class Tablomat::IPTables::Chain

The IPTables class is the interface to the iptables command

Attributes

active[R]
name[R]
owned[RW]
rules[R]
table[R]

Public Class Methods

new(table, name, owned = true) click to toggle source
# File lib/tablomat/iptables/chain.rb, line 12
def initialize(table, name, owned = true)
  @system = table.system
  @table = table
  @name = name
  @policy = 'ACCEPT'
  @rules = {}
  @rules_sorted = []
  @owned = owned
  @active = false
  activate if @table.active
end

Public Instance Methods

activate(override = false) click to toggle source
# File lib/tablomat/iptables/chain.rb, line 92
def activate(override = false)
  return unless @owned || override
  return if @active

  @active = true
  return if override

  apply_create
  activate_all_rules
end
append(data) click to toggle source
# File lib/tablomat/iptables/chain.rb, line 66
def append(data)
  rule(data) do |rule|
    @rules_sorted << rule
    rule.activate if @active
  end
end
apply_create() click to toggle source
# File lib/tablomat/iptables/chain.rb, line 114
def apply_create
  unless exists?
    begin
      command = "#{@system.iptables_bin} -t #{@table.name} -N #{@name}"
      @system.exec command
    rescue StandardError
      puts "Error: #{$ERROR_INFO}"
    end
  end
  # apply policy if builtin chain
  return unless builtin?

  command = "#{@system.iptables_bin} -t #{@table.name} -P #{@name} #{@policy}"
  @system.exec command
end
apply_delete() click to toggle source
# File lib/tablomat/iptables/chain.rb, line 130
def apply_delete
  return unless exists? && !builtin?

  begin
    command = "#{@system.iptables_bin} -t #{@table.name} -F #{@name}"
    @system.exec command
    command = "#{@system.iptables_bin} -t #{@table.name} -X #{@name}"
    @system.exec command
  rescue StandardError
    puts "Error removing chain #{command}, message: #{$ERROR_INFO}"
  end
end
builtin?() click to toggle source
# File lib/tablomat/iptables/chain.rb, line 151
def builtin?
  @table.system.builtin_chains.key?(@table.name.to_sym) && @table.system.builtin_chains[@table.name.to_sym].include?(@name)
end
deactivate(override = false) click to toggle source
# File lib/tablomat/iptables/chain.rb, line 103
def deactivate(override = false)
  return unless @owned || override
  return unless @active

  @active = false
  return if override

  deactivate_all_rules
  @active = false
end
delete(data) click to toggle source
# File lib/tablomat/iptables/chain.rb, line 80
def delete(data)
  rule = if data.is_a? Rule
           data
         else
           self.rule(data)
         end
  rule.deactivate if rule.active

  @rules_sorted.delete(rule)
  @rules.delete_if { |_k, v| v.description == rule.description }
end
exists?() click to toggle source
# File lib/tablomat/iptables/chain.rb, line 143
def exists?
  command = "#{@system.iptables_bin} -t #{@table.name} -nL #{@name}"
  @system.exec command
  true
rescue StandardError
  false
end
insert(data, pos) click to toggle source
# File lib/tablomat/iptables/chain.rb, line 56
def insert(data, pos)
  rule(data) do |rule|
    rule.method = 'INSERT'
    rule.position = pos
    @rules_sorted.insert(pos - 1, rule)
    update_rules_position
    rule.activate if @active
  end
end
policy(action) click to toggle source
# File lib/tablomat/iptables/chain.rb, line 24
def policy(action)
  # set policy as the last rule of the chain
  raise 'Unable to assign policy to non builtin chains, TODO: implement handling' unless builtin?

  @policy = action
  return unless @active

  command = "#{@table.system.iptables_bin} -t #{@table.name} -P #{@name} #{@policy}"
  @system.exec command
end
rule(name, owned = true, &block) click to toggle source
# File lib/tablomat/iptables/chain.rb, line 35
def rule(name, owned = true, &block)
  if name.is_a? Hash
    name = sethandling(name) if name.key?(:set)
    name = name.map { |k, v| "--#{k} #{v}" }.join(' ')
  end
  key = name.to_s.downcase
  (@rules[key] || Rule.new(self, name, owned)).tap do |rule|
    @rules[key] = rule
    block&.call(rule)
  end
end
sethandling(name) click to toggle source
# File lib/tablomat/iptables/chain.rb, line 47
def sethandling(name)
  trash = {}
  name.each do |k, v|
    trash[k] = v
    trash[:match] = trash.delete :set if trash.key?(:set)
  end
  trash
end
update_rules_position() click to toggle source
# File lib/tablomat/iptables/chain.rb, line 73
def update_rules_position
  @rules_sorted = @rules_sorted.compact
  @rules_sorted.select(&:active).each_with_index do |rule, index|
    rule.position = index + 1 if (rule.position != 0) && (rule.position != (index + 1))
  end
end

Private Instance Methods

activate_all_rules() click to toggle source
# File lib/tablomat/iptables/chain.rb, line 157
def activate_all_rules
  @rules_sorted.each do |rule|
    rule.activate if !rule.nil? && !rule.active
  end
end
deactivate_all_rules() click to toggle source
# File lib/tablomat/iptables/chain.rb, line 163
def deactivate_all_rules
  @rules_sorted.each do |rule|
    rule.deactivate if !rule.nil? && rule.active
  end
end