class IpWrangler::Iptables

Public Class Methods

new(chain_name, logger) click to toggle source
# File lib/ip_wrangler/iptables.rb, line 8
def initialize(chain_name, logger)
  @chain_name = chain_name
  @logger = logger
end

Public Instance Methods

append_nat_ip(public_ip, private_ip) click to toggle source
# File lib/ip_wrangler/iptables.rb, line 40
def append_nat_ip(public_ip, private_ip)
  rule_dnat, rule_snat = rule_nat_ip(public_ip, private_ip)

  execute(Command.check_rule("#{@chain_name}_PRE", 'nat', rule_dnat))
  if $?.exitstatus == 1
    execute(Command.append_rule("#{@chain_name}_PRE", 'nat', rule_dnat))
  end
  execute(Command.check_rule("#{@chain_name}_POST", 'nat', rule_snat))
  if $?.exitstatus == 1
    execute(Command.append_rule("#{@chain_name}_POST", 'nat', rule_snat))
  end
end
append_nat_port(public_ip, public_port, private_ip, private_port, protocol) click to toggle source
# File lib/ip_wrangler/iptables.rb, line 31
def append_nat_port(public_ip, public_port, private_ip, private_port, protocol)
  rule = rule_nat_port(public_ip, public_port, private_ip, private_port, protocol)

  execute(Command.check_rule("#{@chain_name}_PRE", 'nat', rule))
  if $?.exitstatus == 1
    execute(Command.append_rule("#{@chain_name}_PRE", 'nat', rule))
  end
end
delete_nat_ip(public_ip, private_ip) click to toggle source
# File lib/ip_wrangler/iptables.rb, line 59
def delete_nat_ip(public_ip, private_ip)
  rule_dnat, rule_snat = rule_nat_ip(public_ip, private_ip)

  command_dnat = Command.delete_rule_spec("#{@chain_name}_PRE", rule_dnat, 'nat')
  command_snat = Command.delete_rule_spec("#{@chain_name}_POST", rule_snat, 'nat')
  execute(command_dnat, command_snat)
end
delete_nat_port(public_ip, public_port, private_ip, private_port, protocol) click to toggle source
# File lib/ip_wrangler/iptables.rb, line 53
def delete_nat_port(public_ip, public_port, private_ip, private_port, protocol)
  rule = rule_nat_port(public_ip, public_port, private_ip, private_port, protocol)

  execute(Command.delete_rule_spec("#{@chain_name}_PRE", rule, 'nat'))
end
execute(*commands) click to toggle source
# File lib/ip_wrangler/iptables.rb, line 83
def execute(*commands)
  commands.each do |command|
    IpWrangler::Exec.execute_iptables_command("#{command}")
  end
end
not_exists_nat_ip?(public_ip, _) click to toggle source
# File lib/ip_wrangler/iptables.rb, line 75
def not_exists_nat_ip?(public_ip, _)
  command = "#{$iptables_bin_path} -t nat -n -v -L #{@chain_name}_PRE | "\
    "#{$awk_bin_path} '{print $9, $10}' | "\
    "#{$grep_bin_path} -i '^#{public_ip}'"
  output = IpWrangler::Exec.execute_command(command)
  output.empty?
end
not_exists_nat_port?(public_ip, public_port, protocol, _, _) click to toggle source
# File lib/ip_wrangler/iptables.rb, line 67
def not_exists_nat_port?(public_ip, public_port, protocol, _, _)
  command = "#{$iptables_bin_path} -t nat -n -v -L #{@chain_name}_PRE | "\
    "#{$awk_bin_path} '{print $9, $10, $11, $12}' | "\
    "#{$grep_bin_path} -i '^#{public_ip} #{protocol} dpt:#{public_port}'"
  output = IpWrangler::Exec.execute_command(command)
  output.empty?
end
rule_nat_ip(public_ip, private_ip) click to toggle source
# File lib/ip_wrangler/iptables.rb, line 21
def rule_nat_ip(public_ip, private_ip)
  rule_dnat = [Parameter.destination(public_ip),
               Parameter.jump('DNAT'),
               Parameter.to_destination(private_ip)]
  rule_snat = [Parameter.source(private_ip),
               Parameter.jump('SNAT'),
               Parameter.to(public_ip)]
  return rule_dnat, rule_snat
end
rule_nat_port(public_ip, public_port, private_ip, private_port, protocol) click to toggle source
# File lib/ip_wrangler/iptables.rb, line 13
def rule_nat_port(public_ip, public_port, private_ip, private_port, protocol)
  [Parameter.destination(public_ip),
   Parameter.protocol(protocol),
   Parameter.destination_port(public_port),
   Parameter.jump('DNAT'),
   Parameter.to_destination("#{private_ip}:#{private_port}")]
end