Package org.jboss.netty.handler.ipfilter
Class IpFilterRuleHandler
java.lang.Object
org.jboss.netty.handler.ipfilter.IpFilteringHandlerImpl
org.jboss.netty.handler.ipfilter.IpFilterRuleHandler
- All Implemented Interfaces:
ChannelHandler
,ChannelUpstreamHandler
,IpFilteringHandler
Implementation of Filter of IP based on ALLOW and DENY rules.
This implementation could be changed by implementing a new
The check is done by going from step to step in the underlying array of IpFilterRule.
Each
An empty list means allow all (no limitation).
For efficiency reason, you should not add/remove too frequently IpFilterRules to/from this handler. You should prefer to replace an entry (set method) with an ALLOW/DENY ALL IpFilterRule if possible.
This handler should be created only once and reused on every pipeline since it handles a global status of what is allowed or blocked.
Note that
This implementation could be changed by implementing a new
IpFilterRule
than default
IpV4SubnetFilterRule
(IPV4 support only), IpSubnetFilterRule
(IPV4 and IPV6 support)
or IpFilterRule
(IP and host name string pattern support) .The check is done by going from step to step in the underlying array of IpFilterRule.
Each
IpFilterRule
answers to the method accept if the InetAddress
is accepted or not,
according to its implementation. If an InetAddress arrives at the end of the list, as in Firewall
usual rules, the InetAddress is therefore accepted by default.- If it was constructed with True as first argument, the IpFilterRule is an ALLOW rule (every InetAddress that fits in the rule will be accepted).
- If it was constructed with False as first argument, the IpFilterRule is a DENY rule (every InetAddress that fits in the rule will be refused).
An empty list means allow all (no limitation).
For efficiency reason, you should not add/remove too frequently IpFilterRules to/from this handler. You should prefer to replace an entry (set method) with an ALLOW/DENY ALL IpFilterRule if possible.
This handler should be created only once and reused on every pipeline since it handles a global status of what is allowed or blocked.
Note that
IpSubnetFilterRule
which supports IPV4 and IPV6 should be used with as much as
possible no mixed IP protocol. Both IPV4 and IPV6 are supported but a mix (IpFilter in IPV6 notation
and the address from the channel in IPV4, or the reverse) can lead to wrong result.-
Nested Class Summary
Nested classes/interfaces inherited from interface org.jboss.netty.channel.ChannelHandler
ChannelHandler.Sharable
-
Field Summary
FieldsModifier and TypeFieldDescriptionprivate final CopyOnWriteArrayList
<IpFilterRule> List ofIpFilterRule
-
Constructor Summary
ConstructorsConstructorDescriptionEmpty constructor (no IpFilterRule in the List at construction).IpFilterRuleHandler
(List<IpFilterRule> newList) Constructor from a new list of IpFilterRule -
Method Summary
Modifier and TypeMethodDescriptionprotected boolean
accept
(ChannelHandlerContext ctx, ChannelEvent e, InetSocketAddress inetSocketAddress) Called when the channel is connected.void
add
(int index, IpFilterRule ipFilterRule) Add an ipFilterRule in the list at the specified position (shifting to the right other elements)void
add
(IpFilterRule ipFilterRule) Add an ipFilterRule in the list at the endvoid
addAll
(int index, Collection<IpFilterRule> c) Inserts all of the elements in the specified collection into this list, starting at the specified position.void
Appends all of the elements in the specified collection to the end of this list, in the order that they are returned by the specified collection's iterator.int
Append the element if not present.boolean
addIfAbsent
(IpFilterRule ipFilterRule) Append the element if not present.void
clear()
Clear the listboolean
contains
(IpFilterRule ipFilterRule) Returns true if this list contains the specified elementboolean
Returns true if this list contains all of the elements of the specified collectionget
(int index) Returns the element at the specified position in this listboolean
isEmpty()
Returns true if this list contains no elementsremove
(int index) Removes the element at the specified position in this listvoid
remove
(IpFilterRule ipFilterRule) Remove the ipFilterRule from the listvoid
Removes from this list all of its elements that are contained in the specified collectionvoid
Retains only the elements in this list that are contained in the specified collectionset
(int index, IpFilterRule ipFilterRule) Replaces the element at the specified position in this list with the specified elementint
size()
Returns the number of elements in this list.Methods inherited from class org.jboss.netty.handler.ipfilter.IpFilteringHandlerImpl
continues, handleAllowedChannel, handleRefusedChannel, handleUpstream, isBlocked, removeIpFilterListener, setIpFilterListener
-
Field Details
-
ipFilterRuleList
List ofIpFilterRule
-
-
Constructor Details
-
IpFilterRuleHandler
Constructor from a new list of IpFilterRule -
IpFilterRuleHandler
public IpFilterRuleHandler()Empty constructor (no IpFilterRule in the List at construction). In such a situation, empty list implies allow all.
-
-
Method Details
-
add
Add an ipFilterRule in the list at the end -
add
Add an ipFilterRule in the list at the specified position (shifting to the right other elements) -
addAll
Appends all of the elements in the specified collection to the end of this list, in the order that they are returned by the specified collection's iterator. -
addAll
Inserts all of the elements in the specified collection into this list, starting at the specified position. -
addAllAbsent
Append the element if not present.- Returns:
- the number of elements added
-
addIfAbsent
Append the element if not present.- Returns:
- true if the element was added
-
clear
public void clear()Clear the list -
contains
Returns true if this list contains the specified element- Returns:
- true if this list contains the specified element
-
containsAll
Returns true if this list contains all of the elements of the specified collection- Returns:
- true if this list contains all of the elements of the specified collection
-
get
Returns the element at the specified position in this list- Returns:
- the element at the specified position in this list
-
isEmpty
public boolean isEmpty()Returns true if this list contains no elements- Returns:
- true if this list contains no elements
-
remove
Remove the ipFilterRule from the list -
remove
Removes the element at the specified position in this list- Returns:
- the element previously at the specified position
-
removeAll
Removes from this list all of its elements that are contained in the specified collection -
retainAll
Retains only the elements in this list that are contained in the specified collection -
set
Replaces the element at the specified position in this list with the specified element- Returns:
- the element previously at the specified position
-
size
public int size()Returns the number of elements in this list.- Returns:
- the number of elements in this list.
-
accept
protected boolean accept(ChannelHandlerContext ctx, ChannelEvent e, InetSocketAddress inetSocketAddress) throws Exception Description copied from class:IpFilteringHandlerImpl
Called when the channel is connected. It returns True if the corresponding connection is to be allowed. Else it returns False.- Specified by:
accept
in classIpFilteringHandlerImpl
- Parameters:
inetSocketAddress
- the remoteInetSocketAddress
from client- Returns:
- True if the corresponding connection is allowed, else False.
- Throws:
Exception
-