RubyGems - firewall - Versions diffs - 0.0.3 - Mend

firewall 0.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (110) hide show

data/app/controllers/firewall/url_protections_controller.rb ADDED Viewed

@@ -0,0 +1,9 @@
+require_dependency "firewall/application_controller"
+module Firewall
+  class UrlProtectionsController < ApplicationController
+    def index
+    end
+  end
+end

data/app/helpers/firewall/application_helper.rb ADDED Viewed

@@ -0,0 +1,11 @@
+module Firewall
+  module ApplicationHelper
+  	class << self
+	  	def get_tab_active_class_for(tab)
+	  		p request.original_url
+	  		return 'active'
+	  	end
+  	end
+  end
+end

data/app/helpers/firewall/custom_rules_helper.rb ADDED Viewed

@@ -0,0 +1,4 @@
+module Firewall
+  module CustomRulesHelper
+  end
+end

data/app/helpers/firewall/dashboard_helper.rb ADDED Viewed

@@ -0,0 +1,11 @@
+module Firewall
+  module DashboardHelper
+    class << self
+      def blacklisting_active?
+        return IptablesHelper.show_rules.include?("blacklistdrop")
+      end
+    end
+  end
+end

data/app/helpers/firewall/iptables_helper.rb ADDED Viewed

@@ -0,0 +1,97 @@
+require 'firewall/config'
+module Firewall
+  module IptablesHelper
+    class NotSudoException < StandardError
+    end
+    class << self
+      def gain_sudo
+        @password = Config.sudo_password
+        io = IO.popen(["sudo", "-S", 'pwd'], mode="a+")
+        io.write("#{@password}\n")
+        io.write("#{@password}\n")
+        io.write("#{@password}\n")
+        l = io.readlines
+        if(l.size == 0)
+          raise NotSudoException.new
+        end
+      end
+      def add_rule(rule)
+        gain_sudo()
+        puts "add_rule #{rule}"
+        rule_array = rule.split(' ')
+        f = IO.popen(['sudo', '-n', 'iptables'] + rule_array, :err=>[:child, :out])
+        return f.readlines.join
+      end
+      def remove_rule(linenumber, chain="INPUT")
+        gain_sudo()
+        f = IO.popen(['sudo', '-n', 'iptables', '-D', "#{chain}", "#{linenumber}"], :err=>[:child, :out])
+        return f.readlines.join
+      end
+      def blacklist_ip(ip, blacklist_name='blacklist')
+        gain_sudo()
+        #FIXME: check if ip only consists of numbers and '.'
+        #FIXME: check if blacklist_name only consists of alphanumerics and has no ';'
+        return system "sudo sh -c \'echo \"+#{ip}\" >> /proc/net/xt_recent/#{blacklist_name}\'"
+      end
+      def unblacklist_ip(ip, blacklist_name='blacklist')
+        gain_sudo()
+        #FIXME: check if ip only consists of numbers and '.'
+        #FIXME: check if blacklist_name only consists of alphanumerics and has no ';'
+        return system "sudo sh -c \'echo \"-#{ip}\" >> /proc/net/xt_recent/#{blacklist_name}\'"
+      end
+      def show_rules
+        gain_sudo()
+        f = IO.popen(['sudo', '-n', 'iptables', '-n', '-L', '--line-numbers'], :err=>[:child, :out])
+        result = f.readlines.join
+        return result
+      end
+      def blacklisted_ips(blacklist_name='blacklist')
+        f = IO.popen(['cat', "#{blacklist_name}"], :err=>[:child, :out])
+        return f.readlines.join
+      end
+      def reset_rules
+        gain_sudo
+        system("sudo iptables -F")
+        system("sudo iptables -X")
+        system("sudo iptables -t nat -F")
+        system("sudo iptables -t nat -X")
+        system("sudo iptables -t mangle -F")
+        system("sudo iptables -t mangle -X")
+        system("sudo iptables -P INPUT ACCEPT")
+        system("sudo iptables -P FORWARD ACCEPT")
+        system("sudo iptables -P OUTPUT ACCEPT")
+      end
+      def get_rules()
+        f = IO.popen(['sudo', 'iptables-save'], :err=>[:child, :out])
+        return f.readlines.join
+      end
+      # This method overrides all existing rules
+      def apply_rules(all_rules_as_string)
+        reset_rules()
+        #sudo already gained in reset
+        f = IO.popen(['sudo', 'iptables-restore'], mode="a+", :err=>[:child, :out])
+        f.write(all_rules_as_string)
+        f.close
+      end
+    end
+  end
+end

data/app/helpers/firewall/rule_helper.rb ADDED Viewed

@@ -0,0 +1,4 @@
+module Firewall
+  module RuleHelper
+  end
+end

data/app/helpers/firewall/url_protections_helper.rb ADDED Viewed

@@ -0,0 +1,19 @@
+module Firewall
+  module UrlProtectionsHelper
+    class << self
+      def protected_urls
+        regex = /\d+\s+ACCEPT.*?dpt:80 STRING match  "(.*?)" ALGO/
+        rules = IptablesHelper.show_rules.split(/\n/)
+        protected_urls = []
+        rules.each{ |line|
+          match = regex.match(line)
+          protected_urls.push(match[1]) unless match.nil?
+        }
+        return protected_urls
+      end
+    end
+  end
+end

data/app/views/firewall/custom_rules/index.html.erb ADDED Viewed

@@ -0,0 +1,36 @@
+<div id="main" class="row">
+  <div class="col-lg-10 col-lg-offset-1">
+    <% if !@message.nil? %>
+    <div class="alert fade in">
+      <button type="button" class="close" data-dismiss="alert">×</button>
+      <strong>Message: </strong><%= @message.html_safe %>
+    </div>
+    <% end %>
+    <!-- All Rules -->
+    <legend>All Rules <span class="toggle-button" data-toggle="collapse" data-target="#rules"></span></legend>
+    <div id="rules" class="collapse">
+      <pre><%= Firewall::IptablesHelper.show_rules() %></pre>
+    </div>
+    <!-- Add Custom Rule -->
+    <form action="<%= url_for :controller => 'rules', :action => 'create' %>" method="post">
+      <fieldset>
+        <legend>Add Custom rule</legend>
+        <div class="well">
+          <div class="form-group">
+            <label for="newRule">New rule</label>
+            <input type="text" name="rule" class="form-control" id="newRule" required placeholder="New iptables rule without iptables command">
+          </div>
+          <button type="submit" class="btn btn-success">Add rule</button>
+        </div>
+      </fieldset>
+    </form>
+    <br>
+    <%= render "firewall/partials/remove_rule" %>
+  </div>
+</div>

data/app/views/firewall/dashboard/help.html.erb ADDED Viewed

@@ -0,0 +1,8 @@
+<div id="main" class="row">
+  <div class="col-lg-10 col-lg-offset-1">
+    <legend>Help</legend>
+    <p>Help will be here in first beta version.</p>
+  </div>
+</div>

data/app/views/firewall/dashboard/index.html.erb ADDED Viewed

@@ -0,0 +1,83 @@
+<div id="main" class="row">
+  <div class="col-lg-10 col-lg-offset-1">
+    <% if !@message.nil? %>
+    <div class="alert fade in">
+      <button type="button" class="close" data-dismiss="alert">×</button>
+      <strong>Message: </strong><%= @message.to_s.html_safe %>
+    </div>
+    <% end %>
+    <legend>All Rules <span class="toggle-button" data-toggle="collapse" data-target="#rules"></span></legend>
+    <div id="rules" class="collapse in">
+      <pre><%= Firewall::IptablesHelper.show_rules() %></pre>
+      <form action="<%= url_for :controller => 'dashboard', :action => 'activate_blacklisting' %>" method="get">
+        <fieldset>
+          <button type="submit" class="btn btn-default" <%= Firewall::DashboardHelper.blacklisting_active? ? "disabled=\"disabled\"" : "" %>>Activate blacklisting</button>
+          <p class="help-block">Blacklisting is currently <%= Firewall::DashboardHelper.blacklisting_active? ? "active" : "NOT active" %></p>
+        </fieldset>
+      </form>
+    </div>
+    <br>
+    <%= render "firewall/partials/protected_urls" %>
+    <br>
+    <legend>Blacklisted IPs</legend>
+    <pre><%= Firewall::IptablesHelper.blacklisted_ips() %></pre>
+    <br>
+    <legend>Danger Area</legend>
+    <div class="well">
+      <a href="<%= url_for :controller => 'dashboard', :action => 'dump_rules' %>" class="btn btn-success">Download firewall rules</a>
+      <a data-toggle="modal" href="#fileUploadModal" class="btn btn-warning">Restore firewall rules</a>
+      <button type="button" id="resetButton" class="btn btn-danger">Reset firewall rules</button>
+    </div>
+  </div>
+</div>
+<script type="text/javascript">
+  $(function() {
+    $('#resetButton').click(function() {
+      if(confirm("Are you sure to reset all config?")){
+        $.ajax({
+          url: "<%= url_for :controller => 'rules', :action => 'reset' %>",
+          method: 'delete',
+          complete: function() {
+            window.location.href = "<%= url_for :controller => 'dashboard', :action => 'index' %>"
+          }
+        });
+      }
+    });
+  });
+</script>
+<div id="fileUploadModal" class="modal fade">
+  <div class="modal-dialog">
+    <div class="modal-content">
+      <form accept-charset="UTF-8" action="<%= url_for :controller => 'dashboard', :action => 'restore_rules' %>" enctype="multipart/form-data" method="post">
+        <div class="modal-header">
+          <button type="button" class="close" data-dismiss="modal" aria-hidden="true">&times;</button>
+          <h4 class="modal-title">Upload a configuration file</h4>
+        </div>
+        <div class="modal-body">
+            <div style="margin:0;padding:0;display:inline"><input name="utf8" type="hidden" value="✓">
+            <input id="file" name="file" type="file" required>
+        </div>
+        <div class="modal-footer">
+          <button type="button" class="btn btn-default" data-dismiss="modal">Close</button>
+          <button ame="commit" type="submit"class="btn btn-primary">Save changes</button>
+        </div>
+      </form>
+    </div><!-- /.modal-content -->
+  </div><!-- /.modal-dialog -->
+</div><!-- /.modal -->

data/app/views/firewall/partials/_protected_urls.html.erb ADDED Viewed

@@ -0,0 +1,7 @@
+<!-- Already Protected URLs -->
+<legend>Already Protected URLs <span class="toggle-button" data-toggle="collapse" data-target="#urls"></span></legend>
+<div id="urls" class="collapse in">
+  <% Firewall::UrlProtectionsHelper.protected_urls.each do |url| %>
+  <span class="label label-success"><%= url %></span>
+  <% end %>
+</div>

data/app/views/firewall/partials/_remove_rule.html.erb ADDED Viewed

@@ -0,0 +1,18 @@
+<!-- Remove Rule -->
+<form action="<%= url_for :controller => 'rules', :action => 'remove' %>" method="post">
+  <fieldset>
+    <legend>Remove a rule</legend>
+    <div class="well">
+      <div class="row">
+        <div class="col-lg-3">
+          <div class="form-group">
+            <label for="ruleNumber">Rule index number</label>
+            <input type="number" min="1" name="index" class="form-control" id="ruleNumber" required placeholder="Rule index">
+            <p class="help-block">Use rule index number from above <strong>Rules</strong> table. </p>
+          </div>
+        </div>
+      </div>
+      <button type="submit" class="btn btn-danger">Remove rule</button>
+    </div>
+  </fieldset>
+</form>

data/app/views/firewall/url_protections/index.html.erb ADDED Viewed

@@ -0,0 +1,52 @@
+<div id="main" class="row">
+  <div class="col-lg-10 col-lg-offset-1">
+    <% if !@message.nil? %>
+    <div class="alert fade in">
+      <button type="button" class="close" data-dismiss="alert">×</button>
+      <strong>Message: </strong><%= @message.html_safe %>
+    </div>
+    <% end %>
+    <!-- All Rules -->
+    <legend>All Rules <span class="toggle-button" data-toggle="collapse" data-target="#rules"></span></legend>
+    <div id="rules" class="collapse">
+      <pre><%= Firewall::IptablesHelper.show_rules() %></pre>
+    </div>
+    <%= render "firewall/partials/protected_urls" %>
+    <br>
+    <!-- Protect a URL -->
+    <form class="form-inline" action="<%= url_for :controller => 'rules', :action => 'protect_url' %>" method="post">
+      <fieldset>
+        <legend>Protect a URL</legend>
+        <div class="well">
+          <div class="form-group">
+            <label for="newRule">URL pattern</label>
+            <input type="text" name="url" class="form-control" id="newRule" required placeholder="URL to be protected">
+            <p class="help-block">Not regex, simple sub-string matching with Case Sensitivity. <strong>Don't use white characters (eg. space) otherwise things will broke!</strong></p>
+          </div>
+          <div class="form-group">
+            If somebody makes
+            <input type="number" name="hitcount" class="form-control inline-input" min="1" max="20">
+            requests in
+            <input type="number" name="interval" class="form-control inline-input" min="1">
+            seconds, block his/her IP for
+            <input type="number" class="form-control inline-input" min="1" readonly value="120">
+            seconds.
+          </div>
+          <button type="submit" class="btn btn-success">Protect URL</button>
+        </div>
+      </fieldset>
+    </form>
+    <br>
+    <%= render "firewall/partials/remove_rule" %>
+  </div>
+</div>

data/app/views/layouts/firewall/application.html.erb ADDED Viewed

@@ -0,0 +1,33 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>Firewall</title>
+  <%= stylesheet_link_tag    "firewall/application", media: "all" %>
+  <%= javascript_include_tag "firewall/application" %>
+  <%= csrf_meta_tags %>
+</head>
+<body>
+  <div class="navbar">
+    <div class="container">
+      <button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-responsive-collapse">
+        <span class="icon-bar"></span>
+        <span class="icon-bar"></span>
+        <span class="icon-bar"></span>
+      </button>
+      <a class="navbar-brand" href="<%= url_for :controller => 'dashboard', :action => 'index' %>">Rails Firewall</a>
+      <div class="nav-collapse collapse navbar-responsive-collapse">
+        <ul class="nav navbar-nav">
+          <li class="<%= current_page?(:controller => 'dashboard', :action => 'index') ? "active" : ""  %>"><a href="<%= url_for :controller => 'dashboard', :action => 'index' %>">Dashboard</a></li>
+          <li class="<%= current_page?(:controller => 'url_protections', :action => 'index') ? "active" : ""  %>"><a href="<%= url_for :controller => 'url_protections', :action => 'index' %>">URL Protection</a></li>
+          <li class="<%= current_page?(:controller => 'custom_rules', :action => 'index') ? "active" : ""  %>"><a href="<%= url_for :controller => 'custom_rules', :action => 'index' %>">Custom Rules</a></li>
+          <li class="<%= current_page?(:controller => 'dashboard', :action => 'help') ? "active" : ""  %>"><a href="<%= url_for :controller => 'dashboard', :action => 'help' %>">Help</a></li>
+        </ul>
+      </div><!-- /.nav-collapse -->
+    </div><!-- /.container -->
+  </div>
+  <%= yield %>
+</body>
+</html>

data/config/routes.rb ADDED Viewed

@@ -0,0 +1,19 @@
+Firewall::Engine.routes.draw do
+	root "dashboard#index"
+	match 'dashboard' => "dashboard#index", :via => [:get]
+	match 'help' => "dashboard#help", :via => [:get]
+	match 'dump' => "dashboard#dump_rules", :via => [:get]
+	match 'restore' => "dashboard#restore_rules", :via => [:post]
+	get "dashboard/activate_blacklisting"
+	match 'url_protection' => "url_protections#index", :via => [:get]
+	match 'custom_rules' => "custom_rules#index", :via => [:get]
+	resource :rule
+	delete "rules/reset"
+	post "rules/remove"
+	post "rules/protect_url"
+end

data/lib/firewall.rb ADDED Viewed

@@ -0,0 +1,14 @@
+require "firewall/engine"
+require "firewall/config"
+module Firewall
+  def self.config(&block)
+    if block_given?
+      block.call(Firewall::Config)
+    else
+      Firewall::Config
+    end
+  end
+end