Managing IPTables via GoLang

Please do not omit error values without checking, they might tell you exactly why there is nothing in out

err is nil
when i print s then it is printing

What exactly is it printing then?

Also using strings.Split might be much more efficient than using a regex here…

when am printing string(out) then am getting this :
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
1 DROP all – google.com anywhere
2 DROP all – testgoogle.com anywhere
3 DROP all – color1.centos.com anywhere
4 DROP all – color2.centos.com anywhere
5 DROP all – color3.centos.com anywhere
6 DROP all – color4.centos.com anywhere
7 DROP all – color5.centos.com anywhere
8 DROP all – color6.centos.com anywhere

and when i print s then i’m getting this :
[Chain OUTPUT (policy ACCEPT) num target prot opt source destination 1 DROP all – google.com anywhere 2 DROP all – testgoogle.com anywhere 3 DROP all – color1.centos.com anywhere 4 DROP all – color2.centos.com anywhere 5 DROP all – color3.centos.com anywhere 6 DROP all – color4.centos.com anywhere 7 DROP all – color5.centos.com anywhere 8 DROP all – color6.centos.com anywhere ]

Oh, the condition is odd. It will only run the loop as long as it is true, so it will never print something. You probably want > 0 and adjust index within the loop.

Alternatively reverse the slice and then use a range based loop.

i done this :

package main

import (
	"fmt"
	"os/exec"
	"regexp"
)

func main() {
	var1 := "iptables"
	var2 := "--list"
	var3 := "OUTPUT"
	var4 := "--line-number"
	out, err := exec.Command(var1, var2, var3, var4).Output()
	fmt.Printf("%s\n\n", string(out))
	fmt.Printf("%s\n\n", err)
	s := regexp.MustCompile("\n").Split(string(out), -1)
	fmt.Printf("%s\n\n", s)
	for i := 0; i < len(s); i++ {
		fmt.Printf("%s\n", s[i])
		if s[i] == "2    DROP       all  --  testgoogle.com        anywhere" {
			fmt.Printf("Done on %d\n", i)
		}
	}

}

but it’s not returning Done on :neutral_face:

thanks, it;s done

Sir, i have written code it is working but having some issues. like if i delete rule 3 then rule 4 becomes rule 3 and rule 5 becomes rule 4 and so one.
but in my code, i’m unable to do this. can you suggest ?
here’s my code :

	var1 := "iptables"
	var2 := "--list"
	var3 := "OUTPUT"
	var4 := "--line-number"
	out, _ := exec.Command(var1, var2, var3, var4).Output()
	s := regexp.MustCompile("\n").Split(string(out), -1)
	for i := 0; i < len(s); i++ {
		out2, _ := exec.Command(var1, var2, var3, var4).Output()
		s2 := regexp.MustCompile("\n").Split(string(out2), -1)

		check1 := strings.Contains(s[i], "DROP       all  --  color1.centos.com     anywhere")
		check2 := strings.Contains(s[i], "DROP       all  --  color2.centos.com     anywhere")
		check3 := strings.Contains(s[i], "DROP       all  --  color3.centos.com    anywhere")
		check4 := strings.Contains(s[i], "DROP       all  --  color4.centos.com     anywhere")
		check5 := strings.Contains(s[i], "DROP       all  --  color5.centos.com     anywhere")
		check6 := strings.Contains(s[i], "DROP       all  --  color6.centos.com     anywhere")
		if check1 == true {

			rule := regexp.MustCompile(" ").Split(string(s2[i]), -1)
			d := "-D"
			fmt.Printf("%s\n", rule[0])
			_, _ = exec.Command(var1, d, var3, rule[0]).Output()

		}
		if check2 == true {

			rule := regexp.MustCompile(" ").Split(string(s2[i]), -1)
			d := "-D"
			fmt.Printf("%s\n", rule[0])
			_, _ = exec.Command(var1, d, var3, rule[0]).Output()

		}
		if check3 == true {

			rule := regexp.MustCompile(" ").Split(string(s2[i]), -1)
			d := "-D"
			fmt.Printf("%s\n", rule[0])
			_, _ = exec.Command(var1, d, var3, rule[0]).Output()

		}
		if check4 == true {

			rule := regexp.MustCompile(" ").Split(string(s2[i]), -1)
			d := "-D"

			fmt.Printf("%s\n", rule[0])
			_, _ = exec.Command(var1, d, var3, rule[0]).Output()

		}
		if check5 == true {

			rule := regexp.MustCompile(" ").Split(string(s2[i]), -1)
			d := "-D"

			fmt.Printf("%s\n", rule[0])

			_, _ = exec.Command(var1, d, var3, rule[0]).Output()
		}
		if check6 == true {

			rule := regexp.MustCompile(" ").Split(string(s2[i]), -1)
			d := "-D"

			fmt.Printf("%s\n", rule[0])

			_, _ = exec.Command(var1, d, var3, rule[0]).Output()

		}
	}
  1. Why are you checking for full strings? In the bash examples you are checking just for .centos.com
  2. Exactly because of the “wandering IDs” I suggested to move backwards through the list, that way IDs won’t wander away, but will still be “correct” by the time you reach them. If you delete ID 3, then IDs 2 and 1, which you haven’t cheked yet, will still be 1 and 2 when you reach them. If though you move forward through the list, then you are right, you have to consider those moving IDs, as after deletion of 2, there will be a new entry with “ID” 2, the one that had ID 3 before deletion.

so sir what should you suggest? can you tell me any solution?
like after delete of one rule should i substract rule[0]-1 ?
or do you have any solution?

Let me say it again:

There is no need to, relevant IDs won’t change!

If I misunderstand your issue, please post with example output.

sir was saying that i have written an code, which i given in above reply.
That code is working fine but rule issue. My code reads all firewall rules, convert them to slices and then check every slices and check that the slice contains DROP ALL – color1-6.centos.com or not. If contains then it seperate the string slice into another slice by space. called rule and then it deleted the firewall by getting the first element of the slice via rule[0]
First element is the number of IPTables rule.
Like
3 DROP all – color1.centos.com anywhere
so it reads 3 in rule[0] and deletes the rule.

But the issue here is, if we delete IPTables rule 3 then the rule 4 will became rule 3 and rule 5 became rule 4
But my script won’t function like that, because it has read all rules of iptables before.
You can check my code if i haven’t explained well

So I’m saying do you have any solution of this?

I’m thinking this :
I will create an integer type variable called deleted
var deleted int
deleted = 0

Then whenever i delete a firewall rule i will increment the value of deleted by one deleted += 1
and then i will delete rule like this :
myrule = strconv.Atoi(rule[0])-deleted
then i will delete IPTables rules of rule no myrule
Have you got it? If you got it then pls tell me how is it ?

Which is iterating forward. Do yourself a favor and iterate backwards! That will not have that issue. Have said this about a hundred times now

Alternatively use -S instead of --list.

Might be worth having a look at the https://github.com/coreos/go-iptables package