Examples with IpAccessListLine org.batfish.datamodel.IpAccessListLine used on opensource projects

Example 21 with IpAccessListLine

use of org.batfish.datamodel.IpAccessListLine in project batfish by batfish.

the class Region method applySecurityGroupsAcls.

private void applySecurityGroupsAcls(Map<String, Configuration> cfgNodes) {
    for (Entry<String, Set<SecurityGroup>> entry : _configurationSecurityGroups.entrySet()) {
        Configuration cfgNode = cfgNodes.get(entry.getKey());
        List<IpAccessListLine> inboundRules = new LinkedList<>();
        List<IpAccessListLine> outboundRules = new LinkedList<>();
        entry.getValue().forEach(securityGroup -> securityGroup.addInOutAccessLines(inboundRules, outboundRules, this));
        // create ACLs from inboundRules and outboundRules
        IpAccessList inAcl = new IpAccessList(SG_INGRESS_ACL_NAME, inboundRules);
        IpAccessList outAcl = new IpAccessList(SG_EGRESS_ACL_NAME, outboundRules);
        cfgNode.getIpAccessLists().put(SG_INGRESS_ACL_NAME, inAcl);
        cfgNode.getIpAccessLists().put(SG_EGRESS_ACL_NAME, outAcl);
        // applying the filters to all interfaces in the node
        cfgNode.getInterfaces().values().forEach(iface -> {
            iface.setIncomingFilter(inAcl);
            iface.setOutgoingFilter(outAcl);
        });
    }
}

Example 22 with IpAccessListLine

use of org.batfish.datamodel.IpAccessListLine in project batfish by batfish.

the class IpPermissions method toIpAccessListLine.

private IpAccessListLine toIpAccessListLine() {
    IpAccessListLine line = new IpAccessListLine();
    line.setAction(LineAction.ACCEPT);
    IpProtocol protocol = toIpProtocol(_ipProtocol);
    if (protocol != null) {
        line.setIpProtocols(Collections.singleton(protocol));
    }
    // if the range isn't all ports, set it in ACL
    if (_fromPort != 0 || _toPort != 65535) {
        line.setDstPorts(Collections.singleton(new SubRange(_fromPort, _toPort)));
    }
    return line;
}

Example 23 with IpAccessListLine

use of org.batfish.datamodel.IpAccessListLine in project batfish by batfish.

the class IpPermissions method toIngressIpAccessListLine.

public IpAccessListLine toIngressIpAccessListLine(Region region) {
    IpAccessListLine line = toIpAccessListLine();
    line.setSrcIps(collectIpWildCards(region));
    return line;
}

Example 24 with IpAccessListLine

use of org.batfish.datamodel.IpAccessListLine in project batfish by batfish.

the class IptablesVendorConfiguration method applyAsOverlay.

public void applyAsOverlay(Configuration configuration, Warnings warnings) {
    IpAccessList prerouting = configuration.getIpAccessLists().remove("mangle::PREROUTING");
    IpAccessList postrouting = configuration.getIpAccessLists().remove("mangle::POSTROUTING");
    if (!configuration.getIpAccessLists().isEmpty()) {
        throw new BatfishException("Merging iptables rules for " + configuration.getName() + ": only mangle tables are supported");
    }
    if (prerouting != null) {
        for (Interface i : configuration.getInterfaces().values()) {
            String dbgName = configuration.getHostname() + ":" + i.getName();
            List<IpAccessListLine> newRules = prerouting.getLines().stream().filter(l -> {
                String iface = _lineInInterfaces.get(l);
                return iface == null || i.getName().equals(iface);
            }).collect(Collectors.toList());
            if (i.getIncomingFilter() != null) {
                throw new BatfishException(dbgName + " already has a filter," + " cannot combine with iptables rules!");
            }
            String aclName = "iptables_" + i.getName() + "_ingress";
            IpAccessList acl = new IpAccessList(aclName, newRules);
            if (configuration.getIpAccessLists().putIfAbsent(aclName, acl) != null) {
                throw new BatfishException(dbgName + " acl " + aclName + " already exists");
            }
            i.setIncomingFilter(acl);
        }
    }
    if (postrouting != null) {
        for (Interface i : configuration.getInterfaces().values()) {
            String dbgName = configuration.getHostname() + ":" + i.getName();
            List<IpAccessListLine> newRules = postrouting.getLines().stream().filter(l -> {
                String iface = _lineOutInterfaces.get(l);
                return iface == null || i.getName().equals(iface);
            }).collect(Collectors.toList());
            if (i.getOutgoingFilter() != null) {
                throw new BatfishException(dbgName + " already has a filter," + " cannot combine with iptables rules!");
            }
            String aclName = "iptables_" + i.getName() + "_egress";
            IpAccessList acl = new IpAccessList(aclName, newRules);
            if (configuration.getIpAccessLists().putIfAbsent(aclName, acl) != null) {
                throw new BatfishException(dbgName + " acl " + aclName + " already exists");
            }
            i.setOutgoingFilter(acl);
        }
    }
}

Example 25 with IpAccessListLine

use of org.batfish.datamodel.IpAccessListLine in project batfish by batfish.

the class BdpDataPlanePluginTest method makeAclLine.

@SuppressWarnings("unused")
private static IpAccessListLine makeAclLine(LineAction action) {
    IpAccessListLine aclLine = new IpAccessListLine();
    aclLine.setAction(action);
    return aclLine;
}