lib/shutter/iptables.rb in shutter-0.1.0 vs lib/shutter/iptables.rb in shutter-0.2.0

@@ -95,10 +95,20 @@
       def iptables_restore
         "#{@os.iptables_restore}"
       end
 
       ###
+      ### Check to see if base and iptables-save content match
+      ###
+      def check
+        gen_rules = filter_and_sort(generate)
+        ips_rules = filter_and_sort(iptables_save)
+        extra_rules = ips_rules - gen_rules
+        extra_rules.empty?
+      end
+
+      ###
       ### Block Generation
       ###
       def forward_block
         content = ""
         @iface_forward.each do |line|
@@ -209,9 +219,20 @@
         "-A Bastards -s #{ip} -j DropBastards\n"
       end
 
       def dmz_device_content(iface)
         "-A Dmz -i #{iface} -j ACCEPT\n"
+      end
+
+      private
+      ###
+      ### Filter and sort iptables-save for checking
+      ###
+      def filter_and_sort(content)
+        filtered = content.scan(/^[:-].*$/).sort
+        # Make sure that we remove (gsub) the counts on the chains and remove any
+        # trailing whitespace and newlines
+        filtered.map {|x| x.gsub(/\ \[.*\]/,"").strip}
       end
 
     end
   end
 end
\ No newline at end of file