netty的ip過濾

標籤：

       我們經常需要用到ip白名單,ip黑名單。netty本身就幫我實現了一套驗證機制，提供了IpFilterRuleHandler類

public class IpFilterRuleHandler extends IpFilteringHandlerImpl

public abstract class IpFilteringHandlerImpl implements ChannelUpstreamHandler, IpFilteringHandler

      該類和我們經常使用的解碼器(decoder)以及邏輯處理handler一樣都繼承於ChannelUpstreamHandler，所以可以很方便的把它加入到我們的ChannelPipeline中。例如:

ChannelPipeline p = Channels.pipeline();//ip過濾IpFilterRuleHandler ipFilterRuleHandler = new IpFilterRuleHandler();ipFilterRuleHandler.addAll(new IpFilterRuleList("+i:192.168.*"+ ", -i:*"));p.addLast("ipFilter", ipFilterRuleHandler);

netty的ip過濾一共提供3中過濾:[i,n,c]

i對應的是ip地址，相應的 +i 表示allow(允許),-i 表示deny(否認)

n對應的是位址名稱，相應的 +n 表示allow(允許),-n 表示deny(否認)

c對應的是CIDR (Classless Inter-Domain Routing)無分類域間路由選擇，相應的 +c 表示allow(允許),-c表示deny(否認)

官方中執行個體:

package org.jboss.netty.handler.ipfilter;import java.net.InetAddress;import java.net.InetSocketAddress;public class IpFilterRuleTest {public static boolean accept(IpFilterRuleHandler h, InetSocketAddress addr)throws Exception {return h.accept(null, null, addr);}public static void main(String[] args) throws Exception {IpFilterRuleHandler h = new IpFilterRuleHandler();h.addAll(new IpFilterRuleList("+n:localhost, -n:*"));InetSocketAddress addr = new InetSocketAddress(InetAddress.getLocalHost(), 8080);System.out.println(accept(h, addr));addr = new InetSocketAddress(InetAddress.getByName("127.0.0.2"), 8080);System.out.println(accept(h, addr));addr = new InetSocketAddress(InetAddress.getByName(InetAddress.getLocalHost().getHostName()), 8080);System.out.println(accept(h, addr));h.clear();h.addAll(new IpFilterRuleList("+n:*"+ InetAddress.getLocalHost().getHostName().substring(1)+ ", -n:*"));addr = new InetSocketAddress(InetAddress.getLocalHost(), 8080);System.out.println(accept(h, addr));addr = new InetSocketAddress(InetAddress.getByName("127.0.0.2"), 8080);System.out.println(accept(h, addr));addr = new InetSocketAddress(InetAddress.getByName(InetAddress.getLocalHost().getHostName()), 8080);System.out.println(accept(h, addr));h.clear();h.addAll(new IpFilterRuleList("+c:"+ InetAddress.getLocalHost().getHostAddress() + "/32, -n:*"));addr = new InetSocketAddress(InetAddress.getLocalHost(), 8080);System.out.println(accept(h, addr));addr = new InetSocketAddress(InetAddress.getByName("127.0.0.2"), 8080);System.out.println(accept(h, addr));addr = new InetSocketAddress(InetAddress.getByName(InetAddress.getLocalHost().getHostName()), 8080);System.out.println(accept(h, addr));h.clear();h.addAll(new IpFilterRuleList(""));addr = new InetSocketAddress(InetAddress.getLocalHost(), 8080);System.out.println(accept(h, addr));addr = new InetSocketAddress(InetAddress.getByName("127.0.0.2"), 8080);System.out.println(accept(h, addr));addr = new InetSocketAddress(InetAddress.getByName(InetAddress.getLocalHost().getHostName()), 8080);System.out.println(accept(h, addr));h.clear();addr = new InetSocketAddress(InetAddress.getLocalHost(), 8080);System.out.println(accept(h, addr));addr = new InetSocketAddress(InetAddress.getByName("127.0.0.2"), 8080);System.out.println(accept(h, addr));addr = new InetSocketAddress(InetAddress.getByName(InetAddress.getLocalHost().getHostName()), 8080);System.out.println(accept(h, addr));}}

CIDR參考:http://blog.csdn.net/yaoyao4959/article/details/10084973

netty的ip過濾