use nft -i to pass nftables cmds

84codes · Sep 14, 2022 · e87b23d · e87b23d
1 parent 0d40d50
commit e87b23d
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 7 deletions.
diff --git a/src/nftables.cr b/src/nftables.cr
@@ -1,14 +1,17 @@
 # Class to interact with nftables
 # Not linked to libnftables, but calls out to the `nft` binary
 class Nftables
-  def self.run_cmd(cmd : String) : Nil
-    status = Process.run("nft", {cmd}, output: Process::Redirect::Inherit, error: Process::Redirect::Inherit)
-    status.success? || raise Error.new("nftables command '#{cmd}' failed")
+  def initialize
+    input, @io = IO.pipe
+    nft = Process.new("nft", {"-i"}, input: input, output: Process::Redirect::Inherit, error: Process::Redirect::Inherit)
+    spawn do
+      nft.wait
+      abort "nft exited"
+    end
   end
 
-  def self.run_file(file : String) : Nil
-    status = Process.run("nft", {"-f", file}, output: Process::Redirect::Inherit, error: Process::Redirect::Inherit)
-    status.success? || raise Error.new("nftables file '#{file}' failed")
+  def run_cmd(cmd : String) : Nil
+    @io.puts cmd
   end
 
   class Error < Exception; end

diff --git a/src/server-cli.cr b/src/server-cli.cr
@@ -9,8 +9,9 @@ begin
   puts "HMAC keys: #{c.hmac_keys.size}"
   if c.nftables_cmd.bytesize > 0
     puts "nftables command: #{c.nftables_cmd}"
+    nft = Nftables.new
     on_accept = ->(ip_str : String) {
-      Nftables.run_cmd sprintf(c.nftables_cmd, ip_str)
+      nft.run_cmd sprintf(c.nftables_cmd, ip_str)
     }
   else
     puts "Open command: #{c.open_cmd}"