DROP_RULES = ['-A INPUT -i eth0 -p tcp -s "$BLOCK_THIS_IP" -j DROP', '-A quantum-openvswi-ofa8f1db2-5 -p udp -m udp --sport 67' ' --dport 68 -j DROP', '-A INPUT -i eth0 -p tcp -s "$BLOCK_THIS_IP" -j DROP', '-A quantum-openvswi-ofa8f1db2-5 -m mac ! --mac-source' ' FA:34:21:BC:DA:13:1D -j DROP', '-m state --state INVALID -j DROP -m comment --comment "Drop' ' packets that appear related to an existing connection (e.g.' ' TCP ACK/FIN) but do not have an entry in conntrack."', ] def make_comment_prefix(rule_list): comment = '' for tok in rule_list: if tok.startswith("\""): comment += '=%s' % tok elif tok.endswith("\""): comment += ' %s;' % tok else: comment += ' %s' % tok return comment def get_last_comment_index(rule_list): for tok in rule_list: if tok.endswith("\""): return rule_list.index(tok) return len(rule_list) def make_prefix(rule): prefix = '' rule_list = rule.split(' ') last_com_index = get_last_comment_index(rule_list) for tok in rule_list: if tok.startswith('-'): tok = tok.lstrip('-') if prefix: prefix += ';%s' % tok else: prefix = '%s' % tok elif tok == '!': prefix += ';not' else: if tok == 'DROP' and prefix.endswith(';j'): prefix = prefix[:-2] elif tok.startswith("\""): prefix += make_comment_prefix(rule_list[rule_list.index(tok):last_com_index+1]) return prefix else: prefix += '=%s' % tok return prefix def main(): for rule in DROP_RULES: print (rule) prefix = make_prefix(rule) print(prefix+"\n") if __name__ == '__main__': main()