完善iptables命令的构建，并添加几个新的服务接口

bishe-utils/src/main/java/top/ninwoo/utils/util/IptablesUtils.java

@@ -20,6 +20,10 @@ public interface IptablesUtils {
     String delIptable(String containerId, ChainType chainType, String source, String destination, String policy);
 
     String delIptable(String containerId, TableType tableType, ChainType chainType, int lineNumber);
+
+    boolean modifyIptable(String containerId, ChainType chainType, String source, String destination, String policy, int lineNumber);
+
+    boolean flushIptables(String containerId, ChainType chainType);
     // 添加一个iptables项
     // 删除一个iptables项
 

bishe-utils/src/main/java/top/ninwoo/utils/util/impl/IptablesUtilsImpl.java

@@ -114,10 +114,53 @@ public class IptablesUtilsImpl implements IptablesUtils {
         return basicCommand(containerId, null, "delete", chainType, "", "", "", lineNumber);
     }
 
+    /**
+     * 修改table条目
+     * @param containerId
+     * @param chainType
+     * @param source
+     * @param destination
+     * @param policy
+     * @param lineNumber
+     * @return
+     */
+    @Override
+    public boolean modifyIptable(String containerId, ChainType chainType, String source, String destination, String policy, int lineNumber) {
+        String cmd = buildCommand(TableType.filter, "modify", chainType, source, destination, policy, lineNumber);
+        String s = dockerUtils.execInDocker(containerId, cmd.split(" "));
+        if("".equals(s)) {
+            return true;
+        }
+        return false;
+    }
 
+    /**
+     * 清空iptables，这是一个很不安全的操作
+     * @return
+     */
+    @Override
+    public boolean flushIptables(String containerId, ChainType chainType) {
+        String cmd = "iptables -F " + chainType;
+        if("".equals(dockerUtils.execInDocker(containerId, cmd.split(" ")))) {
+            return true;
+        }
+        return false;
+    }
 
+    /**
+     * 基本的执行命令函数
+     * @param containerId
+     * @param table
+     * @param kind
+     * @param chainType
+     * @param source
+     * @param destination
+     * @param policy
+     * @param lineNumber
+     * @return
+     */
     public String basicCommand(String containerId, TableType table, String kind, ChainType chainType, String source, String destination, String policy, int lineNumber) {
-        String cmd = buildCommand(containerId, table, kind, chainType, source, destination, policy, lineNumber);
+        String cmd = buildCommand(table, kind, chainType, source, destination, policy, lineNumber);
         return dockerUtils.execInDocker(containerId, cmd.split(" "));
     }
 
@@ -125,14 +168,13 @@ public class IptablesUtilsImpl implements IptablesUtils {
      * 添加iptable项
      * 这里应该还可以提供一个更加通用的模块，这里暂时先不实现
      *  example: iptables -I INPUT -s 172.0.0.2 -j DROP
-     * @param containerId
      * @param kind
      * @param chainType
      * @param source
      * @param destination
      * @param policy
      */
-    public String buildCommand(String containerId, TableType table, String kind, ChainType chainType, String source, String destination, String policy, int lineNumber) {
+    public String buildCommand(TableType table, String kind, ChainType chainType, String source, String destination, String policy, int lineNumber) {
         // 构建iptables的命令
         String cmd = "iptables ";
 
@@ -159,11 +201,19 @@ public class IptablesUtilsImpl implements IptablesUtils {
             case "delete":
                 cmd += "-D ";
                 break;
+            case "modify":
+                cmd += "-R ";
+                break;
             default:
                 throw new RuntimeException("不支持的操作");
         }
 
         cmd += chainType.toString() + " ";
+
+        if(lineNumber > 0) {
+            cmd += lineNumber + " ";
+        }
+
         if(!"".equals(source)) {
             cmd += "-s " + source + " ";
         }
@@ -174,9 +224,7 @@ public class IptablesUtilsImpl implements IptablesUtils {
             cmd += "-j " + policy;
         }
 
-        if(lineNumber > 0 && cmd.contains("-D")) {
-            cmd += lineNumber;
-        }
+
 
         LOG.info("构建的cmd:[" + cmd + "]");
         return cmd;

bishe-utils/src/test/java/top/ninwoo/utils/IptablesUtilsTests.java

@@ -49,20 +49,25 @@ public class IptablesUtilsTests {
 
     @Test
     public void testAddIptables() {
-        testShowIptablesDetail();
+        testShowIptablesDetail("initial");
         String s = iptablesUtils.addIptable(dockerContainer.getId(), "insert", ChainType.INPUT, "172.0.17.2", "", "DROP");
-        System.out.println(s);
         iptablesUtils.addIptable(dockerContainer.getId(), "insert", ChainType.OUTPUT, "172.0.17.2", "", "DROP");
         iptablesUtils.addIptable(dockerContainer.getId(), "append", ChainType.INPUT, "172.0.17.3", "", "DROP");
-        testShowIptablesDetail();
+        testShowIptablesDetail("下发三条条目");
         iptablesUtils.delIptable(dockerContainer.getId(), TableType.filter, ChainType.INPUT,1);
-        testShowIptablesDetail();
+        testShowIptablesDetail("删除Input 1");
         iptablesUtils.delIptable(dockerContainer.getId(), ChainType.INPUT, "172.0.17.3", "", "DROP");
-        testShowIptablesDetail();
+        testShowIptablesDetail("删除Input的条目");
+        iptablesUtils.modifyIptable(dockerContainer.getId(), ChainType.OUTPUT, "172.0.17.2", "", "ACCEPT", 1);
+        testShowIptablesDetail("modify output 1");
+        iptablesUtils.flushIptables(dockerContainer.getId(), ChainType.OUTPUT);
+        testShowIptablesDetail("flush output");
 
     }
 
-    public void testShowIptablesDetail() {
+    public void testShowIptablesDetail(String info) {
+        System.out.println("---------------" + info +
+                "--------------------");
         Map<String, List<ChainEntity>> iptablesList = iptablesUtils.showIptablesDetail(dockerContainer.getId());
         iptablesList.forEach((k, v) -> {
             System.out.println(k);