github.com/caos/orbos@v1.5.14-0.20221103111702-e6cd0cea7ad4/internal/operator/nodeagent/firewall/centos/ports.go (about) 1 package centos 2 3 import ( 4 "fmt" 5 "strings" 6 7 "github.com/caos/orbos/internal/operator/common" 8 ) 9 10 func getAddAndRemovePorts( 11 current *common.ZoneDesc, 12 desiredPorts []*common.Allowed, 13 open []string, 14 currentZone Zone, 15 ) ( 16 []string, 17 []string, 18 ) { 19 20 ensure := make([]string, 0) 21 remove := make([]string, 0) 22 23 alwaysOpen := ignoredPorts(open) 24 25 //ports that should stay open 26 for _, open := range alwaysOpen { 27 found := false 28 openStr := fmt.Sprintf("%s/%s", open.Port, open.Protocol) 29 for _, open := range currentZone.Ports.slice { 30 if open == openStr { 31 found = true 32 break 33 } 34 } 35 if !found { 36 ensure = append(ensure, fmt.Sprintf("--add-port=%s", openStr)) 37 } 38 } 39 40 //desired ports 41 for _, desired := range desiredPorts { 42 found := false 43 desStr := fmt.Sprintf("%s/%s", desired.Port, desired.Protocol) 44 for _, open := range currentZone.Ports.slice { 45 if open == desStr { 46 found = true 47 break 48 } 49 } 50 if !found { 51 ensure = append(ensure, fmt.Sprintf("--add-port=%s", desStr)) 52 } 53 } 54 55 //port that are not desired anymore 56 for _, open := range currentZone.Ports.slice { 57 found := false 58 59 fields := strings.Split(open, "/") 60 port := fields[0] 61 protocol := fields[1] 62 63 current.FW = append(current.FW, &common.Allowed{ 64 Port: port, 65 Protocol: protocol, 66 }) 67 68 for _, desired := range desiredPorts { 69 if desired.Port == port && desired.Protocol == protocol { 70 found = true 71 break 72 } 73 } 74 75 if !found { 76 for _, open := range alwaysOpen { 77 if open.Port == port && open.Protocol == protocol { 78 found = true 79 break 80 } 81 } 82 } 83 84 if !found { 85 remove = append(remove, fmt.Sprintf("--remove-port=%s", open)) 86 } 87 } 88 89 return ensure, remove 90 } 91 92 func ignoredPorts(ports []string) []*common.Allowed { 93 allowed := make([]*common.Allowed, len(ports)) 94 for idx, port := range ports { 95 allowed[idx] = &common.Allowed{ 96 Port: port, 97 Protocol: "tcp", 98 } 99 } 100 return allowed 101 }