clear iptables while running

2024-10-21 23:11:59 +03:00 · 2024-10-21 23:11:59 +03:00 · dc0ec0db19
commit dc0ec0db19
parent 1a2ce765f9
2 changed files with 61 additions and 0 deletions
--- a/kvas2.go
+++ b/kvas2.go
@ -472,6 +472,10 @@ func New(config Config) (*App, error) {
 		return nil, fmt.Errorf("netfilter helper init fail: %w", err)
 	}
 	app.NetfilterHelper4 = nh4
+	err = app.NetfilterHelper4.ClearIPTables(app.Config.ChainPrefix)
+	if err != nil {
+		return nil, fmt.Errorf("failed to clear iptables: %w", err)
+	}

 	app.Groups = make(map[int]*Group)

--- a/netfilter-helper/iptables-cleaner.go
+++ b/netfilter-helper/iptables-cleaner.go
@ -0,0 +1,57 @@
+package netfilterHelper
+
+import (
+	"fmt"
+	"strings"
+)
+
+func (nh *NetfilterHelper) ClearIPTables(chainPrefix string) error {
+	jumpToChainPrefix := fmt.Sprintf("-j %s", chainPrefix)
+	tableList := []string{"nat", "mangle", "filter"}
+
+	for _, table := range tableList {
+		chainListToDelete := make([]string, 0)
+
+		chains, err := nh.IPTables.ListChains(table)
+		if err != nil {
+			return fmt.Errorf("listing chains error: %w", err)
+		}
+
+		for _, chain := range chains {
+			if strings.HasPrefix(chain, chainPrefix) {
+				chainListToDelete = append(chainListToDelete, chain)
+				continue
+			}
+
+			rules, err := nh.IPTables.List(table, chain)
+			if err != nil {
+				return fmt.Errorf("listing rules error: %w", err)
+			}
+
+			for _, rule := range rules {
+				ruleSlice := strings.Split(rule, " ")
+				if len(ruleSlice) < 2 || ruleSlice[0] != "-A" || ruleSlice[1] != chain {
+					// TODO: Warn
+					continue
+				}
+				ruleSlice = ruleSlice[2:]
+
+				if strings.Contains(strings.Join(ruleSlice, " "), jumpToChainPrefix) {
+					err := nh.IPTables.Delete(table, chain, ruleSlice...)
+					if err != nil {
+						return fmt.Errorf("rule deletion error: %w", err)
+					}
+				}
+			}
+		}
+
+		for _, chain := range chainListToDelete {
+			err := nh.IPTables.ClearAndDeleteChain(table, chain)
+			if err != nil {
+				return fmt.Errorf("deleting chain error: %w", err)
+			}
+		}
+	}
+
+	return nil
+}