class Tablomat::IPTables::Chain
The IPTables
class is the interface to the iptables command
Attributes
active[R]
name[R]
owned[RW]
rules[R]
table[R]
Public Class Methods
new(table, name, owned = true)
click to toggle source
# File lib/tablomat/iptables/chain.rb, line 12 def initialize(table, name, owned = true) @system = table.system @table = table @name = name @policy = 'ACCEPT' @rules = {} @rules_sorted = [] @owned = owned @active = false activate if @table.active end
Public Instance Methods
activate(override = false)
click to toggle source
# File lib/tablomat/iptables/chain.rb, line 92 def activate(override = false) return unless @owned || override return if @active @active = true return if override apply_create activate_all_rules end
append(data)
click to toggle source
# File lib/tablomat/iptables/chain.rb, line 66 def append(data) rule(data) do |rule| @rules_sorted << rule rule.activate if @active end end
apply_create()
click to toggle source
# File lib/tablomat/iptables/chain.rb, line 114 def apply_create unless exists? begin command = "#{@system.iptables_bin} -t #{@table.name} -N #{@name}" @system.exec command rescue StandardError puts "Error: #{$ERROR_INFO}" end end # apply policy if builtin chain return unless builtin? command = "#{@system.iptables_bin} -t #{@table.name} -P #{@name} #{@policy}" @system.exec command end
apply_delete()
click to toggle source
# File lib/tablomat/iptables/chain.rb, line 130 def apply_delete return unless exists? && !builtin? begin command = "#{@system.iptables_bin} -t #{@table.name} -F #{@name}" @system.exec command command = "#{@system.iptables_bin} -t #{@table.name} -X #{@name}" @system.exec command rescue StandardError puts "Error removing chain #{command}, message: #{$ERROR_INFO}" end end
builtin?()
click to toggle source
# File lib/tablomat/iptables/chain.rb, line 151 def builtin? @table.system.builtin_chains.key?(@table.name.to_sym) && @table.system.builtin_chains[@table.name.to_sym].include?(@name) end
deactivate(override = false)
click to toggle source
# File lib/tablomat/iptables/chain.rb, line 103 def deactivate(override = false) return unless @owned || override return unless @active @active = false return if override deactivate_all_rules @active = false end
delete(data)
click to toggle source
# File lib/tablomat/iptables/chain.rb, line 80 def delete(data) rule = if data.is_a? Rule data else self.rule(data) end rule.deactivate if rule.active @rules_sorted.delete(rule) @rules.delete_if { |_k, v| v.description == rule.description } end
exists?()
click to toggle source
# File lib/tablomat/iptables/chain.rb, line 143 def exists? command = "#{@system.iptables_bin} -t #{@table.name} -nL #{@name}" @system.exec command true rescue StandardError false end
insert(data, pos)
click to toggle source
# File lib/tablomat/iptables/chain.rb, line 56 def insert(data, pos) rule(data) do |rule| rule.method = 'INSERT' rule.position = pos @rules_sorted.insert(pos - 1, rule) update_rules_position rule.activate if @active end end
policy(action)
click to toggle source
# File lib/tablomat/iptables/chain.rb, line 24 def policy(action) # set policy as the last rule of the chain raise 'Unable to assign policy to non builtin chains, TODO: implement handling' unless builtin? @policy = action return unless @active command = "#{@table.system.iptables_bin} -t #{@table.name} -P #{@name} #{@policy}" @system.exec command end
rule(name, owned = true, &block)
click to toggle source
# File lib/tablomat/iptables/chain.rb, line 35 def rule(name, owned = true, &block) if name.is_a? Hash name = sethandling(name) if name.key?(:set) name = name.map { |k, v| "--#{k} #{v}" }.join(' ') end key = name.to_s.downcase (@rules[key] || Rule.new(self, name, owned)).tap do |rule| @rules[key] = rule block&.call(rule) end end
sethandling(name)
click to toggle source
# File lib/tablomat/iptables/chain.rb, line 47 def sethandling(name) trash = {} name.each do |k, v| trash[k] = v trash[:match] = trash.delete :set if trash.key?(:set) end trash end
update_rules_position()
click to toggle source
# File lib/tablomat/iptables/chain.rb, line 73 def update_rules_position @rules_sorted = @rules_sorted.compact @rules_sorted.select(&:active).each_with_index do |rule, index| rule.position = index + 1 if (rule.position != 0) && (rule.position != (index + 1)) end end
Private Instance Methods
activate_all_rules()
click to toggle source
# File lib/tablomat/iptables/chain.rb, line 157 def activate_all_rules @rules_sorted.each do |rule| rule.activate if !rule.nil? && !rule.active end end
deactivate_all_rules()
click to toggle source
# File lib/tablomat/iptables/chain.rb, line 163 def deactivate_all_rules @rules_sorted.each do |rule| rule.deactivate if !rule.nil? && rule.active end end