[FIRE-4508] bring code and output in line with rest

This commit is contained in:
Michael Boelen 2024-10-15 13:15:24 +00:00
parent a058d3062e
commit b1e1f61975
No known key found for this signature in database
GPG Key ID: 26141F77A09D7F04
1 changed files with 18 additions and 30 deletions

View File

@ -118,19 +118,15 @@
while IFS="$(printf '\n')" read -r IPTABLES_LINES while IFS="$(printf '\n')" read -r IPTABLES_LINES
do do
set -- ${IPTABLES_LINES} set -- ${IPTABLES_LINES}
while [ $# -gt 0 ] while [ $# -gt 0 ]; do
do if [ "${1}" = "-P" ]; then
if [ "${1}" = "-P" ]
then
IPTABLES_CHAIN="${2}" IPTABLES_CHAIN="${2}"
IPTABLES_TARGET="${3}" IPTABLES_TARGET="${3}"
shift 3 shift 3
elif [ "${1}" = "-A" ] || [ "${1}" = "-N" ] elif [ "${1}" = "-A" ] || [ "${1}" = "-N" ]; then
then
IPTABLES_CHAIN="${2}" IPTABLES_CHAIN="${2}"
shift 2 shift 2
elif [ "${1}" = "-j" ] elif [ "${1}" = "-j" ]; then
then
IPTABLES_TARGET="${2}" IPTABLES_TARGET="${2}"
shift shift
else else
@ -138,46 +134,38 @@
fi fi
done done
# logics # logics
if [ "${IPTABLES_TABLE}" = "filter" ] || [ "${IPTABLES_TABLE}" = "security" ] if [ "${IPTABLES_TABLE}" = "filter" ] || [ "${IPTABLES_TABLE}" = "security" ]; then
then if [ "${IPTABLES_CHAIN}" = "INPUT" ]; then
if [ "${IPTABLES_CHAIN}" = "INPUT" ] if [ "${IPTABLES_TARGET}" = "ACCEPT" ]; then
then
if [ "${IPTABLES_TARGET}" = "ACCEPT" ]
then
IPTABLES_OUTPUT_QUEUE="${IPTABLES_OUTPUT_QUEUE} ${IPTABLES_TABLE} ${IPTABLES_CHAIN} ${IPTABLES_TARGET} YELLOW" IPTABLES_OUTPUT_QUEUE="${IPTABLES_OUTPUT_QUEUE} ${IPTABLES_TABLE} ${IPTABLES_CHAIN} ${IPTABLES_TARGET} YELLOW"
AddHP 1 3 AddHP 1 3
elif [ "${IPTABLES_TARGET}" = "DROP" ] elif [ "${IPTABLES_TARGET}" = "DROP" ]; then
then
IPTABLES_OUTPUT_QUEUE="${IPTABLES_OUTPUT_QUEUE} ${IPTABLES_TABLE} ${IPTABLES_CHAIN} ${IPTABLES_TARGET} GREEN" IPTABLES_OUTPUT_QUEUE="${IPTABLES_OUTPUT_QUEUE} ${IPTABLES_TABLE} ${IPTABLES_CHAIN} ${IPTABLES_TARGET} GREEN"
AddHP 3 3 AddHP 3 3
fi fi
fi fi
if [ "${IPTABLES_CHAIN}" = "INPUT" ] || [ "${IPTABLES_CHAIN}" = "FORWARD" ] || [ "${IPTABLES_CHAIN}" = "OUTPUT" ] if [ "${IPTABLES_CHAIN}" = "INPUT" ] || [ "${IPTABLES_CHAIN}" = "FORWARD" ] || [ "${IPTABLES_CHAIN}" = "OUTPUT" ]; then
then if [ "${IPTABLES_TARGET}" = "NFQUEUE" ]; then
if [ "${IPTABLES_TARGET}" = "NFQUEUE" ]
then
IPTABLES_OUTPUT_QUEUE="${IPTABLES_OUTPUT_QUEUE} ${IPTABLES_TABLE} ${IPTABLES_CHAIN} ${IPTABLES_TARGET} RED" IPTABLES_OUTPUT_QUEUE="${IPTABLES_OUTPUT_QUEUE} ${IPTABLES_TABLE} ${IPTABLES_CHAIN} ${IPTABLES_TARGET} RED"
AddHP 0 3 AddHP 0 3
fi fi
fi fi
fi fi
done done
# resume # Sort output if sort tool is available
if [ ! "${SORTBINARY}" = "" ] if [ -n "${SORTBINARY}" ]; then
then LogText "Info: sorting output"
IPTABLES_OUTPUT="$(echo "${IPTABLES_OUTPUT_QUEUE}" | ${SORTBINARY} -u )" IPTABLES_OUTPUT="$(echo "${IPTABLES_OUTPUT_QUEUE}" | ${SORTBINARY} -u )"
else else
IPTABLES_OUTPUT="${IPTABLES_OUTPUT_QUEUE}" IPTABLES_OUTPUT="${IPTABLES_OUTPUT_QUEUE}"
fi fi
echo "${IPTABLES_OUTPUT}" | while IFS="$(printf '\n')" read -r IPTABLES_OUTPUT_LINE echo "${IPTABLES_OUTPUT}" | while IFS="$(printf '\n')" read -r IPTABLES_OUTPUT_LINE
do do
if [ ! "$IPTABLES_OUTPUT_LINE" = "" ] if [ -n "$IPTABLES_OUTPUT_LINE" ]; then
then
set -- ${IPTABLES_OUTPUT_LINE} set -- ${IPTABLES_OUTPUT_LINE}
while [ $# -gt 0 ] while [ $# -gt 0 ]; do
do LogText "Result: Found target '${3}' for chain '${2}' (table: ${1})"
LogText "Result: Found ${3} for ${2} (table: ${1})" Display --indent 6 --text "- Chain ${2} (table: ${1}, target: ${3})" --result "${3}" --color "${4}"
Display --indent 6 --text "- Checking chain ${2} (table: ${1}, target: ${3})" --result "${3}" --color "${4}"
if [ "${3}" = "NFQUEUE" ] if [ "${3}" = "NFQUEUE" ]
then then
ReportSuggestion "${TEST_NO}" "Consider avoid ${3} target if possible (iptables chain ${2}, table: ${1})" ReportSuggestion "${TEST_NO}" "Consider avoid ${3} target if possible (iptables chain ${2}, table: ${1})"