github.com/caos/orbos@v1.5.14-0.20221103111702-e6cd0cea7ad4/internal/operator/nodeagent/firewall/centos/ports.go

github.com/caos/orbos@v1.5.14-0.20221103111702-e6cd0cea7ad4/internal/operator/nodeagent/firewall/centos/ports.go (about)

     1  package centos
     2  
     3  import (
     4  	"fmt"
     5  	"strings"
     6  
     7  	"github.com/caos/orbos/internal/operator/common"
     8  )
     9  
    10  func getAddAndRemovePorts(
    11  	current *common.ZoneDesc,
    12  	desiredPorts []*common.Allowed,
    13  	open []string,
    14  	currentZone Zone,
    15  ) (
    16  	[]string,
    17  	[]string,
    18  ) {
    19  
    20  	ensure := make([]string, 0)
    21  	remove := make([]string, 0)
    22  
    23  	alwaysOpen := ignoredPorts(open)
    24  
    25  	//ports that should stay open
    26  	for _, open := range alwaysOpen {
    27  		found := false
    28  		openStr := fmt.Sprintf("%s/%s", open.Port, open.Protocol)
    29  		for _, open := range currentZone.Ports.slice {
    30  			if open == openStr {
    31  				found = true
    32  				break
    33  			}
    34  		}
    35  		if !found {
    36  			ensure = append(ensure, fmt.Sprintf("--add-port=%s", openStr))
    37  		}
    38  	}
    39  
    40  	//desired ports
    41  	for _, desired := range desiredPorts {
    42  		found := false
    43  		desStr := fmt.Sprintf("%s/%s", desired.Port, desired.Protocol)
    44  		for _, open := range currentZone.Ports.slice {
    45  			if open == desStr {
    46  				found = true
    47  				break
    48  			}
    49  		}
    50  		if !found {
    51  			ensure = append(ensure, fmt.Sprintf("--add-port=%s", desStr))
    52  		}
    53  	}
    54  
    55  	//port that are not desired anymore
    56  	for _, open := range currentZone.Ports.slice {
    57  		found := false
    58  
    59  		fields := strings.Split(open, "/")
    60  		port := fields[0]
    61  		protocol := fields[1]
    62  
    63  		current.FW = append(current.FW, &common.Allowed{
    64  			Port:     port,
    65  			Protocol: protocol,
    66  		})
    67  
    68  		for _, desired := range desiredPorts {
    69  			if desired.Port == port && desired.Protocol == protocol {
    70  				found = true
    71  				break
    72  			}
    73  		}
    74  
    75  		if !found {
    76  			for _, open := range alwaysOpen {
    77  				if open.Port == port && open.Protocol == protocol {
    78  					found = true
    79  					break
    80  				}
    81  			}
    82  		}
    83  
    84  		if !found {
    85  			remove = append(remove, fmt.Sprintf("--remove-port=%s", open))
    86  		}
    87  	}
    88  
    89  	return ensure, remove
    90  }
    91  
    92  func ignoredPorts(ports []string) []*common.Allowed {
    93  	allowed := make([]*common.Allowed, len(ports))
    94  	for idx, port := range ports {
    95  		allowed[idx] = &common.Allowed{
    96  			Port:     port,
    97  			Protocol: "tcp",
    98  		}
    99  	}
   100  	return allowed
   101  }