asbestos 0.0.1 → 0.0.3

checksums.yaml

@@ -1,15 +1,15 @@
 ---
 !binary "U0hBMQ==":
   metadata.gz: !binary |-
-    ZDQ2N2U5NmUwMzg1NDdjMTBlNjYxNzM1MjNlY2E3MGM1MTBkNTM3ZA==
+    ZDJiNGMwMTZkMTAxYzY5OTdhODA4NzllOGNkMTk1ZDNjZTM1MDM5YQ==
   data.tar.gz: !binary |-
-    ZDVhODYyOGIxMzRmMDcwOGY3ODE4MDExZmU4YWE0OGUwNDg2MzJmNA==
+    NWE0ZmFiOTJjNzA2MjVhMGRlOTU3NDEzYzFiMGNkZjY2MjFiMmU2Mw==
 !binary "U0hBNTEy":
   metadata.gz: !binary |-
-    MzQ4MjIwOTYxYTFlY2ZmYTk2NjljOWJjZjM3MWJhMmFhZDYwNjE5OWIyMDlh
-    MzAxZTZjMDA1Zjk1Mzg0YzY4M2M5NjRiMDRkMjU3ODRmNzVkZmJhMjUyZmZm
-    NjMxNzEyYjBlMjRkNWRlN2I2Zjg4MGNlZTU3NTUwYjhlN2I1NTE=
+    ZGEzNWRiNjc3ZjZmZDk5NzFiODkyZTdjMGViMTM0OGM3MGU0NDUzNDdmZWRk
+    NGUzMjE3YTQ5ZWU4NDA4NTNlODQ5MjM4ZWQ0NzJmMmE3ZmM3MzBiN2NiNzg5
+    MGFjZmQ4ODliMjRkOTVlNzI2ZGM0MTNlZjJjNTIzZjExMmQ0ZjU=
   data.tar.gz: !binary |-
-    ZWI5MGVlZjY4YjY3YzZmNGExMGE5YzUyN2JiNWI0N2VlMjAxNjBiM2MxNmU4
-    YzJiZjU0ZGU2MzI4ZjYyZWExNDE0NWU1MTY4OWViMjVjMzQ3ZGVhMGE0ZTA3
-    YTRlYTIxYWZhZDY4MDg4ZGExNGY2MDgxMjY0NmMzZDYzMmEzMGU=
+    NDcxNGVlMzUyMGI2MGI3NzAwOGY5NGU5ZWYwNDI2NmQ2ZmZiY2YzMDNiZmMz
+    YTg1NWM3MjIzZTYxN2ZiYWYwNjc4ZjY4MzBkMDM3MTczNmFiNjI2MmVhYzBh
+    NmEyYjEyZTQ1MWI2ZWE0NTM1ZDk5YmVlYTA3ODNiN2JiMGY2NTE=

data/.travis.yml

@@ -0,0 +1,4 @@
+rvm:
+  - 1.9.3
+script:
+  - RAILS_ENV=test bundle exec rspec

data/README.md

@@ -6,6 +6,10 @@ Trying to maintain a set of interconnected firewall rules is pretty annoying, ho
 
 At the moment, Asbestos only supports IPTables (the filter table, specifically), but it can be easily expanded for other firewall types.
 
+
+[![Build Status](https://travis-ci.org/koudelka/asbestos.png)](https://travis-ci.org/koudelka/asbestos)
+
+
 ## Installation
 
 Simply:
@@ -333,7 +337,7 @@ rule_set :icmp_protection do
              :icmp_type => 'echo-request',
              :interface => interface,
              :remote_address => address,
-             :limit   => '22s',
+             :limit   => '1/s',
              :comment => "allow icmp from #{address}"
     end
 
@@ -359,9 +363,9 @@ Results in:
 # Begin [icmp_protection]
 -A OUTPUT -j ACCEPT -p icmp --icmp-type echo-request -m comment --comment "allow us to ping others"
 -A INPUT -j ACCEPT -p icmp --icmp-type echo-reply -m comment --comment "allow us to receive ping responses"
--A INPUT -j ACCEPT -i eth1 -p icmp -s pinger.monitoringservice.com -m limit --limit 22s --icmp-type echo-request -m comment --comment "allow icmp from pinger.monitoringservice.com on eth1"
+-A INPUT -j ACCEPT -i eth1 -p icmp -s pinger.monitoringservice.com -m limit --limit 1/s --icmp-type echo-request -m comment --comment "allow icmp from pinger.monitoringservice.com on eth1"
 -A INPUT -j DROP -i eth1 -p icmp -m comment --comment "drop any icmp packets that haven't been explicitly allowed on eth1"
--A INPUT -j ACCEPT -i eth1:0 -p icmp -s pinger.monitoringservice.com -m limit --limit 22s --icmp-type echo-request -m comment --comment "allow icmp from pinger.monitoringservice.com on eth1:0"
+-A INPUT -j ACCEPT -i eth1:0 -p icmp -s pinger.monitoringservice.com -m limit --limit 1/s --icmp-type echo-request -m comment --comment "allow icmp from pinger.monitoringservice.com on eth1:0"
 -A INPUT -j DROP -i eth1:0 -p icmp -m comment --comment "drop any icmp packets that haven't been explicitly allowed on eth1:0"
 # End [icmp_protection]
 ```

data/examples/8_rule_sets.rb

@@ -15,7 +15,7 @@ rule_set :icmp_protection do
              :icmp_type => 'echo-request',
              :interface => interface,
              :remote_address => address,
-             :limit   => '22s',
+             :limit   => '1/s',
              :comment => "allow icmp from #{address}"
     end
 

data/lib/asbestos/metadata.rb

@@ -1,4 +1,4 @@
 module Asbestos
-  VERSION = "0.0.1"
+  VERSION = "0.0.3"
   HOMEPAGE = "http://www.github.com/koudelka/asbestos"
 end

data/lib/asbestos/rule_sets/icmp_protection.rb

@@ -17,7 +17,7 @@ rule_set :icmp_protection do
              :icmp_type => 'echo-request',
              :interface => interface,
              :remote_address => address,
-             :limit   => '22s',
+             :limit   => '1/s',
              :comment => "allow icmp from #{address}"
     end
 

data/lib/asbestos/rule_sets/sanity_check.rb

@@ -3,7 +3,7 @@ rule_set :sanity_check do
  chain 'valid-dst'
 
  # Require all packets to or from the internet to go through sanity checks.
- interfaces[:external].each do |iface|
+ interfaces[:external].each do |interface|
    rule :chain  => :input,
         :action => 'valid-src',
         :interface => interface,
@@ -12,7 +12,7 @@ rule_set :sanity_check do
    rule :chain  => :output,
         :action => 'valid-dst',
         :interface => interface,
-        :comment => "all traffic from internet goes through sanity check"
+        :comment => "all traffic to internet goes through sanity check"
  end
 
  # Private interface addresses should never be talking to our external IP.
@@ -25,9 +25,9 @@ rule_set :sanity_check do
    '192.168.0.0/16',
    '224.0.0.0/4',
    '240.0.0.0/5'
- ].each do |interal_ip_range|
+ ].each do |internal_ip_range|
    drop :chain => 'valid-src',
-        :local_address => interal_ip_range,
+        :local_address => internal_ip_range,
         :comment => "drop private ip talking to external interface"
  end
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: asbestos
 version: !ruby/object:Gem::Version
-  version: 0.0.1
+  version: 0.0.3
 platform: ruby
 authors:
 - Michael Shapiro
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-06-21 00:00:00.000000000 Z
+date: 2014-01-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -77,6 +77,7 @@ extra_rdoc_files: []
 files:
 - .gitignore
 - .rspec
+- .travis.yml
 - Gemfile
 - Guardfile
 - LICENSE.txt