pfctl 0.7.0

Library for interfacing with the Packet Filter (PF) firewall on macOS
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47

pub use scopeguard;

pub mod pfcli;

// A helper class to restore pf state after each test
pub struct PfState {
    pub pf_enabled: bool,
}

impl PfState {
    pub fn new() -> Self {
        PfState { pf_enabled: false }
    }

    pub fn save(&mut self) {
        self.pf_enabled = pfcli::is_enabled();
    }

    pub fn restore(&mut self) {
        let is_enabled = pfcli::is_enabled();

        match (self.pf_enabled, is_enabled) {
            (false, true) => pfcli::disable_firewall(),
            (true, false) => pfcli::enable_firewall(),
            _ => (),
        }
    }
}

#[macro_export]
macro_rules! test {
    ($name:ident $block:block) => {
        #[test]
        fn $name() {
            eprintln!("NOTE: Make sure there are not other PF rules interfering with this test.");

            let mut pf_state = helper::PfState::new();
            pf_state.save();

            let _guard1 = helper::scopeguard::guard((), |_| pf_state.restore());
            let _guard2 = helper::scopeguard::guard((), |_| after_each());

            before_each();
            $block;
        }
    };
}