iptablez 1.0.0.pre

data/iptablez.gemspec

@@ -0,0 +1,27 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'iptablez/helpers/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "iptablez"
+  spec.version       = Iptablez::VERSION
+  spec.authors       = ["Kent 'picat' Gruber"]
+  spec.email         = ["kgruber1@emich.edu"]
+
+  spec.summary       = %q{A friendly Ruby API to iptables.}
+  #spec.description   = %q{TODO: Write a longer description or delete this line.}
+  spec.homepage      = "https://github.com/picatz/iptablez"
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files -z`.split("\x0").reject do |f|
+    f.match(%r{^(test|spec|features)/})
+  end
+  spec.bindir        = "bin"
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.14"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "rspec", "~> 3.0"
+end

data/lib/iptablez.rb

@@ -0,0 +1,33 @@
+#!/usr/bin/env ruby
+
+require "shellwords"
+require "open3"
+
+require "iptablez/helpers/version"
+require "iptablez/helpers/helpers"
+require "iptablez/commands/helpers/move_on"
+require "iptablez/commands/helpers/errors"
+require "iptablez/commands/helpers/argument_helpers"
+require "iptablez/commands/flush_chain"
+require "iptablez/commands/interface"
+require "iptablez/commands/policy"
+require "iptablez/commands/new_chain"
+require "iptablez/commands/append_chain"
+require "iptablez/commands/rename_chain"
+require "iptablez/commands/delete_chain"
+require "iptablez/commands/version"
+require "iptablez/commands/list"
+require "iptablez/chains/chains"
+
+module Iptablez
+  
+  def self.squid
+    # easter egg / mascot
+    puts "<コ:彡"
+  end
+
+  def self.giant_squid
+    puts File.read('giant_squid.txt')
+  end
+
+end

data/lib/iptablez/chains/README.md

@@ -0,0 +1,139 @@
+# Chains Interface
+
+The `Chains` Inteface is a collection of helpful methods to act as a clear, friendly interface to the possible collection of `Commands` which Iptablez implements. You're free to use the commands, just as the `Chains` interface would under the hood.
+
+## Method Overview
+```ruby
+require 'iptablez'
+
+Iptablez::Chains.all
+Iptablez::Chains.defaults
+Iptablez::Chains.create
+Iptablez::Chains.rename
+Iptablez::Chains.flush
+Iptablez::Chains.delete
+Iptablez::Chains.exists?
+Iptablez::Chains.policies
+Iptablez::Chains.policy?
+Iptablez::Chains.user_defined
+Iptablez::Chains.user_defined?
+```
+
+## All
+
+Return a list of all the possible chains including defaults and user defined.
+
+```ruby
+Iptablez::Chains.all
+# => ["INPUT", "FORWARD", "OUTPUT", "cats", "dogs"]
+
+Iptablez::Chains.all do |chain|
+  puts chain
+end
+
+Iptablez::Chains.all { |chain| puts chain }
+
+Iptablez::Chains.all.each do |chain|
+  puts chain
+end
+```
+
+## Defaults
+
+Return a list of all the default chains.
+
+```ruby
+Iptablez::Chains.defaults
+# => ["INPUT", "FORWARD", "OUTPUT"]
+
+Iptablez::Chains.defualts do |chain|
+  puts chain
+end
+
+Iptablez::Chains.defaults { |chain| puts chain }
+
+Iptablez::Chains.defaults.each do |chain|
+  puts chain
+end
+```
+
+## Delete 
+
+Delete a list of a given single `name` or an array of `names`. If the chain is not empty, the operation will fail. Consider flushing the chain(s) if you want to delete them.
+
+```ruby
+Iptablez::Chains.delete(name: "frogs") # frogs is not a real chain
+# => false
+
+Iptablez::Chains.delete(name: "frogs") do |name, result|
+  if result # this will be false
+    puts "#{name} was deleted!"
+  else
+    puts "#{name} couldn't be deleted!"
+  end
+end
+
+Iptablez::Chains.delete(names: ["dogs", "cats"])
+# => {"dogs"=>true, "cats"=>true}
+
+Iptablez::Chains.delete(names: ["dogs", "cats"]) do |name, result|
+  puts name if result # won't happen, already deleted! :)
+end
+# => {"dogs"=>false, "cats"=>false}
+```
+
+## Exists?
+
+Check if a list of a given single `name` or an array of `names` actually exists.
+
+```ruby
+Iptablez::Chains.exists?(name: "frogs") # frogs is not a real chain
+# => false
+
+Iptablez::Chains.exists?(name: "frogs") do |name, result|
+  if result # this will be false
+    puts "#{name} exists!"
+  else
+    puts "#{name} doesn't exist!"
+  end
+end
+
+Iptablez::Chains.exists?(names: ["dogs", "cats"])
+# => {"dogs"=>true, "cats"=>true}
+
+Iptablez::Chains.exists?(names: ["dogs", "cats"]) do |name, result|
+  puts name if result # won't happen, already deleted! :)
+end
+# => {"dogs"=>false, "cats"=>false}
+```
+
+## Policies
+
+Get a a list of a given single `name` or an array of `names` default policy response/target.
+
+```ruby
+Iptablez::Chains.policies(name: "frogs") # frogs is not a real chain
+# => false
+
+Iptablez::Chains.exists?(name: "frogs") do |name, result|
+  if result # this will be false
+    puts "#{name} exists!"
+  else
+    puts "#{name} doesn't exist!"
+  end
+end
+
+Iptablez::Chains.exists?(names: ["dogs", "cats"])
+# => {"dogs"=>true, "cats"=>true}
+
+Iptablez::Chains.exists?(names: ["dogs", "cats"]) do |name, result|
+  puts name if result # won't happen, already deleted! :)
+end
+# => {"dogs"=>false, "cats"=>false}
+```
+
+
+
+
+
+

data/lib/iptablez/chains/chains.rb

@@ -0,0 +1,227 @@
+module Iptablez
+
+  module Chains
+    
+    DEFAULT = ["INPUT", "FORWARD", "OUTPUT"]
+
+    # List all of the current chains found in +iptables+.
+    #
+    # @example Basic Usage
+    #   Iptablez::Chains.all
+    #   # => ["INPUT", "FORWARD", "OUTPUT"]
+    #
+    # @example Block Usage
+    #   Iptablez::Chains.all do |chain|
+    #     puts chain
+    #   end
+    #
+    # @yield Each chain if a block is given.
+    # @return [Array<String>] An array of chain names.
+    def self.all
+      chains = Commands::List.full.find_all do |line| 
+        line if line.split[0] == "Chain" 
+      end.map(&:split).collect { |array| array[1] }
+      chains.each { |c| yield c } if block_given?
+      return chains 
+    end
+    
+    # List the default policies for default chains.
+    #
+    # @example Basic Usage
+    #   Iptablez::Chains.policies
+    #   # => {"INPUT"=>"ACCEPT", "FORWARD"=>"ACCEPT", "OUTPUT"=>"ACCEPT"}
+    #
+    # @example Block Usage
+    #   Iptablez::Chains.policies do |name, policy|
+    #     puts "#{name}: #{policy}"
+    #   end
+    #
+    # @yield Each chain name and policy if a block is given.
+    # @return [Hash] Key value pairing of each chain and its default policy.
+    def self.policies(names: Iptablez::Chains.defaults, error: false, continue: !error)
+      Commands::List.defaults(names: names, continue: continue) do |result|
+        yield result if block_given?
+      end
+    end
+
+    # Check if there are any user defined chains, optionally
+    # giving a single name to check or an array of names.
+    #
+    # @example Basic Usage
+    #   Iptablez::Chains.user_defined?
+    #   # => false
+    # @example Basic Block Usage
+    #   Iptablez::Chains.user_defined? do |result|
+    #     if result
+    #       puts "Found user defined chains."
+    #     else
+    #       puts "Did not find user defined chains."
+    #     end
+    #   end
+    # @example Check Single Name
+    #   Iptablez::Chains.user_defined?(name: "dogs")
+    #   # => false
+    # @example Check Single Name with a Block
+    #   Iptablez::Chains.user_defined?(name: "dogs") do |result|
+    #     result ? "User defined!" : "No user defined!"     
+    #   end
+    # @example Check Multiple Names
+    #   Iptablez::Chains.user_defined?(names: ["dogs", "frogs"])
+    #   # => {"dogs"=>false, "frogs"=>false}
+    # @example Check Multiple Names with a Block
+    #   Iptablez::Chains.user_defined?(names: ["dogs", "frogs"]) do |name, result|
+    #     phrase = if result
+    #                "is"
+    #              else
+    #                "is not"
+    #              end
+    #     puts "#{name} #{phrase} user defined."
+    #   end
+    # @param name [String] Single name.
+    # @param names [Array<String>] Multiple names.
+    # 
+    # @yield results if a block is given.
+    # @return [Hash] key value pairing of each chain and the result of the check.
+    def self.user_defined?(name: false, names: [])
+      if name && names.empty?
+        r = user_defined.include?(name)
+        return r unless block_given?
+        yield r
+      elsif names[0] && ! name
+        r = {}
+        names.each do |n|
+          r.clear if block_given?
+          r[n] = user_defined.include?(n)
+          yield r.flatten if block_given?
+        end
+        return r unless block_given? 
+      elsif names[0] && name
+        raise "Cannot use both a single name and multiple names together."
+      else
+        all.count > 3 ? true : false
+      end
+    end
+
+    # List all of the user_defined chains.
+    #
+    # @yield Each name of the user defined chains if a block if given.
+    # @return [Array<String>] Easy user defined chain as an array.
+    def self.user_defined
+      user_defined_chains = all.find_all { |c| c unless DEFAULT.include?(c) }
+      return user_defined_chains unless block_given?
+      user_defined_chains.each { |c| yield c }
+    end
+
+    # Check if a chain exists by a given name.
+    # @todo Fix documentation.
+    # @param name [String] Single name.
+    # @param names [Array<String>] Multiple names.
+    # @return [Boolean] Easy user defined chain as an array.
+    def self.exists?(name: false, names: [])
+      if name
+        all do |chain| 
+          if chain == name 
+            yield [name, true] if block_given?
+            return true
+          end
+        end
+      elsif !names.empty?
+        results = {}
+        names.each do |name|
+          results[name] = false
+          all { |chain| results[name] = true if chain == name }
+          yield [name, results[name]] if block_given?
+        end
+        results
+      end
+    end
+
+    def self.defaults
+      return DEFAULT unless block_given?
+      DEFAULT.each { |c| yield c } 
+    end
+
+    def self.policy?(name:, policy:, names: [])
+      if name && names.empty?
+        r = if policies[name] == policy
+              true
+            else
+              false
+            end
+        return r unless block_given?
+        yield r
+      elsif names[0] && ! name && policy
+        r = {} 
+        names.each do |n| 
+          begin
+            r[n] = if policies[name] == policy
+                     true 
+                   else
+                     false
+                   end
+            yield r[n] if block_given?
+          rescue => e
+            raise e
+          end
+        end
+        return r unless block_given? 
+      elsif name && names[0]
+        raise "Cannot use both a single name and multiple names together."
+      end
+    end 
+
+    def self.create(name: false, names: [], error: false, continue: !error)
+      if name
+        Commands::NewChain.chain(name: name, continue: continue) do |result|
+          yield result if block_given?
+        end
+      elsif !names.empty?
+        Commands::NewChain.chains(names: names, continue: continue) do |result|
+          yield result if block_given?
+        end  
+      end
+    end
+
+    def self.delete(name: false, names: [], error: false, continue: !error)
+      if name 
+        Commands::DeleteChain.chain(name: name, continue: continue) do |result|
+          yield result if block_given?
+        end
+      elsif !names.empty?
+        Commands::DeleteChain.chains(names: names, continue: continue) do |result|
+          yield result if block_given?
+        end
+      end
+    end
+
+    def self.flush(name: false, names: [], error: false, continue: !error)
+      if name
+        Commands::FlushChain.chain(name: name, continue: continue) do |result|
+          yield result if block_given?
+        end
+      elsif !names.empty?
+        Commands::FlushChain.chains(names: names, continue: continue) do |result|
+          yield result if block_given?
+        end
+      end
+    end
+
+    def self.rename(from: false, to: false, pairs: {}, error: false, continue: !error)
+      if from && to
+        Commands::RenameChain.chain(from: from, to: to, continue: continue) do |result|
+          yield result if block_given?
+        end
+      elsif (!from && to) or (from && !to)
+        return false if continue
+        raise ArgumentError, "Cannot use from: without to:"
+      elsif !pairs.empty?
+        Commands::RenameChain.chains(pairs: pairs, continue: continue) do |result|
+          yield result if block_given?
+        end
+      end
+    end
+
+
+  end
+
+end

data/lib/iptablez/commands/append_chain.rb

@@ -0,0 +1,62 @@
+module Iptablez
+  module Commands
+    # The namespace to describe the `iptables` `-X` argument to delete a chain.
+    # @author Kent 'picat' Gruber
+    module AppendChain
+      # Move on Module
+      include MoveOn
+      include ArgumentHelpers
+
+      NO_CHAIN_MATCH_ERROR = 'iptables: No chain/target/match by that name.'.freeze
+      KNOWN_ERRORS = [NO_CHAIN_MATCH_ERROR].freeze
+
+      # @api private
+      # Determine a given error. Optionally a chain can be used to provide better context.
+      private_class_method def self.determine_error(error:, chain: false)
+        if error == NO_CHAIN_MATCH_ERROR
+          raise ChainExistenceError, "#{chain} doesn't exist!"
+        elsif
+          raise ChainNotEmpty, "#{chain} is not empty! Will probably need to flush (-F) it to delete it!" 
+        else
+          raise error
+        end
+      end
+
+      # Delete a chain of a given +name+. This is the heart of this module.
+      # @param name     [String]  Single chain +name+.
+      # @param error    [Boolean] Determine if operations should raise/halt other possible operations with errors.
+      # @param continue [Boolean] Determine if operations should continue despite errors.
+      #
+      # @example Basic Usage
+      #   Iptablez::Commands::AppendChain.chain(name: "dogs")
+      #   # => true
+      #   Iptablez::Commands::List.chain(name: "kittens")
+      #   # => ["all  --  anywhere             anywhere"]
+      #
+      # @yield  [String, Boolean] The +name+ of the chain and +result+ of the operation if a block if given.
+      # @return [Boolean]         The result of the operation.
+      #
+      # @raise An error will be raised if the +error+ or +continue+ keywords are +true+ and the operation fails.
+      def self.chain(name:, error: false, continue: !error, **args)
+        name = name.to_s unless name.is_a? String
+        name = name.shellescape
+        first_arguments = [Iptablez.bin_path, '-A', name]
+        args = ArgumentHelpers.normalize_arguments(args).values.map(&:split).flatten # fucking crazy shit here
+        cmd = first_arguments + args
+        _, e, s = Open3.capture3(cmd.join(" "))
+        #_, e, s = Open3.capture3(Iptablez.bin_path, '-A', name, args.values.map(&:split).flatten)
+        e.strip! # remove new line
+        if s.success?
+          yield [name, true] if block_given?
+          return true
+        elsif MoveOn.continue?(continue: continue, message: e, known_errors: KNOWN_ERRORS)
+          yield [name, false] if block_given?
+          return false
+        else
+          determine_error(chain: name, error: e)
+        end
+      end
+
+    end
+  end
+end