iptables-web 0.3.0 → 0.3.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/bin/iptables-web +3 -97
- data/lib/iptables_web.rb +12 -14
- data/lib/iptables_web/cli.rb +38 -0
- data/lib/iptables_web/cli/command/install.rb +73 -0
- data/lib/iptables_web/cli/command/update.rb +46 -0
- data/lib/iptables_web/cli/import.rb +8 -0
- data/lib/iptables_web/cli/logged_output.rb +24 -0
- data/lib/iptables_web/cli/pid_file.rb +65 -0
- data/lib/iptables_web/configuration.rb +149 -27
- data/lib/iptables_web/iptables.rb +29 -11
- data/lib/iptables_web/model/base.rb +8 -3
- data/lib/iptables_web/model/node.rb +24 -15
- data/lib/iptables_web/version.rb +1 -1
- metadata +28 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 16475aa736b21d189399f8b3c85279cfe14e6fe7
|
4
|
+
data.tar.gz: 9a726d97f74ce4611a3d25731ce82a94ed2a9983
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: b7f4461010b110bcebafec026d25dfd00ff1562ba2100eb6a88c0b5486266d5132eaed67277fda8134a616262c6815c1cb9605289bc659e119cfd4a15d719921
|
7
|
+
data.tar.gz: 5d6d6e84c2cf422f622a8cd8ab7e182f32f2791844f1fcce2186ccbd0acd9fc8ad1e2da5bc94517bb856cc710a0d27e1c659e79cd2418738a4a7457792da3f82
|
data/bin/iptables-web
CHANGED
@@ -1,100 +1,6 @@
|
|
1
1
|
#!/usr/bin/env ruby
|
2
|
-
|
2
|
+
|
3
3
|
require 'system/getifaddrs'
|
4
4
|
require 'iptables_web'
|
5
|
-
|
6
|
-
|
7
|
-
program :version, IptablesWeb::VERSION
|
8
|
-
program :description, 'Update iptables '
|
9
|
-
default_command :update
|
10
|
-
command :install do |c|
|
11
|
-
c.syntax = 'iptables-web install'
|
12
|
-
c.description = 'Displays foo'
|
13
|
-
c.option '--force', 'Force config '
|
14
|
-
c.action do |args, options|
|
15
|
-
config = IptablesWeb::Configuration.new
|
16
|
-
api_url = ask('Api base url: ') { |q| q.default = config['api_base_url'] }
|
17
|
-
token = ask('Access token: ') { |q| q.default = config['access_token'] }
|
18
|
-
update_period = ask('Update every [min]', Integer) { |q| q.default = 1; q.in = 0..59 }
|
19
|
-
config_dir = IptablesWeb::Configuration.config_dir
|
20
|
-
unless File.exist?(config_dir)
|
21
|
-
say "Create config directory: #{config_dir}"
|
22
|
-
Dir.mkdir(config_dir)
|
23
|
-
end
|
24
|
-
config_file = File.join(config_dir, 'config.yml')
|
25
|
-
say "Write config to #{config_file}"
|
26
|
-
File.write config_file, <<CONFIG
|
27
|
-
api_base_url: #{api_url}
|
28
|
-
access_token: #{token}
|
29
|
-
CONFIG
|
30
|
-
if system("LANG=C bash -l -c \"type rvm | cat | head -1 | grep -q '^rvm is a function$'\"")
|
31
|
-
wrapper = "#{ENV['HOME']}/.rvm/wrappers/#{`rvm current`.strip}/iptables-web"
|
32
|
-
else
|
33
|
-
wrapper = 'iptables-web'
|
34
|
-
end
|
35
|
-
|
36
|
-
cron_file = File.join(config_dir, 'cron.sh')
|
37
|
-
say "Write file #{cron_file}"
|
38
|
-
File.write cron_file, <<CONFIG
|
39
|
-
#/bin/env ruby
|
40
|
-
#{wrapper} update
|
41
|
-
CONFIG
|
42
|
-
File.chmod(0700, cron_file)
|
43
|
-
say "Add cronjob #{cron_file}"
|
44
|
-
crontab = IptablesWeb::Crontab.new(false)
|
45
|
-
jobs = crontab.jobs
|
46
|
-
jobs.reject! { |job| job.include?('.iptables-web') }
|
47
|
-
jobs << "*/#{update_period} * * * * #{File.join(ENV['HOME'], '.iptables-web', 'cron.sh')}"
|
48
|
-
crontab.save(jobs)
|
49
|
-
|
50
|
-
static_rules = File.join(config_dir, 'static_rules')
|
51
|
-
|
52
|
-
say "Create file for static rules #{static_rules}"
|
53
|
-
say "* * * * * * * * * * * * * * * * * * * * * * * *\n"
|
54
|
-
say "* You can write predefined rules to this file.\n"
|
55
|
-
say "* This file will be concat with rules \n"
|
56
|
-
say "* See 'iptables-save' format.\n"
|
57
|
-
say "* * * * * * * * * * * * * * * * * * * * * * * * \n"
|
58
|
-
|
59
|
-
if File.exist?(static_rules) && !options.force
|
60
|
-
say 'File already exist!'
|
61
|
-
else
|
62
|
-
File.write static_rules, <<STATIC_RULES
|
63
|
-
*filter
|
64
|
-
-A INPUT -i lo -j ACCEPT
|
65
|
-
-A FORWARD -i lo -j ACCEPT
|
66
|
-
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
|
67
|
-
-A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
|
68
|
-
COMMIT
|
69
|
-
STATIC_RULES
|
70
|
-
end
|
71
|
-
end
|
72
|
-
end
|
73
|
-
|
74
|
-
command :update do |c|
|
75
|
-
c.syntax = 'iptables-web update'
|
76
|
-
c.description = 'Display bar with optional prefix and suffix'
|
77
|
-
c.option '--config STRING', String, 'Path to config file'
|
78
|
-
c.option '--print', 'Show rules without restoring'
|
79
|
-
c.option '--force', 'Set rules omit checksum check'
|
80
|
-
c.action do |_, options|
|
81
|
-
IptablesWeb.configuration.load(options.config) if options.config
|
82
|
-
IptablesWeb::Model::Node.handshake do
|
83
|
-
rules = IptablesWeb::Model::AccessRule.all
|
84
|
-
iptables = IptablesWeb::Iptables.new
|
85
|
-
last_checksum = rules.response.headers[:etag].first
|
86
|
-
if options.print
|
87
|
-
say "Loading rules from #{IptablesWeb.configuration['api_base_url']}"
|
88
|
-
say 'Nothing changed.' if IptablesWeb::Configuration.checksum?(last_checksum)
|
89
|
-
say iptables.render(rules)
|
90
|
-
else
|
91
|
-
if IptablesWeb::Configuration.checksum?(rules.response.headers[:etag].first) && !options.force
|
92
|
-
say 'Skip iptables update. Nothing changed.'
|
93
|
-
else
|
94
|
-
iptables.restore(rules)
|
95
|
-
IptablesWeb::Configuration.checksum = last_checksum
|
96
|
-
end
|
97
|
-
end
|
98
|
-
end
|
99
|
-
end
|
100
|
-
end
|
5
|
+
require 'iptables_web/cli'
|
6
|
+
IptablesWeb::Cli.new if $0 == __FILE__
|
data/lib/iptables_web.rb
CHANGED
@@ -1,3 +1,4 @@
|
|
1
|
+
|
1
2
|
require 'iptables_web/version'
|
2
3
|
require 'iptables_web/configuration'
|
3
4
|
require 'system/getifaddrs'
|
@@ -8,20 +9,17 @@ require 'iptables_web/model/node'
|
|
8
9
|
require 'iptables_web/crontab'
|
9
10
|
require 'iptables_web/iptables'
|
10
11
|
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
12
|
+
require 'commander'
|
13
|
+
require 'iptables_web/cli/command/install'
|
14
|
+
require 'iptables_web/cli/command/update'
|
15
|
+
require 'iptables_web/cli/logged_output'
|
16
|
+
require 'iptables_web/cli/import'
|
17
|
+
require 'iptables_web/cli'
|
18
|
+
|
18
19
|
|
19
|
-
|
20
|
-
|
21
|
-
IptablesWeb::Model::Base.configure(config)
|
22
|
-
@configuration
|
23
|
-
end
|
24
|
-
end
|
20
|
+
module IptablesWeb
|
21
|
+
extend Configuration
|
25
22
|
end
|
26
23
|
|
27
|
-
IptablesWeb.
|
24
|
+
IptablesWeb.reload
|
25
|
+
|
@@ -0,0 +1,38 @@
|
|
1
|
+
require 'commander'
|
2
|
+
|
3
|
+
module IptablesWeb
|
4
|
+
class Cli
|
5
|
+
attr_reader :output
|
6
|
+
include ::Commander::Methods
|
7
|
+
include IptablesWeb::Cli::Command::Install
|
8
|
+
include IptablesWeb::Cli::Command::Update
|
9
|
+
|
10
|
+
def initialize
|
11
|
+
program :name, 'Iptables Web Client'
|
12
|
+
program :version, IptablesWeb::VERSION
|
13
|
+
program :description, 'Desc'
|
14
|
+
default_command :update
|
15
|
+
|
16
|
+
global_option('--config FILE', 'Configuration file') do |config|
|
17
|
+
IptablesWeb.config_path = config
|
18
|
+
IptablesWeb.reload
|
19
|
+
end
|
20
|
+
|
21
|
+
global_option('--log_file FILE', 'Log file path') do |log_path|
|
22
|
+
IptablesWeb.log_path = log_path
|
23
|
+
end
|
24
|
+
|
25
|
+
global_option('--host URL', 'Server base url') do |server_base_url|
|
26
|
+
IptablesWeb.api_base_url = server_base_url
|
27
|
+
end
|
28
|
+
|
29
|
+
global_option('--token TOKEN', 'Server base url') do |access_token|
|
30
|
+
IptablesWeb.access_token = access_token
|
31
|
+
end
|
32
|
+
|
33
|
+
install_command
|
34
|
+
update_command
|
35
|
+
run!
|
36
|
+
end
|
37
|
+
end
|
38
|
+
end
|
@@ -0,0 +1,73 @@
|
|
1
|
+
module IptablesWeb
|
2
|
+
class Cli
|
3
|
+
module Command
|
4
|
+
module Install
|
5
|
+
def install_command
|
6
|
+
command :install do |c|
|
7
|
+
c.syntax = 'iptables-web install'
|
8
|
+
c.description = 'Displays foo'
|
9
|
+
c.option '--force', 'Force config '
|
10
|
+
c.action do |args, options|
|
11
|
+
config = IptablesWeb::Configuration.new
|
12
|
+
api_url = ask('Api base url: ') { |q| q.default = config['api_base_url'] }
|
13
|
+
token = ask('Access token: ') { |q| q.default = config['access_token'] }
|
14
|
+
update_period = ask('Update every [min]', Integer) { |q| q.default = 1; q.in = 0..59 }
|
15
|
+
config_dir = IptablesWeb::Configuration.config_dir
|
16
|
+
unless File.exist?(config_dir)
|
17
|
+
say "Create config directory: #{config_dir}"
|
18
|
+
Dir.mkdir(config_dir)
|
19
|
+
end
|
20
|
+
config_file = File.join(config_dir, 'config.yml')
|
21
|
+
say "Write config to #{config_file}"
|
22
|
+
File.write config_file, <<CONFIG
|
23
|
+
api_base_url: #{api_url}
|
24
|
+
access_token: #{token}
|
25
|
+
CONFIG
|
26
|
+
if system("LANG=C bash -l -c \"type rvm | cat | head -1 | grep -q '^rvm is a function$'\"")
|
27
|
+
wrapper = "#{ENV['HOME']}/.rvm/wrappers/#{`rvm current`.strip}/iptables-web"
|
28
|
+
else
|
29
|
+
wrapper = 'iptables-web'
|
30
|
+
end
|
31
|
+
|
32
|
+
cron_file = File.join(config_dir, 'cron.sh')
|
33
|
+
say "Write file #{cron_file}"
|
34
|
+
File.write cron_file, <<CONFIG
|
35
|
+
#/bin/env ruby
|
36
|
+
#{wrapper} update
|
37
|
+
CONFIG
|
38
|
+
File.chmod(0700, cron_file)
|
39
|
+
say "Add cronjob #{cron_file}"
|
40
|
+
crontab = IptablesWeb::Crontab.new(false)
|
41
|
+
jobs = crontab.jobs
|
42
|
+
jobs.reject! { |job| job.include?('.iptables-web') }
|
43
|
+
jobs << "*/#{update_period} * * * * #{File.join(ENV['HOME'], '.iptables-web', 'cron.sh')}"
|
44
|
+
crontab.save(jobs)
|
45
|
+
|
46
|
+
static_rules = File.join(config_dir, 'static_rules')
|
47
|
+
|
48
|
+
say "Create file for static rules #{static_rules}"
|
49
|
+
say "* * * * * * * * * * * * * * * * * * * * * * * *\n"
|
50
|
+
say "* You can write predefined rules to this file.\n"
|
51
|
+
say "* This file will be concat with rules \n"
|
52
|
+
say "* See 'iptables-save' format.\n"
|
53
|
+
say "* * * * * * * * * * * * * * * * * * * * * * * * \n"
|
54
|
+
|
55
|
+
if File.exist?(static_rules) && !options.force
|
56
|
+
say 'File already exist!'
|
57
|
+
else
|
58
|
+
File.write static_rules, <<STATIC_RULES
|
59
|
+
*filter
|
60
|
+
-A INPUT -i lo -j ACCEPT
|
61
|
+
-A FORWARD -i lo -j ACCEPT
|
62
|
+
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
|
63
|
+
-A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
|
64
|
+
COMMIT
|
65
|
+
STATIC_RULES
|
66
|
+
end
|
67
|
+
end
|
68
|
+
end
|
69
|
+
end
|
70
|
+
end
|
71
|
+
end
|
72
|
+
end
|
73
|
+
end
|
@@ -0,0 +1,46 @@
|
|
1
|
+
require 'iptables_web/cli/pid_file'
|
2
|
+
module IptablesWeb
|
3
|
+
class Cli
|
4
|
+
module Command
|
5
|
+
module Update
|
6
|
+
def update_command
|
7
|
+
command :update do |c|
|
8
|
+
c.syntax = 'iptables-web update'
|
9
|
+
c.description = 'Display bar with optional prefix and suffix'
|
10
|
+
c.option '--config STRING', String, 'Path to config file'
|
11
|
+
c.option '--print', 'Show rules without restoring'
|
12
|
+
c.option '--force', 'Set rules omit checksum check'
|
13
|
+
c.action do |_, options|
|
14
|
+
begin
|
15
|
+
|
16
|
+
IptablesWeb.configuration.load(options.config) if options.config
|
17
|
+
logged_say "Use iptables server #{IptablesWeb.api_base_url}"
|
18
|
+
IptablesWeb.pid_file do
|
19
|
+
IptablesWeb::Model::Node.handshake do
|
20
|
+
rules = IptablesWeb::Model::AccessRule.all
|
21
|
+
iptables = IptablesWeb::Iptables.new
|
22
|
+
last_checksum = rules.response.headers[:etag].first
|
23
|
+
if options.print
|
24
|
+
logged_say 'Nothing changed.' if IptablesWeb.checksum?(last_checksum)
|
25
|
+
say iptables.render(rules)
|
26
|
+
else
|
27
|
+
if IptablesWeb.checksum?(rules.response.headers[:etag].first) && !options.force
|
28
|
+
logged_say 'Skip iptables update. Nothing changed.'
|
29
|
+
else
|
30
|
+
iptables.restore(rules)
|
31
|
+
IptablesWeb.checksum = last_checksum
|
32
|
+
end
|
33
|
+
end
|
34
|
+
end
|
35
|
+
end
|
36
|
+
rescue Exception => e
|
37
|
+
logged_say(e.message)
|
38
|
+
logged_say(e.backtrace.join("\n"))
|
39
|
+
end
|
40
|
+
end
|
41
|
+
end
|
42
|
+
end
|
43
|
+
end
|
44
|
+
end
|
45
|
+
end
|
46
|
+
end
|
@@ -0,0 +1,24 @@
|
|
1
|
+
module IptablesWeb
|
2
|
+
class Cli
|
3
|
+
class LoggedOutput < ::HighLine
|
4
|
+
def logger
|
5
|
+
@logger ||= begin
|
6
|
+
logfile = IptablesWeb::log_path
|
7
|
+
say("Open log file #{logfile}")
|
8
|
+
logger =::Logger.new(logfile)
|
9
|
+
logger.formatter = ::Logger::Formatter.new
|
10
|
+
logger
|
11
|
+
end
|
12
|
+
end
|
13
|
+
|
14
|
+
def reset
|
15
|
+
@logger = nil
|
16
|
+
end
|
17
|
+
|
18
|
+
def logged_say(message, log_level = Logger::INFO)
|
19
|
+
logger.log(log_level, message) if logger
|
20
|
+
say(message)
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
@@ -0,0 +1,65 @@
|
|
1
|
+
module IptablesWeb
|
2
|
+
class Cli
|
3
|
+
class PidFile
|
4
|
+
|
5
|
+
def initialize(pidfile_path)
|
6
|
+
@pidfile = pidfile_path
|
7
|
+
end
|
8
|
+
|
9
|
+
def create
|
10
|
+
raise AnotherLaunched.new("Another process with #{pid} already launched!") if another_exist?
|
11
|
+
logged_say("Create pidfile #{self} for pid #{Process.pid}")
|
12
|
+
logged_say("Grab pidfile #{self} for pid #{Process.pid} due process #{pid} is down.") if other?
|
13
|
+
File.open(@pidfile, 'w') do |file|
|
14
|
+
file.write(Process.pid)
|
15
|
+
end
|
16
|
+
pid
|
17
|
+
end
|
18
|
+
|
19
|
+
def delete
|
20
|
+
raise AnotherLaunched.new("Delete error. Another process with #{pid} already launched!") if another_exist?
|
21
|
+
logged_say("Delete pidfile #{self} for pid #{pid}")
|
22
|
+
File.unlink(@pidfile) if exist?
|
23
|
+
end
|
24
|
+
|
25
|
+
def pid
|
26
|
+
if exist?
|
27
|
+
File.read(@pidfile).to_i
|
28
|
+
else
|
29
|
+
0
|
30
|
+
end
|
31
|
+
end
|
32
|
+
|
33
|
+
def another_exist?
|
34
|
+
process_exist? && other?
|
35
|
+
end
|
36
|
+
|
37
|
+
def other?
|
38
|
+
pid > 0 && Process.pid != pid
|
39
|
+
end
|
40
|
+
|
41
|
+
def process_exist?
|
42
|
+
pid > 0 && Process.kill(0, pid)
|
43
|
+
rescue Errno::ESRCH
|
44
|
+
false
|
45
|
+
end
|
46
|
+
|
47
|
+
def exist?
|
48
|
+
::File.exists?(@pidfile)
|
49
|
+
end
|
50
|
+
|
51
|
+
def to_s
|
52
|
+
@pidfile
|
53
|
+
end
|
54
|
+
|
55
|
+
class PidFileException < Exception
|
56
|
+
end
|
57
|
+
|
58
|
+
class AlreadyLaunched < PidFileException
|
59
|
+
end
|
60
|
+
|
61
|
+
class AnotherLaunched < PidFileException
|
62
|
+
end
|
63
|
+
end
|
64
|
+
end
|
65
|
+
end
|
@@ -1,30 +1,20 @@
|
|
1
1
|
require 'yaml'
|
2
2
|
module IptablesWeb
|
3
|
-
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
def initialize
|
10
|
-
CONFIG_FILES.each do |config|
|
11
|
-
puts "Load configuration from #{config}"
|
12
|
-
if load(config)
|
13
|
-
@loaded = true
|
14
|
-
break
|
3
|
+
module Configuration
|
4
|
+
def reload
|
5
|
+
if File.exists?(config_path)
|
6
|
+
logged_say("Load config file #{config_path}")
|
7
|
+
YAML.load_file(config_path).each do |method, value|
|
8
|
+
send("#{method}=".to_sym, value)
|
15
9
|
end
|
10
|
+
else
|
11
|
+
logged_say("Config file #{config_path} does not exist")
|
16
12
|
end
|
17
13
|
end
|
18
14
|
|
19
|
-
def
|
20
|
-
|
21
|
-
|
22
|
-
end
|
23
|
-
|
24
|
-
def self.static_rules
|
25
|
-
rules = STATIC_RULES_FILES.map do |file|
|
26
|
-
File.exist?(file) ? File.read(file) : nil
|
27
|
-
end.compact.join("\n").strip
|
15
|
+
def static_rules
|
16
|
+
return {} unless static_rules?
|
17
|
+
rules = File.read(static_rules_path)
|
28
18
|
chains = rules.scan(/\*([a-z]+)(.*?)COMMIT/m)
|
29
19
|
if chains && chains.size > 0
|
30
20
|
chains.each_with_object({}) do |r, obj|
|
@@ -37,16 +27,148 @@ module IptablesWeb
|
|
37
27
|
end
|
38
28
|
end
|
39
29
|
|
40
|
-
def
|
41
|
-
File.
|
30
|
+
def static_rules?
|
31
|
+
File.exist?(static_rules_path)
|
32
|
+
end
|
33
|
+
|
34
|
+
def home
|
35
|
+
@home || ENV['HOME']
|
36
|
+
end
|
37
|
+
|
38
|
+
def home=(home)
|
39
|
+
@home = home
|
40
|
+
end
|
41
|
+
|
42
|
+
def dir
|
43
|
+
@dir ||= begin
|
44
|
+
if root?
|
45
|
+
'/var/run/iptables_web'
|
46
|
+
else
|
47
|
+
File.expand_path(File.join(home, '.iptables-web'))
|
48
|
+
end
|
49
|
+
end
|
50
|
+
end
|
51
|
+
|
52
|
+
def dir=(d)
|
53
|
+
@dir = d
|
54
|
+
end
|
55
|
+
|
56
|
+
def path(path)
|
57
|
+
File.expand_path(path, dir)
|
42
58
|
end
|
43
59
|
|
44
|
-
def
|
45
|
-
|
60
|
+
def root?
|
61
|
+
Process::UID.eid == 0
|
62
|
+
end
|
63
|
+
|
64
|
+
#
|
65
|
+
def config_path
|
66
|
+
if root?
|
67
|
+
'/etc/iptables_web/config.yml'
|
68
|
+
else
|
69
|
+
path(@config_path || 'config.yml')
|
70
|
+
end
|
71
|
+
end
|
72
|
+
|
73
|
+
def config_path=(config_path)
|
74
|
+
@config_path = config_path
|
75
|
+
end
|
76
|
+
|
77
|
+
#
|
78
|
+
def pid_path
|
79
|
+
path(@pid_path || 'run.pid')
|
80
|
+
end
|
81
|
+
|
82
|
+
def pid_path=(pid_path)
|
83
|
+
@pid_path = pid_path
|
84
|
+
end
|
85
|
+
|
86
|
+
#
|
87
|
+
def log_path
|
88
|
+
if root?
|
89
|
+
'/var/log/iptables-web.log'
|
90
|
+
else
|
91
|
+
path(@log_path || 'run.log')
|
92
|
+
end
|
46
93
|
end
|
47
94
|
|
48
|
-
def
|
49
|
-
|
95
|
+
def log_path=(pid_path)
|
96
|
+
@log_path = pid_path
|
97
|
+
$terminal.reset if $terminal.present? && $terminal.is_a?(Cli::LoggedOutput)
|
98
|
+
end
|
99
|
+
|
100
|
+
#
|
101
|
+
def checksum_path
|
102
|
+
path(@checksum_path || 'checksum')
|
103
|
+
end
|
104
|
+
|
105
|
+
def checksum_path=(pid_path)
|
106
|
+
@checksum_path = pid_path
|
107
|
+
end
|
108
|
+
|
109
|
+
def checksum?(checksum)
|
110
|
+
File.exists?(checksum_path) && File.read(checksum_path) == make_checksum(checksum)
|
111
|
+
end
|
112
|
+
|
113
|
+
def checksum=(checksum)
|
114
|
+
File.write(checksum_path, make_checksum(checksum))
|
115
|
+
end
|
116
|
+
|
117
|
+
def make_checksum(check_sum)
|
118
|
+
check_sum = check_sum.to_s
|
119
|
+
check_sum += Digest::MD5.file(static_rules_path).hexdigest if static_rules?
|
120
|
+
Digest::MD5.hexdigest(check_sum)
|
121
|
+
end
|
122
|
+
|
123
|
+
#
|
124
|
+
def static_rules_path
|
125
|
+
if root?
|
126
|
+
'/etc/iptables_web/static_rules'
|
127
|
+
else
|
128
|
+
path(@static_rules_path || 'static_rules')
|
129
|
+
end
|
130
|
+
end
|
131
|
+
|
132
|
+
def static_rules_path=(static_rules_path)
|
133
|
+
@static_rules_path = static_rules_path
|
134
|
+
end
|
135
|
+
|
136
|
+
#
|
137
|
+
def api_base_url
|
138
|
+
# raise 'api_base_url is required' unless @api_base_url
|
139
|
+
@api_base_url
|
140
|
+
end
|
141
|
+
|
142
|
+
def api_base_url=(api_base_url)
|
143
|
+
@api_base_url = api_base_url
|
144
|
+
IptablesWeb::Model::Base.api_base_url = api_base_url
|
145
|
+
end
|
146
|
+
|
147
|
+
def access_token
|
148
|
+
raise 'Access_token is required' unless @access_token
|
149
|
+
@access_token
|
150
|
+
end
|
151
|
+
|
152
|
+
def access_token=(access_token)
|
153
|
+
@access_token = access_token
|
154
|
+
IptablesWeb::Model::Base.access_token = access_token
|
155
|
+
end
|
156
|
+
|
157
|
+
def pid_file(&block)
|
158
|
+
pid_file = Cli::PidFile.new(pid_path)
|
159
|
+
begin
|
160
|
+
pid_file.create
|
161
|
+
block.call(pid_file)
|
162
|
+
pid_file.delete
|
163
|
+
rescue Cli::PidFile::AnotherLaunched => e
|
164
|
+
|
165
|
+
pid_file.delete
|
166
|
+
logged_say(e.message)
|
167
|
+
return
|
168
|
+
rescue Exception => e
|
169
|
+
pid_file.delete
|
170
|
+
raise e
|
171
|
+
end
|
50
172
|
end
|
51
173
|
end
|
52
174
|
end
|
@@ -4,8 +4,15 @@ module IptablesWeb
|
|
4
4
|
include IptablesWeb::Mixin::Sudo
|
5
5
|
|
6
6
|
def restore(access_rules)
|
7
|
+
lines = combine(access_rules)
|
8
|
+
if lines.size == 0
|
9
|
+
logged_say('Skip restore because no rules found')
|
10
|
+
return
|
11
|
+
end
|
12
|
+
|
7
13
|
temp_file = Tempfile.new('rules')
|
8
|
-
temp_file.
|
14
|
+
logged_say("Save rules to file #{temp_file.path}")
|
15
|
+
temp_file.write lines.join("\n")
|
9
16
|
temp_file.rewind
|
10
17
|
execute("/sbin/iptables-restore -c #{temp_file.path}")
|
11
18
|
ensure
|
@@ -20,26 +27,37 @@ module IptablesWeb
|
|
20
27
|
end
|
21
28
|
|
22
29
|
def static_rules
|
23
|
-
IptablesWeb
|
30
|
+
IptablesWeb.static_rules
|
24
31
|
end
|
25
32
|
|
26
|
-
def
|
33
|
+
def combine(rules)
|
27
34
|
static_rules = self.static_rules
|
28
35
|
static_filter = static_rules.delete('filter')
|
36
|
+
|
37
|
+
filter_rules =[]
|
38
|
+
filter_rules = filter_rules | Array(static_filter)
|
39
|
+
filter_rules = filter_rules | Array(rules).map(&:to_s)
|
40
|
+
filter_rules.reject! { |r| r.strip.empty? }
|
29
41
|
lines = []
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
42
|
+
if filter_rules.size > 0
|
43
|
+
lines << '*filter'
|
44
|
+
lines << ':INPUT DROP [0:0]'
|
45
|
+
lines << ':FORWARD ACCEPT [0:0]'
|
46
|
+
lines << ':OUTPUT ACCEPT [0:0]'
|
47
|
+
lines = lines | filter_rules
|
48
|
+
lines << "COMMIT\n"
|
49
|
+
end
|
50
|
+
|
37
51
|
static_rules.each do |chain, sub_rules|
|
38
52
|
lines << "*#{chain}"
|
39
53
|
lines << sub_rules.join("\n").strip
|
40
54
|
lines << "COMMIT\n"
|
41
55
|
end
|
42
|
-
lines
|
56
|
+
lines
|
57
|
+
end
|
58
|
+
|
59
|
+
def render(rules)
|
60
|
+
combine(rules).join("\n")
|
43
61
|
end
|
44
62
|
end
|
45
63
|
end
|
@@ -5,9 +5,14 @@ module IptablesWeb
|
|
5
5
|
module Model
|
6
6
|
class Base < ActiveResource::Base
|
7
7
|
add_response_method :response
|
8
|
-
|
9
|
-
|
10
|
-
|
8
|
+
class << self
|
9
|
+
def api_base_url=(api_base_url)
|
10
|
+
self.site = "#{api_base_url}/api"
|
11
|
+
end
|
12
|
+
|
13
|
+
def access_token=(access_token)
|
14
|
+
self.headers['X-Node-Access-Token'] = access_token
|
15
|
+
end
|
11
16
|
end
|
12
17
|
end
|
13
18
|
end
|
@@ -4,23 +4,32 @@ module IptablesWeb
|
|
4
4
|
self.element_name = 'node'
|
5
5
|
self.include_root_in_json = true
|
6
6
|
|
7
|
-
def self.handshake
|
7
|
+
def self.handshake(&block)
|
8
8
|
node = find('current')
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
node.
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
9
|
+
if node
|
10
|
+
begin
|
11
|
+
block.call if block
|
12
|
+
rescue Exception => e
|
13
|
+
node.has_errors = true
|
14
|
+
node.report = 'Exception: ' + e.message
|
15
|
+
node.report << "\n"
|
16
|
+
node.report << 'Backtrace: ' + e.backtrace.join("\n")
|
17
|
+
raise e
|
18
|
+
ensure
|
19
|
+
# save node after updating
|
20
|
+
node.ips = []
|
21
|
+
::System.get_ifaddrs.each do |interface, config|
|
22
|
+
next if interface.to_s.include?('lo')
|
23
|
+
node.ips.push({
|
24
|
+
interface: interface,
|
25
|
+
ip: config[:inet_addr],
|
26
|
+
netmask: config[:netmask]
|
27
|
+
})
|
28
|
+
end
|
29
|
+
node.ips.uniq! { |ip| ip[:ip] }
|
30
|
+
node.hostname = `hostname -f`
|
31
|
+
node.save
|
20
32
|
end
|
21
|
-
node.ips.uniq! { |ip| ip[:ip] }
|
22
|
-
node.hostname = `hostname -f`
|
23
|
-
node.save
|
24
33
|
end
|
25
34
|
end
|
26
35
|
end
|
data/lib/iptables_web/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: iptables-web
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.3.
|
4
|
+
version: 0.3.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- NikolayMurga
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-08-
|
11
|
+
date: 2015-08-09 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: system-getifaddrs
|
@@ -84,6 +84,26 @@ dependencies:
|
|
84
84
|
- - '>='
|
85
85
|
- !ruby/object:Gem::Version
|
86
86
|
version: 1.1.1
|
87
|
+
- !ruby/object:Gem::Dependency
|
88
|
+
name: lockfile
|
89
|
+
requirement: !ruby/object:Gem::Requirement
|
90
|
+
requirements:
|
91
|
+
- - ~>
|
92
|
+
- !ruby/object:Gem::Version
|
93
|
+
version: '2'
|
94
|
+
- - '>='
|
95
|
+
- !ruby/object:Gem::Version
|
96
|
+
version: 2.1.3
|
97
|
+
type: :runtime
|
98
|
+
prerelease: false
|
99
|
+
version_requirements: !ruby/object:Gem::Requirement
|
100
|
+
requirements:
|
101
|
+
- - ~>
|
102
|
+
- !ruby/object:Gem::Version
|
103
|
+
version: '2'
|
104
|
+
- - '>='
|
105
|
+
- !ruby/object:Gem::Version
|
106
|
+
version: 2.1.3
|
87
107
|
- !ruby/object:Gem::Dependency
|
88
108
|
name: bundler
|
89
109
|
requirement: !ruby/object:Gem::Requirement
|
@@ -124,6 +144,12 @@ files:
|
|
124
144
|
- README.md
|
125
145
|
- bin/iptables-web
|
126
146
|
- lib/iptables_web.rb
|
147
|
+
- lib/iptables_web/cli.rb
|
148
|
+
- lib/iptables_web/cli/command/install.rb
|
149
|
+
- lib/iptables_web/cli/command/update.rb
|
150
|
+
- lib/iptables_web/cli/import.rb
|
151
|
+
- lib/iptables_web/cli/logged_output.rb
|
152
|
+
- lib/iptables_web/cli/pid_file.rb
|
127
153
|
- lib/iptables_web/configuration.rb
|
128
154
|
- lib/iptables_web/crontab.rb
|
129
155
|
- lib/iptables_web/iptables.rb
|