-
Notifications
You must be signed in to change notification settings - Fork 0
/
iptables.php
50 lines (41 loc) · 1.53 KB
/
iptables.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
<?php
function iptables_format($output) {
ob_start();
// Get longest comment length
$comment_len = array_reduce($output, function($carry, $a) {
return max($carry, strlen($a['dev']));
}, 0);
// Filter for allowed Pupu hosts
print("*filter\n-F PUPU_FILTER\n");
foreach($output as $a) {
$comment_arg = '"'.escapeshellcmd(sprintf("%-${comment_len}s", $a['dev'])).'"';
printf(
"-A PUPU_FILTER -d %s -j ACCEPT -m comment --comment %s\n",
$a['pupu_ipv4'], $comment_arg
);
}
// Print header boilerplate for NAT
print("COMMIT\n*nat\n-F PUPU_DNAT\n");
// Produce rules
foreach($output as $a) {
$comment_arg = '"'.escapeshellcmd(sprintf("%-${comment_len}s", $a['dev'])).'"';
printf(
"-A PUPU_DNAT -d %s -j DNAT --to-destination %s -m comment --comment %s\n",
$a['inet_ipv4'], $a['pupu_ipv4'], $comment_arg
);
}
// Print footer boilerplate
print("COMMIT\n");
return ob_get_clean();
}
function drop_skip($array, $skip_str) {
// Assuming input from `hostname -I` which is list of IP addresses
// delimited by spaces. Creating array from them.
$skip = empty($skip_str) ? [] : explode(" ", $skip_str);
return array_filter($array, function($a) use ($skip) {
// Skip own address if matches to either Pupu or Internet address
return
array_search($a['inet_ipv4'], $skip, TRUE) === FALSE &&
array_search($a['pupu_ipv4'], $skip, TRUE) === FALSE;
});
}