Created
December 13, 2016 22:06
-
-
Save JaSei/e02560d7c7b3504b7b4e70464a32443d to your computer and use it in GitHub Desktop.
script for cross check of iptables and container inspect
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| use strict; | |
| use warnings; | |
| use JSON qw(decode_json); | |
| my %iptables; | |
| foreach my $iptables_row (qx(iptables -L -n -t nat | grep DNAT)) { | |
| if ($iptables_row =~ /dpt:(\d+)\s+to:([\d\.]+)/) { | |
| my $port = $1; | |
| my $ip = $2; | |
| $iptables{$ip}{$port} = 0; | |
| } | |
| } | |
| my @dockers_id = qx(docker ps --format={{.ID}}); | |
| foreach my $docker_id (@dockers_id) { | |
| chomp $docker_id; | |
| print "inspect $docker_id\n"; | |
| my $inspect = qx(docker inspect $docker_id); | |
| my $docker_inspect = decode_json($inspect); | |
| my $ip_adress = $docker_inspect->[0]->{NetworkSettings}->{IPAddress}; | |
| my @ports; | |
| foreach my $from_port (keys %{$docker_inspect->[0]->{NetworkSettings}->{Ports}}) { | |
| my $ports = $docker_inspect->[0]{NetworkSettings}{Ports}{$from_port}; | |
| foreach my $port (@$ports) { | |
| push @ports, $port->{HostPort}; | |
| } | |
| } | |
| if (!@ports) { | |
| print "No exposed port\n"; | |
| } | |
| elsif (!exists $iptables{$ip_adress}) { | |
| print "Should be exists ip $ip_adress\n"; | |
| } | |
| elsif (scalar keys $iptables{$ip_adress} != scalar @ports) { | |
| print "Wired\n"; | |
| print Dumper $iptables{$ip_adress}; | |
| print Dumper \@ports; | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment