prashantgupta24 · prashantgupta24 · Sep 3, 2020 · Sep 4, 2020 · Sep 4, 2020 · Sep 4, 2020
diff --git a/Makefile b/Makefile
@@ -23,10 +23,10 @@ start-local: clean-db #for testing on your local system without firewalld
 	env=local go run cmd/main.go
 start-server:
 	go run cmd/main.go
-build-linux: # example: make build-linux DB_PATH=/dir/to/db
-	env GOOS=linux GOARCH=amd64 go build -ldflags "-X github.com/prashantgupta24/firewalld-rest/db.pathFromEnv=$(DB_PATH)" -o build/firewalld-rest cmd/main.go
+build-linux:
+	env GOOS=linux GOARCH=amd64 go build -o build/firewalld-rest cmd/main.go
 local-build:
-	go build -ldflags "-X github.com/prashantgupta24/firewalld-rest/db.pathFromEnv=$(DB_PATH)" -o build/firewalld-rest cmd/main.go
+	go build -o build/firewalld-rest cmd/main.go
 copy: build-linux
 	scp build/firewalld-rest root@<server>:/root/rest
 clean-db:

diff --git a/db/db.go b/db/db.go
diff --git a/db/fileType.go b/db/fileType.go
diff --git a/firewallcmd/util.go b/firewallcmd/util.go
@@ -2,14 +2,22 @@ package firewallcmd
 
 import (
 	"fmt"
+	"net"
 	"os/exec"
+	"regexp"
+	"strings"
 )
 
 //EnableRichRuleForIP enables rich rule for IP access + reloads
 //example:
 //firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="10.10.99.10/32" port protocol="tcp" port="22" accept'
 func EnableRichRuleForIP(ipAddr string) (string, error) {
-	cmd1 := exec.Command(`firewall-cmd`, `--permanent`, "--zone=public", `--add-rich-rule=rule family="ipv4" source address="`+ipAddr+`/32" port protocol="tcp" port="22" accept`)
+
+	//check if valid ipv4 address
+	if !isValidIpv4(ipAddr) {
+		return "", fmt.Errorf("not a valid IPv4 address : %v", ipAddr)
+	}
+	cmd1 := exec.Command(`firewall-cmd`, `--permanent`, "--zone=public", `--add-rich-rule=`+createRichRule(ipAddr))
 	//uncomment for debugging
 	// for _, v := range cmd1.Args {
 	// 	fmt.Println(v)
@@ -51,3 +59,51 @@ func reload() (*exec.Cmd, []byte, error) {
 	output, err := cmd.CombinedOutput()
 	return cmd, output, err
 }
+
+//GetIPSInFirewall gets IPs currently in firewall
+func GetIPSInFirewallRule() ([]string, error) {
+
+	var ipsInFirewall []string
+	cmd := exec.Command("firewall-cmd", "--zone=public", "--list-rich-rules")
+	output, err := cmd.CombinedOutput()
+	if err != nil {
+		return nil, fmt.Errorf("error while fetching IPs from firewall-cmd, err: %v", err)
+	}
+
+	stringToSearch := "address=\""
+	richRuleLines := strings.Split(string(output), "\n")
+
+	for _, rule := range richRuleLines {
+		r, _ := regexp.Compile(stringToSearch + "[0-9.]*")
+		ipAddr := strings.TrimPrefix(r.FindString(rule), stringToSearch)
+		if isValidIpv4(ipAddr) {
+			ipsInFirewall = append(ipsInFirewall, ipAddr)
+			//fmt.Println(ipAddr)
+		}
+	}
+	return ipsInFirewall, err
+}
+
+//CheckIPExistsInFirewallRule checks if rich rule exists with IP
+func CheckIPExistsInFirewallRule(ipAddr string) (bool, error) {
+	cmd := exec.Command(`firewall-cmd`, "--zone=public", `--query-rich-rule=`+createRichRule(ipAddr))
+	output, err := cmd.CombinedOutput()
+	if err != nil {
+		return false, err
+	}
+	strOutput := strings.TrimSpace(string(output))
+	if strOutput == "yes" {
+		return true, nil
+	} else if strOutput == "no" {
+		return false, nil
+	}
+	return false, nil
+}
+
+func createRichRule(ipAddr string) string {
+	richRule := `rule family="ipv4" source address="` + ipAddr + `/32" port protocol="tcp" port="22" accept`
+	return richRule
+}
+func isValidIpv4(host string) bool {
+	return net.ParseIP(host) != nil
+}