List of usage examples for io.netty.handler.ipfilter IpFilterRuleType REJECT
IpFilterRuleType REJECT
To view the source code for io.netty.handler.ipfilter IpFilterRuleType REJECT.
Click Source Link
From source file:org.elasticsearch.xpack.security.transport.filter.PatternRuleTests.java
License:Open Source License
public void testSingleIpRule() throws UnknownHostException { PatternRule rule = new PatternRule(IpFilterRuleType.REJECT, "i:127.0.0.1"); assertFalse(rule.isLocalhost());//w w w. ja v a 2 s .c o m assertTrue(rule.matches(new InetSocketAddress(InetAddress.getByName("127.0.0.1"), 0))); assertEquals(IpFilterRuleType.REJECT, rule.ruleType()); rule = new PatternRule(IpFilterRuleType.REJECT, "i:192.168.*"); assertFalse(rule.isLocalhost()); assertFalse(rule.matches(new InetSocketAddress(InetAddress.getByName("127.0.0.1"), 0))); assertTrue(rule.matches(new InetSocketAddress(InetAddress.getByName("192.168.2.1"), 0))); assertEquals(IpFilterRuleType.REJECT, rule.ruleType()); }
From source file:org.elasticsearch.xpack.security.transport.filter.SecurityIpFilterRule.java
License:Open Source License
static IpFilterRule getRule(boolean isAllowRule, String value) { IpFilterRuleType filterRuleType = isAllowRule ? IpFilterRuleType.ACCEPT : IpFilterRuleType.REJECT; String[] values = value.split(","); if (Arrays.stream(values).anyMatch("_all"::equals)) { // all rule was found. It should be the only rule! if (values.length != 1) { throw new IllegalArgumentException("rules that specify _all may not have other values!"); }/*from ww w . j av a 2s. c o m*/ return isAllowRule ? ACCEPT_ALL : DENY_ALL; } if (value.contains("/")) { // subnet rule... if (values.length != 1) { throw new IllegalArgumentException("multiple subnet filters cannot be specified in a single rule!"); } try { Tuple<InetAddress, Integer> inetAddressIntegerTuple = parseSubnetMask(value); return new IpSubnetFilterRule(inetAddressIntegerTuple.v1(), inetAddressIntegerTuple.v2(), filterRuleType); } catch (UnknownHostException e) { String ruleType = (isAllowRule ? "allow " : "deny "); throw new ElasticsearchException( "unable to create ip filter for rule [" + ruleType + " " + value + "]", e); } } else { // pattern rule - not netmask StringJoiner rules = new StringJoiner(","); for (String pattern : values) { if (InetAddresses.isInetAddress(pattern)) { // we want the inet addresses to be normalized especially in the IPv6 case where :0:0: is equivalent to :: // that's why we convert the address here and then format since PatternRule also uses the formatting to normalize // the value we are matching against InetAddress inetAddress = InetAddresses.forString(pattern); pattern = "i:" + NetworkAddress.format(inetAddress); } else { pattern = "n:" + pattern; } rules.add(pattern); } return new PatternRule(filterRuleType, rules.toString()); } }
From source file:org.elasticsearch.xpack.security.transport.filter.SecurityIpFilterRuleTests.java
License:Open Source License
public void testParseIpSubnetFilterRule() throws Exception { final boolean allow = randomBoolean(); IpFilterRule rule = getRule(allow, "127.0.0.0/24"); assertThat(rule, instanceOf(IpSubnetFilterRule.class)); if (allow) {//from w w w . ja v a2 s.c o m assertEquals(rule.ruleType(), IpFilterRuleType.ACCEPT); } else { assertEquals(rule.ruleType(), IpFilterRuleType.REJECT); } IpSubnetFilterRule ipSubnetFilterRule = (IpSubnetFilterRule) rule; assertTrue(ipSubnetFilterRule.matches(new InetSocketAddress(InetAddress.getByName("127.0.0.1"), 0))); }
From source file:org.elasticsearch.xpack.security.transport.filter.SecurityIpFilterRuleTests.java
License:Open Source License
public void testParsePatternRules() { final boolean allow = randomBoolean(); String ruleSpec = "127.0.0.1,::1,192.168.0.*,name*,specific_name"; IpFilterRule rule = getRule(allow, ruleSpec); assertThat(rule, instanceOf(PatternRule.class)); if (allow) {//from www . j a v a 2 s . c o m assertEquals(rule.ruleType(), IpFilterRuleType.ACCEPT); } else { assertEquals(rule.ruleType(), IpFilterRuleType.REJECT); } }