iptables-web 0.1.0 → 0.2.0.beta1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/bin/iptables-web +9 -3
- data/lib/iptables_web/iptables.rb +0 -1
- data/lib/iptables_web/model/access_rule.rb +37 -40
- data/lib/iptables_web/model/node.rb +1 -1
- data/lib/iptables_web/version.rb +1 -1
- data/lib/iptables_web.rb +1 -0
- metadata +5 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d1617382a4273d74b32143e069ed9ceec430a890
|
|
4
|
+
data.tar.gz: 183bebac53e65517e71674382e4300d1d3e29d60
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 4130032a62a91def785039cad41784b5de812183f4b9937315e267592bb48cde769351f3f52b1bbb97504f6e3a0bb0a5892b079fec0b3b44e5985928bd70111c
|
|
7
|
+
data.tar.gz: 6b316ef4967f98cc6b5b87b1a874375a677b3aa041fee4bd2f0f1a0ad7a3b9d5d61092b079bacbb9052830a63cc6d7c2066c7835caf47c662ea5e5092ad312ac
|
data/bin/iptables-web
CHANGED
|
@@ -71,11 +71,17 @@ command :update do |c|
|
|
|
71
71
|
c.syntax = 'iptables-web update'
|
|
72
72
|
c.description = 'Display bar with optional prefix and suffix'
|
|
73
73
|
c.option '--config STRING', String, 'Path to config file'
|
|
74
|
-
c.
|
|
74
|
+
c.option '--print', 'Show rules without restoring'
|
|
75
|
+
c.action do |_, options|
|
|
75
76
|
IptablesWeb::Configuration.load(options.config) if options.config
|
|
76
77
|
IptablesWeb::Model::Node.handshake do
|
|
77
|
-
|
|
78
|
-
|
|
78
|
+
rules = IptablesWeb::Model::AccessRule.all
|
|
79
|
+
if options.print
|
|
80
|
+
say rules.map(&:to_s).join("\n")
|
|
81
|
+
else
|
|
82
|
+
iptables = IptablesWeb::Iptables.new
|
|
83
|
+
iptables.restore(rules)
|
|
84
|
+
end
|
|
79
85
|
end
|
|
80
86
|
end
|
|
81
87
|
end
|
|
@@ -1,53 +1,50 @@
|
|
|
1
|
+
require 'shellwords'
|
|
1
2
|
module IptablesWeb
|
|
2
3
|
module Model
|
|
3
4
|
class AccessRule < Base
|
|
4
5
|
self.element_name = 'access_rule'
|
|
5
6
|
|
|
6
|
-
|
|
7
|
-
chain: 'INPUT',
|
|
8
|
-
target_chain: 'ACCEPT',
|
|
9
|
-
protocol: '-p {value}',
|
|
10
|
-
port: '--dport {value}',
|
|
11
|
-
ip: '-s {value}',
|
|
12
|
-
description: '-m comment --comment "{value}"'
|
|
13
|
-
}
|
|
7
|
+
SUPPORTED_PROTOCOLS = %w(tcp udp)
|
|
14
8
|
|
|
15
9
|
def to_s
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
10
|
+
protocols = protocol.to_s.downcase == 'all' ? SUPPORTED_PROTOCOLS : [protocol]
|
|
11
|
+
protocols.map do |protocol|
|
|
12
|
+
command = %w(-A INPUT)
|
|
13
|
+
self.attributes.each do |name, value|
|
|
14
|
+
case name.to_sym
|
|
15
|
+
when :port
|
|
16
|
+
next if value.to_s.empty? || !value
|
|
17
|
+
if value.include?(',')
|
|
18
|
+
command << '-m'
|
|
19
|
+
command << 'multiport'
|
|
20
|
+
command << '--dports'
|
|
21
|
+
command << value
|
|
22
|
+
else
|
|
23
|
+
command << '--dport'
|
|
24
|
+
command << value
|
|
25
|
+
end
|
|
26
|
+
when :ip
|
|
27
|
+
command << '-s'
|
|
26
28
|
command << value
|
|
29
|
+
when :protocol
|
|
30
|
+
next unless protocol
|
|
31
|
+
command << '-p'
|
|
32
|
+
command << protocol
|
|
33
|
+
when :description
|
|
34
|
+
if value
|
|
35
|
+
command << '-m'
|
|
36
|
+
command << 'comment'
|
|
37
|
+
command << '--comment'
|
|
38
|
+
command << ::Shellwords.escape(value)
|
|
39
|
+
end
|
|
27
40
|
else
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
end
|
|
31
|
-
when :ip
|
|
32
|
-
command << '-s'
|
|
33
|
-
command << value
|
|
34
|
-
when :protocol
|
|
35
|
-
command << '-p'
|
|
36
|
-
command << value
|
|
37
|
-
when :description
|
|
38
|
-
if value
|
|
39
|
-
command << '-m'
|
|
40
|
-
command << 'comment'
|
|
41
|
-
command << '--comment'
|
|
42
|
-
command << Shellwords.escape(value)
|
|
43
|
-
end
|
|
44
|
-
else
|
|
45
|
-
#skip
|
|
41
|
+
#skip
|
|
42
|
+
end
|
|
46
43
|
end
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
44
|
+
command << '-j'
|
|
45
|
+
command << 'ACCEPT'
|
|
46
|
+
command.join(' ')
|
|
47
|
+
end.join("\n")
|
|
51
48
|
# -A INPUT -s 88.150.233.48/29 -p tcp -m tcp --dport 9200 -j ACCEPT
|
|
52
49
|
end
|
|
53
50
|
|
|
@@ -7,7 +7,7 @@ module IptablesWeb
|
|
|
7
7
|
def self.handshake
|
|
8
8
|
node = find('current')
|
|
9
9
|
node.ips = []
|
|
10
|
-
System.get_ifaddrs.each do |interface, config|
|
|
10
|
+
::System.get_ifaddrs.each do |interface, config|
|
|
11
11
|
next if interface.to_s.include?('lo')
|
|
12
12
|
node.ips.push({
|
|
13
13
|
interface: interface,
|
data/lib/iptables_web/version.rb
CHANGED
data/lib/iptables_web.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: iptables-web
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.2.0.beta1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- NikolayMurga
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2014-
|
|
11
|
+
date: 2014-12-17 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: system-getifaddrs
|
|
@@ -115,12 +115,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
115
115
|
version: '0'
|
|
116
116
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
117
117
|
requirements:
|
|
118
|
-
- - '
|
|
118
|
+
- - '>'
|
|
119
119
|
- !ruby/object:Gem::Version
|
|
120
|
-
version:
|
|
120
|
+
version: 1.3.1
|
|
121
121
|
requirements: []
|
|
122
122
|
rubyforge_project:
|
|
123
|
-
rubygems_version: 2.
|
|
123
|
+
rubygems_version: 2.4.5
|
|
124
124
|
signing_key:
|
|
125
125
|
specification_version: 4
|
|
126
126
|
summary: Write a short summary. Required.
|