英文:
How to add rule with IPTables.Net to iptables in real system with .NET 6 Web API
问题
我有一个 .NET 6 Web API 应用程序,我想在托管的系统中编辑我的 iptables 规则(Web API 运行在该系统上)。
我有如下规则:
-A INPUT -m tcp --protocol tcp --source 2.2.2.2 --destination 1.1.1.1 --source-port 111 --destination-port 222 --jump DROP
我在 bash 中尝试了这个规则的 iptables 命令,它能正常工作,但当我尝试创建如下规则时:
IpTablesRule rule = IpTablesRule.Parse($"-A INPUT -m tcp--protocol tcp --source 2.2.2.2 --destination 1.1.1.1 --source-port 111 --destination-port 222 --jump DROP", null, chains);
然后尝试将其添加到系统中,如下所示:
ipTablesSystem = new IpTablesSystem(system: new LocalFactory(), tableAdapter: new IPTablesBinaryAdapter());
inputChain = ipTablesSystem.GetChain(table: Table.FILTER, chain: Chain.INPUT, ipVersion: (int)IpVersion.V4);
inputChain.AddRule(rule);
系统没有出现任何错误或类似的东西,但当我尝试使用 iptables -L 命令在 bash(cli)中查看系统规则时,我看不到我的规则。
为什么我的规则不存在于系统中?如何解决这个问题?
英文:
I have a .NET 6 Web API application and I want to edit my iptables rule in hosted system. (the system that Web API run on it)
I have rule like below
-A INPUT -m tcp --protocol tcp --source 2.2.2.2 --destination 1.1.1.1 --source-port 111 --destination-port 222 --jump DROP
I try this rule in iptables command in bash and work correctly, but when I try to create rule for this like below
IpTablesRule rule = IpTablesRule.Parse($"-A INPUT -m tcp--protocol tcp --source 2.2.2.2 --destination 1.1.1.1 --source-port 111 --destination-port 222 --jump DROP", null, chains);
and then try to add to system like below
ipTablesSystem = new IpTablesSystem(system: new LocalFactory(), tableAdapter: new IPTablesBinaryAdapter());
inputChain = ipTablesSystem.GetChain(table: Table.FILTER, chain: Chain.INPUT, ipVersion: (int)IpVersion.V4);
inputChain.AddRule(rule);
No any error rise on system or something like that, but after I try to see system rules with bash (cli) with iptables -L I do not see my rules
Why my rule does not exist in system? and how to resolve this problem?
答案1
得分: 1
以下是已翻译的部分:
这是关于不正确使用API的问题,正确的方式如下:
IpTablesRule rule = IpTablesRule.Parse($"-A INPUT -m tcp --protocol tcp --source 2.2.2.2 --destination 1.1.1.1 --source-port 111 --destination-port 222 --jump DROP", null, chains);
var ipTablesSystem = new IpTablesSystem(system: new LocalFactory(), tableAdapter: ipTablesAdapter);
IIPTablesAdapterClient table = ipTablesSystem.GetTableAdapter((int)IpVersion.V4);
table.AddRule(rule);
注意,您必须从IpTablesSystem获取表格,然后向表格添加或移除规则。
英文:
This is for bad using of API, the correct way is like below
IpTablesRule rule = IpTablesRule.Parse($"-A INPUT -m tcp --protocol tcp --source 2.2.2.2 --destination 1.1.1.1 --source-port 111 --destination-port 222 --jump DROP", null, chains);
var ipTablesSystem = new IpTablesSystem(system: new LocalFactory(), tableAdapter: ipTablesAdapter);
IIPTablesAdapterClient table = ipTablesSystem.GetTableAdapter((int)IpVersion.V4);
table.AddRule(rule);
The note is, you must get table from IpTablesSystem and add or remove rulse from table.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论