ahdoawhfo/IPTables-Management
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity

Harden rule health checks

Browse Source
This commit is contained in:
ahdoawhfo
2026-04-17 11:21:54 +08:00
parent 7b854c7a96
commit 4c431584eb
5 changed files with 74 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
lib/rules_mgr.sh
View File

@@ -130,8 +130,16 @@ rules_load_lines() {
}
rule_health_mark() {
local uuid=${1-}
if ipt_find_by_uuid "${uuid}" >/dev/null 2>&1; then
local line=${1-}
local uuid proto lport tip tport ipver
uuid=$(rule_field "${line}" uuid)
proto=$(rule_field "${line}" proto)
lport=$(rule_field "${line}" lport)
tip=$(rule_field "${line}" tip)
tport=$(rule_field "${line}" tport)
ipver=$(rule_field "${line}" ipver)
if ipt_rule_healthy "${uuid}" "${proto}" "${lport}" "${tip}" "${tport}" "${ipver}"; then
printf '✓\n'
else
printf '!\n'
@@ -156,7 +164,7 @@ render_rules_plain() {
tport=$(rule_field "${line}" tport)
ipver=$(rule_ipver_label "$(rule_field "${line}" ipver)")
desc=$(rule_field "${line}" desc || true)
health=$(rule_health_mark "${uuid}")
health=$(rule_health_mark "${line}")
printf '%-3s %-10s %-10s %-32s %-10s %-12s %-4s %s\n' \
"$((idx + 1))" "${proto}" "${lport}" "${tip}" "${tport}" "${ipver}" "${health}" "${desc}"
done
@@ -166,7 +174,7 @@ cmd_list() {
local pause=${1:-1}
rules_load_lines
render_rules_plain "${RULES_CACHE[@]}"
printf '[✓] 已在 iptables 中找到规则;[!] 仅存在于数据库中。\n'
printf '[✓] 运行态规则完整;[!] 至少缺少一条运行态规则或仅存在于数据库中。\n'
if [[ ${pause} == 1 ]]; then
pause_return
fi