Check if an iptables chain exists #1186
Conversation
There was a problem hiding this comment.
Thanks @frankiejol for your contribution! I've left some notes to address/discuss in a review before we decide about merging.
lib/Rex/Commands/Iptables.pm
Outdated
| =cut | ||
|
|
||
| sub chain_exists { | ||
| my ( $table, $chain, @params ) = @_; |
There was a problem hiding this comment.
I believe this might not be consistent with the other command's convention to support -6 as first parameter to signal usage of IPv6.
Also how about these as target usage examples:
chain_exists 'foo'; # $table defaulting to 'filter'chain_exists 'foo', table => 'filter';chain_exists -6, 'foo'; # IPv6
lib/Rex/Commands/Iptables.pm
Outdated
| my $iptables = _get_executable( \@params ); | ||
| my @lines = run "$iptables-save"; | ||
|
|
||
| return _chain_exists( $table, $chain, @lines ); |
There was a problem hiding this comment.
I think it might be simpler and faster to check for the return code of iptables [--table $table] --list $chain > /dev/null command. If the chain exists it will be true, but otherwise false.
Perhaps even the built-in iptables() sub can be used for that too (but it probably needs to be wrapped in a try-catch block as it die()s in case of non-OK return codes).
|
@frankiejol: thanks for the followup! It seems like there are some failing tests. Could you take a look at those, please? If you add followup commits, please make sure the commit history remains readable (I guess two commits, one for the test and one for the new functionality would suffice here). Feel free to rebase on top of current master and force push your feature branch for that. |
New method to check if a chain exists in a given iptables filter