douneiben2240 2013-12-09 13:52
浏览 62
已采纳

将IPTables输出拆分为数据库的多维数组

I'm trying to get the current IPTables rules in my Debian server neatly listed up in a database.

To do this, I've written a few steps.

  1. First, we get the IPTables output with line number. (Input chain for example)

    iptables -L INPUT -nvx --line

I get a neat output, that I want to get in my database the exact same way. For example; 

Number, Chain, Protocol, Port, in, out

etcetera.

To get this output to be compatible with importing to the database, I need to get it into a multidimensional array. This is where I'm stuck. It's needs to be like this;

[0] (entry of rule)
[number],[chain],[protocol]...

[1]
[number],[chain],[protocol]

How exactly can I do this the most efficient way?

-- UPDATED CODE --

function getIPTables() {
$processHandle = popen('/usr/bin/sudo /sbin/iptables -L INPUT -nvx --line-numbers | tail -n +3', 'r');
$content = '';
    while (!feof($processHandle)) {
        $content .= fread($processHandle, 4096);
    }
pclose($processHandle);



// break out all new lines into an array
$lines = explode("
", $content);


foreach ($lines as $line) {
    $commands = array();

    $segments = explode(" ", $line); 

    $newEntry = array(
        'Number'    =>  $segments[0],
        'Chain'     =>  $segments[1],
        'Protocol'  =>  $segments[2],
        'Port'      =>  $segments[3],
        'in'        =>  $segments[4],
        'out'       =>  $segments[5]
    );
    array_push($commands, $newEntry);
    print_r($commands);
}



}

-- OUTPUT --

root@debian:/home/michael/Documents/PHPCLIFILES# php getAllRules
Local DB rules from users loaded in array 
 PHP Notice:  Undefined offset: 1 in /home/michael/Documents/PHPCLIFILES/getAllRules on line 47
PHP Notice:  Undefined offset: 2 in /home/michael/Documents/PHPCLIFILES/getAllRules on line 48
PHP Notice:  Undefined offset: 3 in /home/michael/Documents/PHPCLIFILES/getAllRules on line 49
PHP Notice:  Undefined offset: 4 in /home/michael/Documents/PHPCLIFILES/getAllRules on line 50
PHP Notice:  Undefined offset: 5 in /home/michael/Documents/PHPCLIFILES/getAllRules on line 51
  • 写回答

1条回答 默认 最新

  • douzai3399 2013-12-09 14:01
    关注

    I'm going to assume that your regex's are correct. You're actually appending everything to the same string using $commands .= <some text>. Rather than appending it to the same string, you should make $commands an array. Then you want to instantiate a new array for every line you go into ($line). push the things you want to keep onto your $line array, and at the end of every line you array_push($commands, $line)

    Array_push(): http://php.net/manual/en/function.array-push.php

    this could be an approach for your foreach()

    foreach ($lines as $line) {
    $commands = new array;
    if (empty($line)) {
        continue; //empty lines are silly
    }
    // ... do all the checks to validate if you currently have a valid LINE
    //We know that whatever we have now is a valid line 
    $segments = explode(line bla bla); //explode this line on tabs or spaces .. dunno what the output of your console is.
    //At this point you know exactly where every part you need is, considering the console always gives the same output.
    //Either you do some validations here, or you go for the lazy approach and go:
    $newEntry = array(
        'Number'    =>  $segments[0],
        'Chain'     =>  $segments[1],
        'Protocol'  =>  $segments[2],
        'Port'      =>  $segments[3],
        'in'        =>  $segments[4],
        'out'       =>  $segments[5]
    );
    array_push($commands, $newentry);
}

    code is not tested, but you should get an idea where i'm going to.

    Your code: 

    //instantiate a new empty named variable.
$commands = '';
//for every line in your console-dump file
foreach ($lines as $line) {
    //Is the line empty
    if (empty($line)) {
        //skip line and go to next line
        continue;
    }
    //Does the line start with #
    if (preg_match('/^#/', $line) === 1) {
        //skip line and go to next line
        continue;
    }
    //Does the line start with *
    if (preg_match('/^\*/', $line) === 1) {
        //skip line and go to next line
        continue;
    }
    //Does the line start with 'COMMIT'
    if (preg_match('/^COMMIT/', $line) === 1) {
        //skip line and go to next line
        continue;
    }
    //we have a valid line now, so let's do stuff
    $match = array();
    //Does the line contain:
    if (preg_match('/^:([A-Z ]*).*/', $line, $match) === 1) {
        //skip line and go to next line
        continue;
    }
    //Only if the line is a 'valid' line, and does not have your last match,
    //Then you will append "iptables {$line}
" to $commands
    $commands .= "iptables {$line}
";
    //This way it was a bit useless for you to cut up the line using the preg_match
    //and store it into $match, cause you don't do anything with $match
}

    Your initial approach is good. And depending how your console returns predictable values, you either follow your approach with the regex (but then actually use the result) or you just go the lazy approach and use the one i suggested.

    Do note that CONTINUE actually breaks your current loop, and goes into the next iteration.

    $array = array(1, 2, 3, 4, 5);
foreach($array as $number){
    if($number < 3){
        continue;
    }
    print($number .'
');
}

    The outcome will be: 

    3

4

5

    as continue actually completely stops this attempt in your foreach()

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

  • IPTables输出拆分数据库多维数组 linux php
    2013-12-09 13:52
    回答 1 已采纳 I'm going to assume that your regex's are correct. You're actually appending everything to the sam
  • Linux CentOS7.5服务器设置白名单iptables无效 linux
    2019-08-08 12:43
    回答 4 已采纳 没生效,肯定是你的iptables没配置好 云服务器的安全组和iptables相当于2道防线,比如,你要想开放某个端口,必须安全组和iptables两边都放开,才行 ![图片说明](https:/
  • Linux中iptables中如何打开指定的端口 linux 服务器
    2021-12-24 10:27
    回答 3 已采纳 查看状态:iptables -L -n下面添加对特定端口开放的方法:使用iptables开放如下端口/sbin/iptables -I INPUT -p tcp --dport 8000 -j ACC
  • MySQL高级(SQL优化)
    2022-12-18 23:15
    CODER-V的博客 InnoDB 存储引擎是以页为单位来管理存储空间的,我们进行的增删改查操作其实本质上都是在访问页面(包括读页面、写页面、创建新页面等操作)。而磁盘 I/O 需要消耗的时间很多,而在内存中进行操作,效率则会高很多,...
  • 使用 iptables 在中转服务器上进行端口转发 如何控制限速每个端口ip 网速 收发包的数量 linux 有问必答
    2021-08-21 20:58
    回答 1 已采纳 可以使用iptables+tc进行限速
  • Ubuntu 18.20为什么无法打开端口 ubuntu 服务器 网络
    2023-02-02 11:32
    回答 3 已采纳 没有进程监听在8080端口,所以连接被拒绝。在iptables中打开端口只是防火墙的一部分,还要你自己在计算机上运行一个应用程序来监听该端口。你试试在8080端口上运行一个服务器,当该服务器正在监听该
  • iptables 删除nat配置,无法阻断历史会话 linux tcp/ip 网络安全
    2022-08-22 17:24
    回答 2 已采纳 这是因为在Linux上还有nat的会话,这个会话是根据你的nat规则生成的,数据进来后会先匹配会话,没有会话再根据nat规则生成回话,还有这个回话是有超时时间的,很显然你在删除防火墙规则时你这个回话还
  • PHP常见面试题1
    2022-01-08 20:06
    By Cool.的博客 200:请求已完成 301:永久重定向 302:临时重定向 304:未修改 400:错误请求 ...500:服务器内部错误 502:网关错误 503:服务不可用 504:网关超时 505:HTTP版本不受支持 二、对Restful的理解 ...
  • iptables这样使用是否有效 tcp/ip
    2023-03-08 21:53
    回答 1 已采纳 该回答引用ChatGPT 这两条iptables命令都可以拒绝来自IP地址为52.81.126.7的单个主机的入站连接。但是,这两个命令的行为略有不同。 iptables -I INPUT -
  • iptables与route命令求解 linux
    2016-09-16 13:25
    回答 1 已采纳 http://www.cnblogs.com/hanerfan/p/5810606.html
  • Linux防火墙iptables命令 linux
    2022-10-06 10:30
    回答 3 已采纳 简单的对端口过滤报文命令,在网上有很多参考啊
  • IT运维面试问题总结
    2021-04-28 13:51
    IT_狂奔者的博客 DDOS:分布式拒绝服务(DDoS:Distributed Denial of Service),DDoS攻击指借助于客户/服务器技术,将多个计算机联合起来作为攻击平台,对一个或多个目标发动DDoS攻击,从而成倍地提高拒绝服务攻击的威力。...
  • linux iptables相关问题 linux 运维 运维开发
    2022-08-11 14:19
    回答 3 已采纳 这篇文章:Linux中iptables的相关配置 也许有你想要的答案,你可以看看你还可以看下linux参考手册中的 linux iptables-save 它将把当前的iptables规则保存在一个用
  • 【linux学习笔记】一、基础
    2023-11-30 16:43
    宝贝儿好的博客 自己写应用 自己写接口 自己部署...目前我们用的操作系统以windows为主,此外还有的同学是mac本就是苹果系统。 以后会接触到性能、性能优化、硬盘和内存之间的关系,应该怎么处理硬盘和内存之间的关系等问题,都是在
  • 笔记,后期整理
    2019-09-29 12:48
    weixin_30278237的博客 updatedb 更新文件位置数据库 locate 文件名 firefox python java xshell /cmder linux 网络设置 网卡配置文件所在的位置:/etc/sysconfig/network-scripts/ ls 会看到以ifcfg开头的文件 ^^^^^^^^^^^^^^^^^^...
  • 软件设计师复习资料
    2019-01-27 21:18
    weixin_44304265的博客 有很多怪异的风格,他们将缩进格式定义为4个字符(设置为2个字符!)的深度,这就象试图将PI定义为3一样让人难以接受. 理由是:缩进的大小是为了清楚的定义一个块的开始和结束.特别是当你已经在计算机前面呆了20多个小时...
  • 没有解决我的问题, 去提问

悬赏问题

  • ¥15 求学软件的前人们指明方向🥺
  • ¥50 如何增强飞上天的树莓派的热点信号强度,以使得笔记本可以在地面实现远程桌面连接
  • ¥15 MCNP里如何定义多个源?
  • ¥20 双层网络上信息-疾病传播
  • ¥50 paddlepaddle pinn
  • ¥20 idea运行测试代码报错问题
  • ¥15 网络监控:网络故障告警通知
  • ¥15 django项目运行报编码错误
  • ¥15 STM32驱动继电器
  • ¥15 Windows server update services