View Javadoc
1   /*
2    * Copyright 2014 The Netty Project
3    *
4    * The Netty Project licenses this file to you under the Apache License,
5    * version 2.0 (the "License"); you may not use this file except in compliance
6    * with the License. You may obtain a copy of the License at:
7    *
8    *   https://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12   * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13   * License for the specific language governing permissions and limitations
14   * under the License.
15   */
16  package io.netty.handler.ipfilter;
17  
18  import io.netty.channel.Channel;
19  import io.netty.channel.ChannelHandler.Sharable;
20  import io.netty.channel.ChannelHandlerContext;
21  import io.netty.util.internal.ObjectUtil;
22  
23  import java.net.InetSocketAddress;
24  import java.net.SocketAddress;
25  import java.util.ArrayList;
26  import java.util.List;
27  
28  /**
29   * <p>
30   * This class allows one to filter new {@link Channel}s based on the
31   * {@link IpFilterRule}s passed to its constructor. If no rules are provided, all connections
32   * will be accepted.
33   * </p>
34   *
35   * <p>
36   * If you would like to explicitly take action on rejected {@link Channel}s, you should override
37   * {@link AbstractRemoteAddressFilter#channelRejected(ChannelHandlerContext, SocketAddress)}.
38   * </p>
39   *
40   * <p> Consider using {@link IpSubnetFilter} for better performance while not as
41   * general purpose as this filter. </p>
42   */
43  @Sharable
44  public class RuleBasedIpFilter extends AbstractRemoteAddressFilter<InetSocketAddress> {
45  
46      private final boolean acceptIfNotFound;
47      private final List<IpFilterRule> rules;
48  
49      /**
50       * <p> Create new Instance of {@link RuleBasedIpFilter} and filter incoming connections
51       * based on their IP address and {@code rules} applied. </p>
52       *
53       * <p> {@code acceptIfNotFound} is set to {@code true}. </p>
54       *
55       * @param rules An array of {@link IpFilterRule} containing all rules.
56       */
57      public RuleBasedIpFilter(IpFilterRule... rules) {
58          this(true, rules);
59      }
60  
61      /**
62       * Create new Instance of {@link RuleBasedIpFilter} and filter incoming connections
63       * based on their IP address and {@code rules} applied.
64       *
65       * @param acceptIfNotFound If {@code true} then accept connection from IP Address if it
66       *                         doesn't match any rule.
67       * @param rules            An array of {@link IpFilterRule} containing all rules.
68       */
69      public RuleBasedIpFilter(boolean acceptIfNotFound, IpFilterRule... rules) {
70          ObjectUtil.checkNotNull(rules, "rules");
71  
72          this.acceptIfNotFound = acceptIfNotFound;
73          this.rules = new ArrayList<IpFilterRule>(rules.length);
74  
75          for (IpFilterRule rule : rules) {
76              if (rule != null) {
77                  this.rules.add(rule);
78              }
79          }
80      }
81  
82      @Override
83      protected boolean accept(ChannelHandlerContext ctx, InetSocketAddress remoteAddress) throws Exception {
84          for (IpFilterRule rule : rules) {
85              if (rule.matches(remoteAddress)) {
86                  return rule.ruleType() == IpFilterRuleType.ACCEPT;
87              }
88          }
89  
90          return acceptIfNotFound;
91      }
92  }