catflap 0.0.2.pre → 0.0.2
Sign up to get free protection for your applications and to get access to all the features.
- data/bin/catflap +21 -9
- data/lib/catflap.rb +10 -0
- metadata +5 -5
data/bin/catflap
CHANGED
@@ -53,16 +53,28 @@ optparse = OptionParser.new do |opts|
|
|
53
53
|
end
|
54
54
|
end.parse! ARGV
|
55
55
|
|
56
|
-
|
56
|
+
begin
|
57
|
+
cf = Catflap.new options['config_file']
|
58
|
+
rescue Psych::SyntaxError
|
59
|
+
puts "There is a YAML syntax error in your catflap configuration file.\n"
|
60
|
+
exit 1
|
61
|
+
rescue NoMethodError
|
62
|
+
puts "Cannot read the configuration file (#{options['config_file']}) or default file location: /usr/local/etc/catflap.yaml\n"
|
63
|
+
exit 1
|
64
|
+
end
|
57
65
|
unless options['start_server']
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
+
begin
|
67
|
+
cf.purge_rules! if options['purge']
|
68
|
+
cf.install_rules! if options['install']
|
69
|
+
cf.uninstall_rules! if options['uninstall']
|
70
|
+
cf.add_address! options['add'] if options['add']
|
71
|
+
cf.delete_address! options['del'] if options['del']
|
72
|
+
cf.add_addresses_from_file! options['filepath'] if options['filepath']
|
73
|
+
cf.check_address options['check'] if options['check']
|
74
|
+
cf.list_rules if options['list']
|
75
|
+
rescue ArgumentError
|
76
|
+
puts "Invalid Argument: make sure IP address or range is correct (i.e. CIDR format)\n"
|
77
|
+
end
|
66
78
|
else
|
67
79
|
require 'catflap-http'
|
68
80
|
CatflapWebserver::start_server cf
|
data/lib/catflap.rb
CHANGED
@@ -1,10 +1,12 @@
|
|
1
1
|
require 'yaml'
|
2
|
+
require 'ipaddr'
|
2
3
|
|
3
4
|
class Catflap
|
4
5
|
|
5
6
|
attr_accessor :config, :chain, :port, :dports, :print, :noop, :log_rejected
|
6
7
|
|
7
8
|
def initialize config_file
|
9
|
+
config_file = config_file || '/usr/local/etc/catflap.yaml'
|
8
10
|
@config = {}
|
9
11
|
@config = YAML.load_file config_file if File.readable? config_file
|
10
12
|
@port = @config['server']['port'] || 4777
|
@@ -43,15 +45,18 @@ class Catflap
|
|
43
45
|
end
|
44
46
|
|
45
47
|
def check_address ip
|
48
|
+
check_user_input ip
|
46
49
|
return system "iptables -C #{@chain} -s #{ip} -p tcp -m multiport --dports #{@dports} -j ACCEPT\n"
|
47
50
|
end
|
48
51
|
|
49
52
|
def add_address! ip
|
53
|
+
check_user_input ip
|
50
54
|
output = "iptables -I #{@chain} 1 -s #{ip} -p tcp -m multiport --dports #{@dports} -j ACCEPT\n"
|
51
55
|
execute! output
|
52
56
|
end
|
53
57
|
|
54
58
|
def delete_address! ip
|
59
|
+
check_user_input ip
|
55
60
|
output = "iptables -D #{@chain} -s #{ip} -p tcp -m multiport --dports #{@dports} -j ACCEPT\n"
|
56
61
|
execute! output
|
57
62
|
end
|
@@ -60,6 +65,7 @@ class Catflap
|
|
60
65
|
if File.readable? filepath
|
61
66
|
output = ""
|
62
67
|
File.open(filepath, "r").each_line do |ip|
|
68
|
+
check_user_input ip
|
63
69
|
output << "iptables -I #{@chain} 1 -s #{ip.chomp} -p tcp -m multiport --dports #{@dports} -j ACCEPT\n"
|
64
70
|
end
|
65
71
|
execute! output
|
@@ -74,4 +80,8 @@ class Catflap
|
|
74
80
|
system output unless @noop
|
75
81
|
end
|
76
82
|
|
83
|
+
def check_user_input suspect
|
84
|
+
return IPAddr.new(suspect)
|
85
|
+
end
|
86
|
+
|
77
87
|
end
|
metadata
CHANGED
@@ -1,15 +1,15 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: catflap
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.2
|
5
|
-
prerelease:
|
4
|
+
version: 0.0.2
|
5
|
+
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
8
8
|
- Nyk Cowham
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2013-12-
|
12
|
+
date: 2013-12-08 00:00:00.000000000 Z
|
13
13
|
dependencies: []
|
14
14
|
description: A simple solution to provide on-demand service access (e.g. port 80 on
|
15
15
|
webserver), where a more robust and secure VPN solution is not available.
|
@@ -38,9 +38,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
38
38
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
39
39
|
none: false
|
40
40
|
requirements:
|
41
|
-
- - ! '
|
41
|
+
- - ! '>='
|
42
42
|
- !ruby/object:Gem::Version
|
43
|
-
version:
|
43
|
+
version: '0'
|
44
44
|
requirements:
|
45
45
|
- NetFilters (iptables) installed and working.
|
46
46
|
rubyforge_project:
|