iptables-web 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 8a139530b147346fe830287212857940a70cfad5
+  data.tar.gz: c0fc21ed2e8c05aada06d3d06d869df259cabd22
+SHA512:
+  metadata.gz: 672789d5c2099099ad2589abe1eb3bcc3fbb0cf30f4bb7b829284c4a6211385c99bade46ffa8ac792f6e98d60d4813079caed35789b18d164cf48cc698b66fd0
+  data.tar.gz: 88add871cab6f009691bc3f1036c0c9e954845b912cb068baa4b69d992532884a989003faf0130d9dfc47989df116c608bd3d5338b9ef2ac5b16ee0b6b8f9171

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2014 NikolayMurga
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,29 @@
+# Iptables::Client
+
+TODO: Write a gem description
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'iptables-client'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install iptables-client
+
+## Usage
+
+TODO: Write usage instructions here
+
+## Contributing
+
+1. Fork it ( https://github.com/[my-github-username]/iptables-client/fork )
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create a new Pull Request

data/bin/iptables-web

@@ -0,0 +1,81 @@
+#!/bin/env ruby
+require 'commander/import'
+require 'system/getifaddrs'
+require 'iptables_web'
+# :name is optional, otherwise uses the basename of this executable
+program :name, 'IPtables Web client'
+program :version, IptablesWeb::VERSION
+program :description, 'Update iptables '
+default_command :update
+command :install do |c|
+  c.syntax = 'iptables-web install'
+  c.description = 'Displays foo'
+  c.action do |args, options|
+    config = IptablesWeb::Configuration.new
+    api_url = ask('Api base url: ') { |q| q.default = config['api_base_url'] }
+    token = ask('Access token: ') { |q| q.default = config['access_token'] }
+    update_period = ask('Update every [min]', Integer) { |q| q.default = 1; q.in = 0..59 }
+    config_dir = IptablesWeb::Configuration.config_dir
+    unless File.exist?(config_dir)
+      say "Create config directory: #{config_dir}"
+      Dir.mkdir(config_dir)
+    end
+    config_file = File.join(config_dir, 'config.yml')
+    say "Write config to #{config_file}"
+    File.write config_file, <<CONFIG
+api_base_url: #{api_url}
+access_token: #{token}
+CONFIG
+    if system("LANG=C bash -l -c \"type rvm | cat | head -1 | grep -q '^rvm is a function$'\"")
+      wrapper = "#{ENV['HOME']}/.rvm/wrappers/#{`rvm current`.strip}/iptables-web"
+    else
+      wrapper = 'iptables-web'
+    end
+
+    cron_file = File.join(config_dir, 'cron.sh')
+    say "Write file #{cron_file}"
+    File.write cron_file, <<CONFIG
+#/bin/env ruby
+#{wrapper} update
+CONFIG
+    File.chmod(0700, cron_file)
+    say "Add cronjob #{cron_file}"
+    crontab = IptablesWeb::Crontab.new(false)
+    jobs = crontab.jobs
+    jobs.reject! { |job| job.include?('.iptables-web') }
+    jobs << "*/#{update_period} * * * * #{File.join(ENV['HOME'], '.iptables-web', 'cron.sh')}"
+    crontab.save(jobs)
+
+    static_rules = File.join(config_dir, 'static_rules')
+
+    say "Create file for static rules #{static_rules}"
+    say "* * * * * * * * * * * * * * * * * * * * * * * *\n"
+    say "* You can write predefined rules to this file.\n"
+    say "* This file will be concat with rules \n"
+    say "* See 'iptables-save' format.\n"
+    say "* * * * * * * * * * * * * * * * * * * * * * * * \n"
+
+    if File.exist?(static_rules)
+      say 'File already exist!'
+    else
+      File.write static_rules, <<STATIC_RULES
+-A INPUT -i lo -j ACCEPT
+-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+# -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
+STATIC_RULES
+    end
+  end
+end
+
+command :update do |c|
+  c.syntax = 'iptables-web update'
+  c.description = 'Display bar with optional prefix and suffix'
+  c.option '--config STRING', String, 'Path to config file'
+  c.action do |args, options|
+    IptablesWeb::Configuration.load(options.config) if options.config
+    IptablesWeb::Model::Node.handshake do
+      iptables = IptablesWeb::Iptables.new
+      iptables.restore(IptablesWeb::Model::AccessRule.all)
+    end
+  end
+end

data/lib/iptables_web/configuration.rb

@@ -0,0 +1,32 @@
+require 'yaml'
+module IptablesWeb
+  class Configuration < Hash
+    attr_accessor :loaded
+    CONFIG_FILES = %W(#{ENV['HOME']}/.iptables-web/config.yml /etc/iptables-web/config.yml)
+    STATIC_RULES_FILES = %W(#{ENV['HOME']}/.iptables-web/static_rules /etc/iptables-web/static_rules)
+
+    def initialize
+      CONFIG_FILES.each do |config|
+        if load(config)
+          @loaded = true
+          break
+        end
+      end
+    end
+
+    def load(config)
+      clear
+      merge! YAML.load File.read(config) if File.exist?(config)
+    end
+
+    def self.static_rules
+      STATIC_RULES_FILES.map do |file|
+        File.exist?(file) ? File.read(file) : nil
+      end.compact.join("\n").strip
+    end
+
+    def self.config_dir
+      File.join(ENV['HOME'], '.iptables-web')
+    end
+  end
+end

data/lib/iptables_web/crontab.rb

@@ -0,0 +1,39 @@
+require 'tempfile'
+module IptablesWeb
+  class Crontab
+    include IptablesWeb::Mixin::Sudo
+
+    def jobs
+      execute('crontab -l 2> /dev/null').split("\n").reject { |l| l.empty? || l.include?('no crontab for') || l[0] == '#' }
+    end
+
+    def save(jobs)
+      lines = ["##{Time.now}"]
+      jobs.each do |job|
+        lines << job
+        lines << ''
+      end
+      file = Tempfile.new('crontab')
+      file.write lines.join("\n")
+      file.rewind
+      execute "crontab #{file.path}"
+    ensure
+      if file
+        file.close
+        file.unlink
+      end
+    end
+
+    def execute(command)
+      if is_root?
+        `sudo #{command}`
+      else
+        `#{command}`
+      end
+    end
+
+    def is_root?
+      Process.uid == 0
+    end
+  end
+end

data/lib/iptables_web/iptables.rb

@@ -0,0 +1,40 @@
+require 'tempfile'
+module IptablesWeb
+  class Iptables
+    include IptablesWeb::Mixin::Sudo
+
+    def restore(access_rules)
+      temp_file = Tempfile.new('rules')
+      puts render(access_rules)
+      temp_file.write render(access_rules)
+      temp_file.rewind
+      execute("iptables-restore -c < #{temp_file.path}")
+    ensure
+      if temp_file
+        temp_file.close
+        temp_file.unlink
+      end
+    end
+
+    def save
+      execute('iptables-save').split("\n")
+    end
+
+    def static_rules
+      IptablesWeb::Configuration.static_rules
+    end
+
+    def render(rules, name = 'filter')
+      lines = []
+      lines << "*#{name}"
+      lines << ':INPUT DROP [0:0]'
+      lines << ':FORWARD DROP [0:0]'
+      lines << ':OUTPUT ACCEPT [0:0]'
+      lines << static_rules
+      lines << Array(rules).map(&:to_s).join("\n")
+      lines << 'COMMIT'
+      lines << '#end'
+      lines.join("\n")
+    end
+  end
+end

data/lib/iptables_web/mixin/sudo.rb

@@ -0,0 +1,17 @@
+module IptablesWeb
+  module Mixin
+    module Sudo
+      def execute(command)
+        if is_root? || command.include?('sudo')
+          `#{command}`
+        else
+          `sudo #{command}`
+        end
+      end
+
+      def is_root?
+        Process.uid == 0
+      end
+    end
+  end
+end

data/lib/iptables_web/model/access_rule.rb

@@ -0,0 +1,76 @@
+module IptablesWeb
+  module Model
+    class AccessRule < Base
+      self.element_name = 'access_rule'
+
+      MAPPING = {
+        chain: 'INPUT',
+        target_chain: 'ACCEPT',
+        protocol: '-p {value}',
+        port: '--dport {value}',
+        ip: '-s {value}',
+        description: '-m comment --comment "{value}"'
+      }
+
+      def to_s
+        command = %w(-A INPUT)
+        self.attributes.each do |name, value|
+
+          case name.to_sym
+            when :port
+              next unless value
+              if value.include?(',')
+                command << '-m'
+                command << 'multiport'
+                command << '--dports'
+                command << value
+              else
+                command << '--dport'
+                command << value
+              end
+            when :ip
+              command << '-s'
+              command << value
+            when :protocol
+              command << '-p'
+              command << value
+            when :description
+              if value
+                command << '-m'
+                command << 'comment'
+                command << '--comment'
+                command <<  Shellwords.escape(value)
+              end
+            else
+              #skip
+          end
+        end
+        command << '-j'
+        command << 'ACCEPT'
+        command.join(' ')
+        # -A INPUT -s 88.150.233.48/29 -p tcp -m tcp --dport 9200 -j ACCEPT
+      end
+
+      def mapping(parameter)
+
+      end
+    end
+  end
+end
+
+# *filter
+# :INPUT ACCEPT [217626552:31573175391]
+# :FORWARD ACCEPT [0:0]
+# :OUTPUT ACCEPT [1334268962:861811554534]
+# -A INPUT -s 88.150.233.48/29 -p tcp -m tcp --dport 9200 -j ACCEPT
+# -A INPUT -s 88.150.213.250/32 -p tcp -m tcp --dport 9200 -j ACCEPT
+# -A INPUT -s 127.0.0.1/32 -p tcp -m tcp --dport 9200 -j ACCEPT
+# -A INPUT -s 37.220.8.122/32 -p tcp -m tcp --dport 9200 -j ACCEPT
+# -A INPUT -p tcp -m tcp --dport 9200 -j DROP
+# -A INPUT -s 88.150.233.48/29 -p tcp -m tcp --dport 9300 -j ACCEPT
+# -A INPUT -s 88.150.213.250/32 -p tcp -m tcp --dport 9300 -j ACCEPT
+# -A INPUT -p tcp -m tcp --dport 9300 -j DROP
+# -A INPUT -s 193.105.70.192/29 -p tcp -m tcp --dport 22 -j ACCEPT
+# -A INPUT -s 92.60.190.109/32 -p tcp -m tcp --dport 22 -j ACCEPT
+# -A INPUT -p tcp -m tcp --dport 22 -j DROP
+# COMMIT

data/lib/iptables_web/model/base.rb

@@ -0,0 +1,11 @@
+require 'active_resource'
+module IptablesWeb
+  module Model
+    class Base < ActiveResource::Base
+      def self.configure(config)
+        self.site = "#{config['api_base_url']}/api"
+        headers['X-Node-Access-Token'] = config['access_token']
+      end
+    end
+  end
+end

data/lib/iptables_web/model/node.rb

@@ -0,0 +1,42 @@
+module IptablesWeb
+  module Model
+    class Node < Base
+      self.element_name = 'node'
+      self.include_root_in_json = true
+
+      def self.handshake
+        node = find('current')
+        node.ips = []
+        System.get_ifaddrs.each do |interface, config|
+          next if interface.to_s.include?('lo')
+          node.ips.push({
+            interface: interface,
+            ip: config[:inet_addr],
+            netmask: config[:netmask]
+          })
+        end
+        node.hostname = `hostname -f`
+        if node.save && block_given?
+          yield
+        end
+      end
+    end
+  end
+end
+
+# *filter
+# :INPUT ACCEPT [217626552:31573175391]
+# :FORWARD ACCEPT [0:0]
+# :OUTPUT ACCEPT [1334268962:861811554534]
+# -A INPUT -s 88.150.233.48/29 -p tcp -m tcp --dport 9200 -j ACCEPT
+# -A INPUT -s 88.150.213.250/32 -p tcp -m tcp --dport 9200 -j ACCEPT
+# -A INPUT -s 127.0.0.1/32 -p tcp -m tcp --dport 9200 -j ACCEPT
+# -A INPUT -s 37.220.8.122/32 -p tcp -m tcp --dport 9200 -j ACCEPT
+# -A INPUT -p tcp -m tcp --dport 9200 -j DROP
+# -A INPUT -s 88.150.233.48/29 -p tcp -m tcp --dport 9300 -j ACCEPT
+# -A INPUT -s 88.150.213.250/32 -p tcp -m tcp --dport 9300 -j ACCEPT
+# -A INPUT -p tcp -m tcp --dport 9300 -j DROP
+# -A INPUT -s 193.105.70.192/29 -p tcp -m tcp --dport 22 -j ACCEPT
+# -A INPUT -s 92.60.190.109/32 -p tcp -m tcp --dport 22 -j ACCEPT
+# -A INPUT -p tcp -m tcp --dport 22 -j DROP
+# COMMIT

data/lib/iptables_web/version.rb

@@ -0,0 +1,3 @@
+module IptablesWeb
+  VERSION = "0.1.0"
+end

data/lib/iptables_web.rb

@@ -0,0 +1,26 @@
+require 'iptables_web/version'
+require 'iptables_web/configuration'
+require 'iptables_web/mixin/sudo'
+require 'iptables_web/model/base'
+require 'iptables_web/model/access_rule'
+require 'iptables_web/model/node'
+require 'iptables_web/crontab'
+require 'iptables_web/iptables'
+
+module IptablesWeb
+  class << self
+    attr_accessor :configuration
+    def configuration
+      self.configuration = Configuration.new unless @configuration
+      @configuration
+    end
+
+    def configuration=(config)
+      @configuration = config
+      IptablesWeb::Model::Base.configure(config)
+      @configuration
+    end
+  end
+end
+
+IptablesWeb.configuration =  IptablesWeb::Configuration.new #set default configuration

metadata

@@ -0,0 +1,127 @@
+--- !ruby/object:Gem::Specification
+name: iptables-web
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- NikolayMurga
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2014-11-06 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: system-getifaddrs
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.2.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.2.0
+- !ruby/object:Gem::Dependency
+  name: activeresource
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 4.0.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 4.0.0
+- !ruby/object:Gem::Dependency
+  name: commander
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 4.0.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 4.0.0
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.6'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.6'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Write a longer description. Optional.
+email:
+- nikolay.m@randrmusic.com
+executables:
+- iptables-web
+extensions: []
+extra_rdoc_files: []
+files:
+- LICENSE.txt
+- README.md
+- bin/iptables-web
+- lib/iptables_web.rb
+- lib/iptables_web/configuration.rb
+- lib/iptables_web/crontab.rb
+- lib/iptables_web/iptables.rb
+- lib/iptables_web/mixin/sudo.rb
+- lib/iptables_web/model/access_rule.rb
+- lib/iptables_web/model/base.rb
+- lib/iptables_web/model/node.rb
+- lib/iptables_web/version.rb
+homepage: ''
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.2.2
+signing_key: 
+specification_version: 4
+summary: Write a short summary. Required.
+test_files: []