
"unicode" "unicode"
"regexp"
nfqueue "github.com/subgraph/go-nfnetlink/nfqueue" nfqueue "github.com/subgraph/go-nfnetlink/nfqueue"
// "github.com/subgraph/go-nfnetlink" // "github.com/subgraph/go-nfnetlink"
@ -75,7 +76,7 @@ func (r *Rule) match(src net.IP, dst net.IP, dstPort uint16, hostname string) bo
xip := make(net.IP, 4) xip := make(net.IP, 4)
binary.BigEndian.PutUint32(xip, r.addr) binary.BigEndian.PutUint32(xip, r.addr)
log.Notice("comparison: ", hostname, " / ", dst, " : ", dstPort, " -> ", xip, " : ", r.port) log.Notice("comparison: ", hostname, " / ", dst, " : ", dstPort, " -> ", xip, " / ", r.hostname, " : ", r.port)
if r.port != matchAny && r.port != dstPort { if r.port != matchAny && r.port != dstPort {
return false return false
} }
@ -83,6 +84,16 @@ log.Notice("comparison: ", hostname, " / ", dst, " : ", dstPort, " -> ", xip, "
return true return true
} }
if r.hostname != "" { if r.hostname != "" {
if strings.ContainsAny(r.hostname, "*") {
regstr := strings.Replace(r.hostname, "*", ".?", -1)
match, err := regexp.MatchString(regstr, hostname)
if err != nil {
log.Errorf("Error comparing hostname against mask %s: %v", regstr, err)
} else {
return match
}
}
return r.hostname == hostname return r.hostname == hostname
} }
return r.addr == binary.BigEndian.Uint32(dst.To4()) return r.addr == binary.BigEndian.Uint32(dst.To4())

Loading…
Cancel
Save