infrataster-plugin-firewall 0.1.0 → 0.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +9 -2
- data/RELEASE_NOTES.md +10 -0
- data/lib/infrataster/contexts/firewall_context.rb +11 -7
- data/lib/infrataster/plugin/firewall/capture.rb +3 -3
- data/lib/infrataster/plugin/firewall/transfer.rb +4 -4
- data/lib/infrataster/plugin/firewall/version.rb +1 -1
- data/spec/integration/firewall_spec.rb +2 -0
- metadata +3 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 5c6fb638743aa14b0bfdcb5aaffa6ae8b4af64d5
|
4
|
+
data.tar.gz: ffae74342cd92a04bf17796f4b4509bdcfd445ab
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 472b21cf931b06826e6fe510dc1013d63974c1688fc90dbbce73b8efafbdf61d0c39b764cb4e83308bb58fdfab247cda0d276ec71bfa87c8abcfb0f86a2e94c9
|
7
|
+
data.tar.gz: fb4b7b7354ad85674f26df7a0ed4f00f883cc08b6157107ea40838e5fcfaec261de2665d25cd8102f2f8195514f015863fddbf4c4e9daf3a0a26c68c35b66b02
|
data/README.md
CHANGED
@@ -34,6 +34,8 @@ describe server(:src) do
|
|
34
34
|
it { is_expected.to be_reachable.dest_port(80) } #TCP:80
|
35
35
|
it { is_expected.to be_reachable.tcp.dest_port(80) }
|
36
36
|
it { is_expected.to be_reachable.udp.dest_port(53) }
|
37
|
+
it { is_expected.to be_reachable.dest_port('80/tcp') }
|
38
|
+
it { is_expected.to be_reachable.dest_port('53/udp') }
|
37
39
|
it { is_expected.to be_reachable.tcp.dest_port(80).source_port(30123) }
|
38
40
|
end
|
39
41
|
end
|
@@ -50,13 +52,18 @@ server 'src'
|
|
50
52
|
should reach to server 'dst' dest_port: 80
|
51
53
|
should reach to server 'dst' tcp dest_port: 80
|
52
54
|
should reach to server 'dst' udp dest_port: 53
|
55
|
+
should reach to server 'dst' dest_port: 80/tcp
|
56
|
+
should reach to server 'dst' dest_port: 53/udp
|
53
57
|
should reach to server 'dst' tcp dest_port: 80 source_port: 30123
|
54
58
|
|
55
|
-
Finished in
|
56
|
-
|
59
|
+
Finished in 21.35 seconds (files took 0.7851 seconds to load)
|
60
|
+
7 examples, 0 failures
|
57
61
|
$
|
58
62
|
```
|
59
63
|
|
64
|
+
## Release Notes
|
65
|
+
|
66
|
+
[Release Notes](./RELEASE_NOTES.md)
|
60
67
|
|
61
68
|
## Contributing
|
62
69
|
|
data/RELEASE_NOTES.md
ADDED
@@ -19,35 +19,39 @@ module Infrataster
|
|
19
19
|
|
20
20
|
chain :icmp do
|
21
21
|
@options ||= {}
|
22
|
-
@options.merge!(protocol: :
|
22
|
+
@options.merge!(protocol: :icmp) unless @options[:protocol]
|
23
23
|
end
|
24
24
|
|
25
25
|
chain :tcp do
|
26
26
|
@options ||= {}
|
27
|
-
@options.merge!(protocol: :
|
27
|
+
@options.merge!(protocol: :tcp) unless @options[:protocol]
|
28
28
|
@chain_string ||= ''
|
29
29
|
@chain_string += ' tcp'
|
30
30
|
end
|
31
31
|
|
32
32
|
chain :udp do
|
33
33
|
@options ||= {}
|
34
|
-
@options.merge!(protocol: :
|
34
|
+
@options.merge!(protocol: :udp) unless @options[:protocol]
|
35
35
|
@chain_string ||= ''
|
36
36
|
@chain_string += ' udp'
|
37
37
|
end
|
38
38
|
|
39
39
|
chain :dest_port do |port|
|
40
|
+
port_number, protocol = port.to_s.split('/')
|
40
41
|
@options ||= {}
|
41
|
-
@options.merge!(dest_port:
|
42
|
-
@options.merge!(protocol:
|
42
|
+
@options.merge!(dest_port: port_number)
|
43
|
+
@options.merge!(protocol: protocol.to_sym) if protocol
|
44
|
+
@options.merge!(protocol: :tcp) unless @options[:protocol]
|
43
45
|
@chain_string ||= ''
|
44
46
|
@chain_string += " dest_port: #{port}"
|
45
47
|
end
|
46
48
|
|
47
49
|
chain :source_port do |port|
|
50
|
+
port_number, protocol = port.to_s.split('/')
|
48
51
|
@options ||= {}
|
49
|
-
@options.merge!(source_port:
|
50
|
-
@options.merge!(protocol:
|
52
|
+
@options.merge!(source_port: port_number)
|
53
|
+
@options.merge!(protocol: protocol.to_sym) if protocol
|
54
|
+
@options.merge!(protocol: :tcp) unless @options[:protocol]
|
51
55
|
@chain_string ||= ''
|
52
56
|
@chain_string += " source_port: #{port}"
|
53
57
|
end
|
@@ -6,12 +6,12 @@ module Infrataster
|
|
6
6
|
class Capture
|
7
7
|
attr_reader :result, :output
|
8
8
|
|
9
|
-
def initialize(node, bpf = nil, term_sec =
|
9
|
+
def initialize(node, bpf = nil, term_sec = 3)
|
10
10
|
@node = node.respond_to?(:server) ? node.server :
|
11
11
|
Net::SSH.start(node, config: true)
|
12
|
-
@bpf = bpf
|
12
|
+
@bpf = bpf
|
13
13
|
@connected = false
|
14
|
-
@term_sec = term_sec
|
14
|
+
@term_sec = term_sec
|
15
15
|
@thread = nil
|
16
16
|
@ssh = nil
|
17
17
|
@result = false
|
@@ -7,16 +7,16 @@ module Infrataster
|
|
7
7
|
def initialize(src_node, dest_node, options = {})
|
8
8
|
@src_node = src_node
|
9
9
|
@dest_node = dest_node
|
10
|
-
@protocol = options[:protocol] ? options[:protocol] : :
|
10
|
+
@protocol = options[:protocol] ? options[:protocol] : :icmp
|
11
11
|
@dest_port = options[:dest_port] ? options[:dest_port] : 80
|
12
12
|
@source_port = options[:source_port] ? options[:source_port] : nil
|
13
13
|
end
|
14
14
|
|
15
15
|
def reachable?
|
16
16
|
case @protocol
|
17
|
-
when :
|
17
|
+
when :icmp
|
18
18
|
icmp_reachable?
|
19
|
-
when :
|
19
|
+
when :tcp, :udp
|
20
20
|
transport_reachable?
|
21
21
|
end
|
22
22
|
end
|
@@ -39,7 +39,7 @@ module Infrataster
|
|
39
39
|
bpf = Capture.bpf(bpf_options)
|
40
40
|
capture = Capture.new(@dest_node, bpf)
|
41
41
|
capture.open do
|
42
|
-
nc_option = @protocol == :
|
42
|
+
nc_option = @protocol == :udp ? '-u' : '-t'
|
43
43
|
nc_option += @source_port ? " -p #{@source_port}" : ''
|
44
44
|
@src_node.server
|
45
45
|
.ssh_exec("echo test|nc #{dest_addr} #{@dest_port} #{nc_option}")
|
@@ -6,6 +6,8 @@ describe server(:src) do
|
|
6
6
|
it { is_expected.to be_reachable.dest_port(80) }
|
7
7
|
it { is_expected.to be_reachable.tcp.dest_port(80) }
|
8
8
|
it { is_expected.to be_reachable.udp.dest_port(53) }
|
9
|
+
it { is_expected.to be_reachable.dest_port('80/tcp') }
|
10
|
+
it { is_expected.to be_reachable.dest_port('53/udp') }
|
9
11
|
it { is_expected.to be_reachable.tcp.dest_port(80).source_port(30123) }
|
10
12
|
end
|
11
13
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: infrataster-plugin-firewall
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Hiroshi Ota
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-04-
|
11
|
+
date: 2015-04-26 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: infrataster
|
@@ -121,6 +121,7 @@ files:
|
|
121
121
|
- Gemfile
|
122
122
|
- LICENSE.txt
|
123
123
|
- README.md
|
124
|
+
- RELEASE_NOTES.md
|
124
125
|
- Rakefile
|
125
126
|
- infrataster-plugin-firewall.gemspec
|
126
127
|
- lib/infrataster-plugin-firewall.rb
|