iptables-web 0.2.1 → 0.2.2.pre
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/bin/iptables-web +6 -3
- data/lib/iptables_web/configuration.rb +6 -1
- data/lib/iptables_web/iptables.rb +10 -5
- data/lib/iptables_web/model/node.rb +0 -17
- data/lib/iptables_web/version.rb +1 -1
- metadata +5 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 795d6acb81a448ae23ed901a6d75d84a3a6fddff
|
|
4
|
+
data.tar.gz: 9981243b1b2aca571c4bc4aef5b4c765d32f4c4e
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 2c60142651eec3170f3236a7fa788b0dea6c5e736097a409d492c7b345b014932204149c14005647beaeb7c6e25789c571aeaab2bc25495a823e79a7c3317b41
|
|
7
|
+
data.tar.gz: 55aa35c092dd33f4a8ffd53813f59bd025067f491705327df869846b8e002a6870e9e46bcd0cff7dc3a2333548dc2dd2d7c7c0dcb35edcf0ab4f9d302e818598
|
data/bin/iptables-web
CHANGED
|
@@ -60,10 +60,12 @@ CONFIG
|
|
|
60
60
|
say 'File already exist!'
|
|
61
61
|
else
|
|
62
62
|
File.write static_rules, <<STATIC_RULES
|
|
63
|
+
*filter
|
|
63
64
|
-A INPUT -i lo -j ACCEPT
|
|
64
65
|
-A FORWARD -i lo -j ACCEPT
|
|
65
66
|
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
|
|
66
67
|
-A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
|
|
68
|
+
COMMIT
|
|
67
69
|
STATIC_RULES
|
|
68
70
|
end
|
|
69
71
|
end
|
|
@@ -75,8 +77,9 @@ command :update do |c|
|
|
|
75
77
|
c.option '--config STRING', String, 'Path to config file'
|
|
76
78
|
c.option '--print', 'Show rules without restoring'
|
|
77
79
|
c.action do |_, options|
|
|
78
|
-
IptablesWeb
|
|
79
|
-
IptablesWeb
|
|
80
|
+
IptablesWeb.configuration.load(options.config) if options.config
|
|
81
|
+
puts IptablesWeb.configuration
|
|
82
|
+
# IptablesWeb::Model::Node.handshake do
|
|
80
83
|
rules = IptablesWeb::Model::AccessRule.all
|
|
81
84
|
iptables = IptablesWeb::Iptables.new
|
|
82
85
|
if options.print
|
|
@@ -84,6 +87,6 @@ command :update do |c|
|
|
|
84
87
|
else
|
|
85
88
|
iptables.restore(rules)
|
|
86
89
|
end
|
|
87
|
-
end
|
|
90
|
+
# end
|
|
88
91
|
end
|
|
89
92
|
end
|
|
@@ -20,9 +20,14 @@ module IptablesWeb
|
|
|
20
20
|
end
|
|
21
21
|
|
|
22
22
|
def self.static_rules
|
|
23
|
-
STATIC_RULES_FILES.map do |file|
|
|
23
|
+
rules = STATIC_RULES_FILES.map do |file|
|
|
24
24
|
File.exist?(file) ? File.read(file) : nil
|
|
25
25
|
end.compact.join("\n").strip
|
|
26
|
+
rules.scan(/\*([a-z]+)(.*?)COMMIT/m).each_with_object({}) do |r, obj|
|
|
27
|
+
chain = r[0]
|
|
28
|
+
obj[chain] ||= []
|
|
29
|
+
obj[chain] = obj[chain] | r[1].split("\n")
|
|
30
|
+
end
|
|
26
31
|
end
|
|
27
32
|
|
|
28
33
|
def self.config_dir
|
|
@@ -23,17 +23,22 @@ module IptablesWeb
|
|
|
23
23
|
IptablesWeb::Configuration.static_rules
|
|
24
24
|
end
|
|
25
25
|
|
|
26
|
-
def render(rules
|
|
26
|
+
def render(rules)
|
|
27
|
+
static_rules = self.static_rules
|
|
27
28
|
lines = []
|
|
28
|
-
lines <<
|
|
29
|
+
lines << '*filter'
|
|
29
30
|
lines << ':INPUT DROP [0:0]'
|
|
30
31
|
lines << ':FORWARD ACCEPT [0:0]'
|
|
31
32
|
lines << ':OUTPUT ACCEPT [0:0]'
|
|
32
|
-
lines << static_rules
|
|
33
|
+
lines << static_rules.delete('filter')
|
|
33
34
|
lines << Array(rules).map(&:to_s).join("\n")
|
|
34
35
|
lines << 'COMMIT'
|
|
35
|
-
|
|
36
|
-
|
|
36
|
+
static_rules.each do |chain, sub_rules|
|
|
37
|
+
lines << "*#{chain}"
|
|
38
|
+
lines << sub_rules.join("\n")
|
|
39
|
+
lines << 'COMMIT'
|
|
40
|
+
end
|
|
41
|
+
lines.join("\n").gsub(/^\s*/, '')
|
|
37
42
|
end
|
|
38
43
|
end
|
|
39
44
|
end
|
|
@@ -24,20 +24,3 @@ module IptablesWeb
|
|
|
24
24
|
end
|
|
25
25
|
end
|
|
26
26
|
end
|
|
27
|
-
|
|
28
|
-
# *filter
|
|
29
|
-
# :INPUT ACCEPT [217626552:31573175391]
|
|
30
|
-
# :FORWARD ACCEPT [0:0]
|
|
31
|
-
# :OUTPUT ACCEPT [1334268962:861811554534]
|
|
32
|
-
# -A INPUT -s 88.150.233.48/29 -p tcp -m tcp --dport 9200 -j ACCEPT
|
|
33
|
-
# -A INPUT -s 88.150.213.250/32 -p tcp -m tcp --dport 9200 -j ACCEPT
|
|
34
|
-
# -A INPUT -s 127.0.0.1/32 -p tcp -m tcp --dport 9200 -j ACCEPT
|
|
35
|
-
# -A INPUT -s 37.220.8.122/32 -p tcp -m tcp --dport 9200 -j ACCEPT
|
|
36
|
-
# -A INPUT -p tcp -m tcp --dport 9200 -j DROP
|
|
37
|
-
# -A INPUT -s 88.150.233.48/29 -p tcp -m tcp --dport 9300 -j ACCEPT
|
|
38
|
-
# -A INPUT -s 88.150.213.250/32 -p tcp -m tcp --dport 9300 -j ACCEPT
|
|
39
|
-
# -A INPUT -p tcp -m tcp --dport 9300 -j DROP
|
|
40
|
-
# -A INPUT -s 193.105.70.192/29 -p tcp -m tcp --dport 22 -j ACCEPT
|
|
41
|
-
# -A INPUT -s 92.60.190.109/32 -p tcp -m tcp --dport 22 -j ACCEPT
|
|
42
|
-
# -A INPUT -p tcp -m tcp --dport 22 -j DROP
|
|
43
|
-
# COMMIT
|
data/lib/iptables_web/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: iptables-web
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.2.
|
|
4
|
+
version: 0.2.2.pre
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- NikolayMurga
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2015-07-10 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: system-getifaddrs
|
|
@@ -115,12 +115,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
115
115
|
version: '0'
|
|
116
116
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
117
117
|
requirements:
|
|
118
|
-
- - '
|
|
118
|
+
- - '>'
|
|
119
119
|
- !ruby/object:Gem::Version
|
|
120
|
-
version:
|
|
120
|
+
version: 1.3.1
|
|
121
121
|
requirements: []
|
|
122
122
|
rubyforge_project:
|
|
123
|
-
rubygems_version: 2.4.
|
|
123
|
+
rubygems_version: 2.4.6
|
|
124
124
|
signing_key:
|
|
125
125
|
specification_version: 4
|
|
126
126
|
summary: Write a short summary. Required.
|