Class IpFilterRuleHandler

  • All Implemented Interfaces:
    ChannelHandler, ChannelUpstreamHandler, IpFilteringHandler

    @Sharable
    public class IpFilterRuleHandler
    extends IpFilteringHandlerImpl
    Implementation of Filter of IP based on ALLOW and DENY rules.


    This implementation could be changed by implementing a new IpFilterRule than default IpV4SubnetFilterRule (IPV4 support only), IpSubnetFilterRule (IPV4 and IPV6 support) or IpFilterRule (IP and host name string pattern support) .

    The check is done by going from step to step in the underlying array of IpFilterRule.
    Each IpFilterRule answers to the method accept if the InetAddress is accepted or not, according to its implementation. If an InetAddress arrives at the end of the list, as in Firewall usual rules, the InetAddress is therefore accepted by default.
    • If it was constructed with True as first argument, the IpFilterRule is an ALLOW rule (every InetAddress that fits in the rule will be accepted).
    • If it was constructed with False as first argument, the IpFilterRule is a DENY rule (every InetAddress that fits in the rule will be refused).


    An empty list means allow all (no limitation).

    For efficiency reason, you should not add/remove too frequently IpFilterRules to/from this handler. You should prefer to replace an entry (set method) with an ALLOW/DENY ALL IpFilterRule if possible.


    This handler should be created only once and reused on every pipeline since it handles a global status of what is allowed or blocked.

    Note that IpSubnetFilterRule which supports IPV4 and IPV6 should be used with as much as possible no mixed IP protocol. Both IPV4 and IPV6 are supported but a mix (IpFilter in IPV6 notation and the address from the channel in IPV4, or the reverse) can lead to wrong result.

    • Field Detail

      • ipFilterRuleList

        private final java.util.concurrent.CopyOnWriteArrayList<IpFilterRule> ipFilterRuleList
        List of IpFilterRule
    • Constructor Detail

      • IpFilterRuleHandler

        public IpFilterRuleHandler​(java.util.List<IpFilterRule> newList)
        Constructor from a new list of IpFilterRule
      • IpFilterRuleHandler

        public IpFilterRuleHandler()
        Empty constructor (no IpFilterRule in the List at construction). In such a situation, empty list implies allow all.
    • Method Detail

      • add

        public void add​(IpFilterRule ipFilterRule)
        Add an ipFilterRule in the list at the end
      • add

        public void add​(int index,
                        IpFilterRule ipFilterRule)
        Add an ipFilterRule in the list at the specified position (shifting to the right other elements)
      • addAll

        public void addAll​(java.util.Collection<IpFilterRule> c)
        Appends all of the elements in the specified collection to the end of this list, in the order that they are returned by the specified collection's iterator.
      • addAll

        public void addAll​(int index,
                           java.util.Collection<IpFilterRule> c)
        Inserts all of the elements in the specified collection into this list, starting at the specified position.
      • addAllAbsent

        public int addAllAbsent​(java.util.Collection<IpFilterRule> c)
        Append the element if not present.
        Returns:
        the number of elements added
      • addIfAbsent

        public boolean addIfAbsent​(IpFilterRule ipFilterRule)
        Append the element if not present.
        Returns:
        true if the element was added
      • clear

        public void clear()
        Clear the list
      • contains

        public boolean contains​(IpFilterRule ipFilterRule)
        Returns true if this list contains the specified element
        Returns:
        true if this list contains the specified element
      • containsAll

        public boolean containsAll​(java.util.Collection<IpFilterRule> c)
        Returns true if this list contains all of the elements of the specified collection
        Returns:
        true if this list contains all of the elements of the specified collection
      • get

        public IpFilterRule get​(int index)
        Returns the element at the specified position in this list
        Returns:
        the element at the specified position in this list
      • isEmpty

        public boolean isEmpty()
        Returns true if this list contains no elements
        Returns:
        true if this list contains no elements
      • remove

        public void remove​(IpFilterRule ipFilterRule)
        Remove the ipFilterRule from the list
      • remove

        public IpFilterRule remove​(int index)
        Removes the element at the specified position in this list
        Returns:
        the element previously at the specified position
      • removeAll

        public void removeAll​(java.util.Collection<IpFilterRule> c)
        Removes from this list all of its elements that are contained in the specified collection
      • retainAll

        public void retainAll​(java.util.Collection<IpFilterRule> c)
        Retains only the elements in this list that are contained in the specified collection
      • set

        public IpFilterRule set​(int index,
                                IpFilterRule ipFilterRule)
        Replaces the element at the specified position in this list with the specified element
        Returns:
        the element previously at the specified position
      • size

        public int size()
        Returns the number of elements in this list.
        Returns:
        the number of elements in this list.
      • accept

        protected boolean accept​(ChannelHandlerContext ctx,
                                 ChannelEvent e,
                                 java.net.InetSocketAddress inetSocketAddress)
                          throws java.lang.Exception
        Description copied from class: IpFilteringHandlerImpl
        Called when the channel is connected. It returns True if the corresponding connection is to be allowed. Else it returns False.
        Specified by:
        accept in class IpFilteringHandlerImpl
        inetSocketAddress - the remote InetSocketAddress from client
        Returns:
        True if the corresponding connection is allowed, else False.
        Throws:
        java.lang.Exception