netty的ip过滤

最新推荐文章于 2025-03-25 19:16:00 发布

明天还有我

最新推荐文章于 2025-03-25 19:16:00 发布

阅读量6.2k

点赞数

分类专栏： Netty

本文链接：https://blog.youkuaiyun.com/mingtianhaiyouwo/article/details/49740311

版权

Netty 专栏收录该内容

3 篇文章

订阅专栏

本文介绍了Netty中实现IP过滤的方法，通过继承ChannelUpstreamHandler并使用不同的过滤规则（如+i, -i, +n, -n, +c, -c）来允许或拒绝特定IP、地址名称和CIDR。示例代码展示了如何创建和添加IpSubnetFilterRule到ChannelPipeline，以在Netty4中实现基于规则的IP过滤。" 8939517,1003392,Kettle命令行调用参数详解及定时任务设置,"['数据抽取', '数据转换', '数据加载', '命令行工具', '任务调度']

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

我们经常需要用到ip白名单,ip黑名单。netty本身就帮我实现了一套验证机制，提供了IpFilterRuleHandler类

 
        public 
         class 
        IpFilterRuleHandler  
        extends 
        IpFilteringHandlerImpl

 
        public 
         abstract 
        class 
         IpFilteringHandlerImpl  
        implements 
         ChannelUpstreamHandler, IpFilteringHandler

该类和我们经常使用的解码器(decoder)以及逻辑处理handler一样都继承于ChannelUpstreamHandler，所以可以很方便的把它加入到我们的ChannelPipeline中。

例如:

 
        ChannelPip<span></span>eline p = Channels.pipeline(); 
       
        //ip过滤 
       
        IpFilterRuleHandler ipFilterRuleHandler =  
        new 
        IpFilterRuleHandler(); 
       
        ipFilterRuleHandler.addAll( 
        new 
        IpFilterRuleList( 
        "+i:192.168.*" 
        +  
        ", -i:*" 
        )); 
       
        p.addLast( 
        "ipFilter" 
        , ipFilterRuleHandler);

netty的ip过滤一共提供3中过滤:[i,n,c]

i对应的是ip地址，相应的 +i 表示allow(允许),-i 表示deny(否认)

n对应的是地址名称，相应的 +n 表示allow(允许),-n 表示deny(否认)

c对应的是CIDR (Classless Inter-Domain Routing)无分类域间路由选择，相应的 +c 表示allow(允许),-c表示deny(否认)

官方中实例:

 
        package 
         org.jboss.netty.handler.ipfilter; 
       
        import 
         java.net.InetAddress; 
       
        import 
         java.net.InetSocketAddress; 
       
        public 
         class 
        IpFilterRuleTest { 
       
        public 
        static 
        boolean 
        accept(IpFilterRuleHandler h, InetSocketAddress addr) 
       
        throws 
        Exception { 
       
        return 
        h.accept( 
        null 
        ,  
        null 
        , addr); 
       
        } 
       
        public 
        static 
        void 
         main(String[] args)  
        throws 
         Exception { 
       
        IpFilterRuleHandler h =  
        new 
        IpFilterRuleHandler(); 
       
        h.addAll( 
        new 
         IpFilterRuleList( 
        "+n:localhost, -n:*" 
        )); 
       
        InetSocketAddress addr =  
        new 
        InetSocketAddress( 
       
        InetAddress.getLocalHost(),  
        8080 
        ); 
       
        System.out.println(accept(h, addr)); 
       
        addr =  
        new 
         InetSocketAddress(InetAddress.getByName( 
        "127.0.0.2" 
        ),  
        8080 
        ); 
       
        System.out.println(accept(h, addr)); 
       
        addr =  
        new 
         InetSocketAddress(InetAddress.getByName(InetAddress 
       
        .getLocalHost().getHostName()),  
        8080 
        ); 
       
        System.out.println(accept(h, addr)); 
       
        h.clear(); 
       
        h.addAll( 
        new 
         IpFilterRuleList( 
        "+n:*" 
       
        + InetAddress.getLocalHost().getHostName().substring( 
        1 
        ) 
       
        +  
        ", -n:*" 
        )); 
       
        addr =  
        new 
         InetSocketAddress(InetAddress.getLocalHost(),  
        8080 
        ); 
       
        System.out.println(accept(h, addr)); 
       
        addr =  
        new 
         InetSocketAddress(InetAddress.getByName( 
        "127.0.0.2" 
        ),  
        8080 
        ); 
       
        System.out.println(accept(h, addr)); 
       
        addr =  
        new 
         InetSocketAddress(InetAddress.getByName(InetAddress 
       
        .getLocalHost().getHostName()),  
        8080 
        ); 
       
        System.out.println(accept(h, addr)); 
       
        h.clear(); 
       
        h.addAll( 
        new 
         IpFilterRuleList( 
        "+c:" 
       
        + InetAddress.getLocalHost().getHostAddress() +  
        "/32, -n:*" 
        )); 
       
        addr =  
        new 
         InetSocketAddress(InetAddress.getLocalHost(),  
        8080 
        ); 
       
        System.out.println(accept(h, addr)); 
       
        addr =  
        new 
         InetSocketAddress(InetAddress.getByName( 
        "127.0.0.2" 
        ),  
        8080 
        ); 
       
        System.out.println(accept(h, addr)); 
       
        addr =  
        new 
         InetSocketAddress(InetAddress.getByName(InetAddress 
       
        .getLocalHost().getHostName()),  
        8080 
        ); 
       
        System.out.println(accept(h, addr)); 
       
        h.clear(); 
       
        h.addAll( 
        new 
         IpFilterRuleList( 
        "" 
        )); 
       
        addr =  
        new 
         InetSocketAddress(InetAddress.getLocalHost(),  
        8080 
        ); 
       
        System.out.println(accept(h, addr)); 
       
        addr =  
        new 
         InetSocketAddress(InetAddress.getByName( 
        "127.0.0.2" 
        ),  
        8080 
        ); 
       
        System.out.println(accept(h, addr)); 
       
        addr =  
        new 
         InetSocketAddress(InetAddress.getByName(InetAddress 
       
        .getLocalHost().getHostName()),  
        8080 
        ); 
       
        System.out.println(accept(h, addr)); 
       
        h.clear(); 
       
        addr =  
        new 
         InetSocketAddress(InetAddress.getLocalHost(),  
        8080 
        ); 
       
        System.out.println(accept(h, addr)); 
       
        addr =  
        new 
         InetSocketAddress(InetAddress.getByName( 
        "127.0.0.2" 
        ),  
        8080 
        ); 
       
        System.out.println(accept(h, addr)); 
       
        addr =  
        new 
         InetSocketAddress(InetAddress.getByName(InetAddress 
       
        .getLocalHost().getHostName()),  
        8080 
        ); 
       
        System.out.println(accept(h, addr)); 
       
        } 
       
        }

CIDR参考:http://blog.youkuaiyun.com/yaoyao4959/article/details/10084973

我在Netty4中用的是IpSubnetFilterRule来过滤对应的IP

看我的代码实例：

ChannelPipeline pipeline = ch.pipeline();

        String[] ip = Server.getServerParam().getSlbAddress();
        int count = ip.length;
        IpSubnetFilterRule[] ipsf = new IpSubnetFilterRule[count];
        for( int i=0;i<count;i++){
        ipsf[i] = new IpSubnetFilterRule(ip[i],16,IpFilterRuleType.REJECT);
        }
        pipeline.addLast(new RuleBasedIpFilter(ipsf));