-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathipcontrol.js
96 lines (71 loc) · 2.86 KB
/
ipcontrol.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
var child_process = require( 'child_process' );
var express = require( 'express' );
var bodyParser = require( 'body-parser' );
var app = express();
var revertRules = {};
app.use( bodyParser.json() );
app.post( '/restriction/:containerIp', function ( req, res )
{
var containerIp = req.params.containerIp;
var hosts = req.body.hosts;
child_process.execSync( 'iptables -w -A FORWARD --src ' + containerIp + ' --dst 8.8.8.8 -j ACCEPT' );
for( var i = 0; i < hosts.length; i++ )
{
child_process.execSync( 'iptables -w -A FORWARD --src ' + containerIp + ' --dst ' + hosts[i] + ' -j ACCEPT' );
}
child_process.execSync( 'iptables -w -A FORWARD --src ' + containerIp + ' -j REJECT --reject-with icmp-host-prohibited' );
revertRules[containerIp] = {};
revertRules[containerIp].allow = [];
for( var j = 0; j < hosts.length; j++ )
{
revertRules[containerIp].allow.push( 'iptables -w -D FORWARD --src ' + containerIp + ' --dst ' + hosts[j] + ' -j ACCEPT' );
}
revertRules[containerIp].reject = 'iptables -w -D FORWARD --src ' + containerIp + ' -j REJECT --reject-with icmp-host-prohibited';
res.end();
} );
app.delete( '/restriction/:containerIp', function ( req, res )
{
var containerIp = req.params.containerIp;
for( var i = 0; i < revertRules[containerIp].allow.length; i++ )
{
child_process.execSync( revertRules[containerIp].allow[i] );
}
child_process.execSync( revertRules[containerIp].reject );
revertRules[containerIp] = {};
res.end();
} );
app.post( '/restriction/:containerIp/remove', function ( req, res )
{
var containerIp = req.params.containerIp;
var host = req.body.host;
if( revertRules[containerIp] )
{
for( var i = 0; i < revertRules[containerIp].allow.length; i++ )
{
if( revertRules[containerIp].allow[i].indexOf( host ) > -1 )
{
child_process.execSync( revertRules[containerIp].allow[i] )
}
}
}
res.end();
} );
app.post( '/restriction/:containerIp/add', function ( req, res )
{
var containerIp = req.params.containerIp;
var host = req.body.host;
if( revertRules[containerIp] )
{
child_process.execSync( revertRules[containerIp].reject );
child_process.execSync( 'iptables -w -A FORWARD --src ' + containerIp + ' --dst ' + host + ' -j ACCEPT' );
child_process.execSync( 'iptables -w -A FORWARD --src ' + containerIp + ' -j REJECT --reject-with icmp-host-prohibited' );
revertRules[containerIp].allow.push( 'iptables -w -D FORWARD --src ' + containerIp + ' --dst ' + host + ' -j ACCEPT' );
}
res.end();
} );
var server = app.listen( 3000, '0.0.0.0', function ()
{
var host = server.address().address;
var port = server.address().port;
console.log( 'External Host Controller running at http://%s:%s', host, port );
} );