View Javadoc
1   /*
2    * Copyright 2014 The Netty Project
3    *
4    * The Netty Project licenses this file to you under the Apache License,
5    * version 2.0 (the "License"); you may not use this file except in compliance
6    * with the License. You may obtain a copy of the License at:
7    *
8    *   https://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12   * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13   * License for the specific language governing permissions and limitations
14   * under the License.
15   */
16  package io.netty5.handler.ipfilter;
17  
18  import io.netty5.channel.Channel;
19  import io.netty5.channel.ChannelHandlerContext;
20  
21  import java.net.InetSocketAddress;
22  import java.net.SocketAddress;
23  import java.util.ArrayList;
24  import java.util.List;
25  
26  import static java.util.Objects.requireNonNull;
27  
28  /**
29   * <p>
30   * This class allows one to filter new {@link Channel}s based on the
31   * {@link IpFilterRule}s passed to its constructor. If no rules are provided, all connections
32   * will be accepted.
33   * </p>
34   *
35   * <p>
36   * If you would like to explicitly take action on rejected {@link Channel}s, you should override
37   * {@link AbstractRemoteAddressFilter#channelRejected(ChannelHandlerContext, SocketAddress)}.
38   * </p>
39   *
40   * <p> Consider using {@link IpSubnetFilter} for better performance while not as
41   * general purpose as this filter. </p>
42   */
43  public class RuleBasedIpFilter extends AbstractRemoteAddressFilter<InetSocketAddress> {
44  
45      private final boolean acceptIfNotFound;
46      private final List<IpFilterRule> rules;
47  
48      /**
49       * <p> Create new Instance of {@link RuleBasedIpFilter} and filter incoming connections
50       * based on their IP address and {@code rules} applied. </p>
51       *
52       * <p> {@code acceptIfNotFound} is set to {@code true}. </p>
53       *
54       * @param rules An array of {@link IpFilterRule} containing all rules.
55       */
56      public RuleBasedIpFilter(IpFilterRule... rules) {
57          this(true, rules);
58      }
59  
60      /**
61       * Create new Instance of {@link RuleBasedIpFilter} and filter incoming connections
62       * based on their IP address and {@code rules} applied.
63       *
64       * @param acceptIfNotFound If {@code true} then accept connection from IP Address if it
65       *                         doesn't match any rule.
66       * @param rules            An array of {@link IpFilterRule} containing all rules.
67       */
68      public RuleBasedIpFilter(boolean acceptIfNotFound, IpFilterRule... rules) {
69          requireNonNull(rules, "rules");
70  
71          this.acceptIfNotFound = acceptIfNotFound;
72          this.rules = new ArrayList<>(rules.length);
73  
74          for (IpFilterRule rule : rules) {
75              if (rule != null) {
76                  this.rules.add(rule);
77              }
78          }
79      }
80  
81      @Override
82      public boolean isSharable() {
83          return true;
84      }
85  
86      @Override
87      protected boolean accept(ChannelHandlerContext ctx, InetSocketAddress remoteAddress) throws Exception {
88          for (IpFilterRule rule : rules) {
89              if (rule.matches(remoteAddress)) {
90                  return rule.ruleType() == IpFilterRuleType.ACCEPT;
91              }
92          }
93  
94          return acceptIfNotFound;
95      }
96  }