iptablez 1.0.0.pre

data/lib/iptablez/commands/delete_chain.rb

@@ -0,0 +1,106 @@
+module Iptablez
+  module Commands
+    # The namespace to describe the `iptables` `-X` argument to delete a chain.
+    # @author Kent 'picat' Gruber
+    module DeleteChain
+      # Move on Module
+      include MoveOn
+
+      NO_CHAIN_MATCH_ERROR = 'iptables: No chain/target/match by that name.'.freeze
+      CHAIN_NOT_EMPTY      = 'iptables: Directory not empty.'.freeze
+
+      KNOWN_ERRORS = [NO_CHAIN_MATCH_ERROR, CHAIN_NOT_EMPTY].freeze
+
+      # @api private
+      # Determine a given error. Optionally a chain can be used to provide better context.
+      private_class_method def self.determine_error(error:, chain: false)
+        if error == NO_CHAIN_MATCH_ERROR
+          raise ChainExistenceError, "#{chain} doesn't exist!"
+        elsif
+          raise ChainNotEmpty, "#{chain} is not empty! Will probably need to flush (-F) it to delete it!" 
+        else
+          raise error
+        end
+      end
+
+      # Delete all of the user defined chains.
+      #
+      # @example Basic Usage
+      #   Iptablez::Commands::DeleteChain.all
+      #   # => {"dogs"=>true}
+      #
+      # @example Basic Usage with a Block
+      #   Iptablez::Commands::DeleteChain.all do |name, result|
+      #     puts "#{name} has been deleted." if result # true
+      #   end
+      #
+      # @yield Each chain name and boolean if it has been successfully deleted.
+      # @return [Hash] Key value pairing of each user defined chain and boolean if it has been successfully deleted.
+      def self.all(error: false, continue: !error)
+        results = {}
+        chains(names: Iptablez::Chains.user_defined, continue: continue, fly_by: fly_by) do |name, result|
+          yield [name, result] if block_given?
+          results[name] = result
+        end
+        return false if results.empty?
+        results
+      end
+
+      # Delete a chain of a given +name+. This is the heart of this module.
+      # @param name     [String]  Single chain +name+.
+      # @param error    [Boolean] Determine if operations should raise/halt other possible operations with errors.
+      # @param continue [Boolean] Determine if operations should continue despite errors.
+      #
+      # @example Basic Usage
+      #   Iptablez::Commands::DeleteChain.chain(name: "dogs")
+      #   # => false
+      #   Iptablez::Commands::DeleteChain.chain(name: "cats")
+      #   # => true
+      # @example Basic Usage with a Block
+      #   Iptablez::Commands::DeleteChain.chain(name: "dogs") do |name, result|
+      #     puts "#{name} deleted!" if result
+      #   end
+      #
+      # @yield  [String, Boolean] The +name+ of the chain and +result+ of the operation if a block if given.
+      # @return [Boolean]         The result of the operation.
+      #
+      # @raise An error will be raised if the +error+ or +continue+ keywords are +true+ and the operation fails.
+      def self.chain(name:, error: false, continue: !error)
+        name = name.to_s unless name.is_a? String
+        _, e, s = Open3.capture3(Iptablez.bin_path, '-X', name.shellescape)
+        e.strip! # remove new line
+        if s.success?
+          yield [name, true] if block_given?
+          return true
+        elsif MoveOn.continue?(continue: continue, message: e, known_errors: KNOWN_ERRORS)
+          yield [name, false] if block_given?
+          return false
+        else
+          determine_error(chain: name, error: e)
+        end
+      end
+
+      # Delete each name is a given array of names.
+      # @param names    [Array<String>] An array of chains to delete.
+      # @param error    [Boolean]       Determine if operations should raise/halt other possible operations with errors.
+      # @param continue [Boolean]       Determine if operations should continue despite errors.
+      #
+      # @example Basic Usage
+      #   Iptablez::Commands::DeleteChain.chain(names: ["dogs", "whales"])
+      #   # => {"dogs"=>false, "whales"=>true}
+      #
+      # @yield  [String, Boolean] The name of the chain and result of the operation if a block if given.
+      # @return [Hash]            Key value pairing of each given chain and the result of the operation.
+      def self.chains(names:, error: false, continue: !error)
+        results = {} 
+        names.each do |name|
+          results[name] = chain(name: name, continue: continue) do |name, result|
+            yield [name, result] if block_given?
+          end
+        end
+        results 
+      end
+
+    end
+  end
+end

data/lib/iptablez/commands/flush_chain.rb

@@ -0,0 +1,72 @@
+module Iptablez
+  module Commands
+    module FlushChain
+      # Move on Module
+      include MoveOn
+
+      NO_CHAIN_MATCH_ERROR = 'iptables: No chain/target/match by that name.'.freeze
+      KNOWN_ERRORS = [NO_CHAIN_MATCH_ERROR].freeze
+     
+      # Flush all of the possible `iptables` chains.
+      # @example Basic Usage
+      #   Iptablez::Commands::Flush.all
+      #   # => {"INPUT"=>true, "FORWARD"=>true, "OUTPUT"=>true}
+      # @example Basic Usage with a Block
+      #   Iptablez::Commands::Flush.all do |name, result|
+      #     puts "#{name} flushed!" if result
+      #   end
+      def self.all(names: Iptablez::Chains.all, error: false, continue: !error) 
+        chains(names: names, continue: continue) do |name, result|
+          yield [name, result] if block_given?
+        end
+      end
+
+      # Flush the rules for a chain of a given `name`. This is the heart of this modules.
+      # @todo Document params.
+      # @example Basic Usage
+      #   Iptablez::Commands::Flush.chain(name: "INPUT")
+      #   # => true
+      #   Iptablez::Commands::Flush.chain(name: "cats") # not a real chain
+      #   # => false
+      # @example Basic Usage with a Block
+      #   Iptablez::Commands::Flush.chain(name: "INPUT") do |name, result|
+      #     puts "#{name} flushed" if result
+      #   end
+      def self.chain(name:, error: false, continue: !error)
+       name = name.to_s unless name.is_a? String 
+        _, e, s = Open3.capture3(Iptablez.bin_path, '-F', name.shellescape)      
+        e.strip!
+        if s.success?
+          yield [name, true] if block_given?
+          return true
+        elsif MoveOn.continue?(continue: continue, message: e, known_errors: KNOWN_ERRORS)
+          yield [name, false] if block_given?
+          return false
+        else
+          determine_error(chain: name, error: e)
+        end
+      end
+
+      # Flush the rules for multiple chains of their given `names`.
+      # @todo Document params.
+      # @example Basic Usage
+      #   Iptablez::Commands::Flush.chains(names: ["dogs", "cats"])
+      #   # => {"dogs"=>true, "cats"=>false}
+      # @example Basic Usage with a Block
+      #   Iptablez::Commands::Flush.chains(names: ["dogs", "cats"]) do |name, result|
+      #     puts "#{name} flushed" if result
+      #   end
+      def self.chains(names:, error: false, continue: !error)
+        results = {}
+        names.each do |name|
+          results[name] = chain(name: name, continue: continue) do |name, result|
+            yield [name, result] if block_given?
+          end
+        end
+        results
+      end
+
+
+    end
+  end
+end

data/lib/iptablez/commands/helpers/argument_helpers.rb

@@ -0,0 +1,163 @@
+module Iptablez
+  module Commands
+    # Kent, wtf is this shit?
+    # Don't worry about iiiiit bruuuhhhhhvvv.
+    # @author Kent 'picat' Gruber
+    module ArgumentHelpers
+
+      def self.wait(seconds: false)
+        if seconds # don't wait forever? :P
+          { wait: "-w #{seconds}" }
+        else
+          { wait: "-w" }
+        end
+      end
+
+      def self.counters(packets:, bytes:)
+        { counters: "-c #{packets} #{bytes}" }
+      end
+
+      def self.fragment
+        { fragment: "-f" }
+      end
+
+      def self.destination(dst:, ip: true, port: !ip)
+        unless port
+          { destination: "-d #{dst}" }
+        else
+          destination_port(dst: dst)
+        end
+      end
+
+      def self.destination_port(dst:)
+        { destination_port: "--dport #{dst}" }
+      end
+
+      def self.source(src:, ip: true, port: !ip)
+        unless port
+          { source: "-s #{src}" }
+        else
+          source_port(src: src)
+        end
+      end
+
+      def self.source_port(src:)
+        { source_port: "-sport #{src}" }
+      end
+
+      # @todo
+      #def self.ip_range(from:, to:)
+      #  { ip_range: "-m iprange #{fromt}-#{to}" }
+      #end
+
+      def self.table(name: "filter")
+        { table: "-t #{name}" }
+      end
+
+      def self.jump(target:)
+        { jump: "-j #{target}" }
+      end
+      
+      def self.goto(target:)
+        { goto: "-g #{target}" }
+      end
+
+      def self.interface(name:, out: false)
+        argument = if out
+                     "-o"
+                   else
+                     "-i"
+                   end 
+        { interface: "#{argument} #{name}" }
+      end
+
+      def self.protocol(protocol:)
+        { protocol: "-p #{protocol}" }
+      end
+
+      # @example Basic Usage
+      #   # note how jump: is compared to goto:
+      #   args = {:goto=>"-g INPUT", :jump=>"INPUT"}
+      #   # lets normalize that shit
+      #   Iptablez::Commands::ArgumentHelpers.normalize_arguments(args)
+      #   # => {:jump=>"-j INPUT", :goto=>"-g INPUT"}
+      def self.normalize_arguments(args)
+        results = {}
+        results[:jump]     = normalize_jump(args[:jump])[:jump]                                 if args[:jump]
+        results[:goto]     = normalize_goto(args[:goto])[:goto]                                 if args[:goto]
+        results[:protocol] = normalize_protocol(args[:protocol])[:protocol]                     if args[:protocol]
+        results[:interface]= normalize_interface(args[:interface])[:interface]                  if args[:interface]
+        results[:src]      = normalize_source(args[:src])[:source]                              if args[:src]
+        results[:sport]    = normalize_source(args[:sport], port: true)[:source_port]           if args[:sport]
+        results[:dst]      = normalize_destination(args[:dst])[:destination]                    if args[:dst]
+        results[:dport]    = normalize_destination(args[:dport], port: true)[:destination_port] if args[:dport]
+        results
+      end
+
+      def self.normalize_jump(arg)
+        if arg["-j"] || arg["--jump"]
+          { jump: arg }
+        else
+          jump(target: arg)
+        end
+      end
+      
+      def self.normalize_goto(arg)
+        if arg["-g"] || arg["--goto"]
+          { goto: arg }
+        else
+          goto(target: arg)
+        end
+      end
+
+      def self.normalize_protocol(arg)
+        if arg["-p"] # @todo Check || arg["--protocol"]
+          { protocol: arg }
+        else
+          goto(target: arg)
+        end
+      end
+      
+      def self.normalize_interface(arg, out: false)
+        if arg["-i"] || arg["-o"] # @todo 
+          { interface: arg }
+        else
+          interface(name: arg, out: out)
+        end
+      end
+
+      def self.normalize_table(arg)
+        if arg["-t"] || arg["--table"] # @todo 
+          { table: arg }
+        else
+          table(name: arg)
+        end
+      end
+
+      def self.normalize_destination(arg, port: false)
+        if arg["-d"] || arg["--dport"] # @todo
+          if port 
+            { destination_port: arg }
+          else
+            { destination: arg }
+          end
+        else
+          destination(dst: arg, port: port)
+        end
+      end
+
+      def self.normalize_source(arg, port: false)
+        if arg["-s"] || arg["--sport"] # @todo
+          if port
+            { source_port: arg }
+          else
+            { source: arg }
+          end
+        else
+          source(src: arg, port: port)
+        end
+      end
+
+    end
+  end
+end

data/lib/iptablez/commands/helpers/errors.rb

@@ -0,0 +1,11 @@
+module Iptablez
+  module Commands
+    class ChainExistenceError < ArgumentError; end
+
+    class ChainNotEmpty < StandardError ; end 
+
+    class InvalidRuleIndexError < StandardError; end
+
+    class ChainAlreadyExistsError < ArgumentError; end
+  end
+end

data/lib/iptablez/commands/helpers/move_on.rb

@@ -0,0 +1,14 @@
+module Iptablez
+  module Commands
+    # @todo Document this module. Kind'a important.
+    module MoveOn
+      # @api private
+      # Determine if the method should should move on with its life when things go wrong.
+      def self.continue?(continue:, message:, known_errors:, force: false)
+        return true if force
+        return true if continue && known_errors.include?(message)
+        false
+      end
+    end
+  end
+end

data/lib/iptablez/commands/interface.rb

@@ -0,0 +1,80 @@
+module Iptablez
+  module Commands
+    # @todo Add inline document to this.
+    module Interface 
+    
+      def self.delete_chain(name: false, all: false)
+        if name
+          DeleteChain.chain(name: name)
+        elsif all
+          DeleteChain.all
+        else
+          raise "No chain name/all specified."
+        end
+      end
+
+      def self.flush(chain: false, all: true)
+        if chain
+          Flush.chain(name: chain)
+        elsif all
+          Flush.all
+        else
+          raise "No chain/all specified."
+        end
+      end  
+   
+      def self.list(chain: false, all: true, number: false) 
+        if chain && ! number
+          List.chain(name: chain)  
+        elsif number && chain
+          List.number(chain: chain, number: number)
+        elsif all
+          List.all 
+        else
+          raise "No chain/number/all specified."
+        end 
+      end
+
+      def self.new_chain(name:) 
+        NewChain.chain(name: name)
+      end
+
+      def self.policy(target:, chain: false, all: true)
+        if chain && target
+          Policy.chain(name: chain, target: target)
+        elsif all && target
+          Policy.all(target: target)
+        else
+          raise "No chain/target/all specified."
+        end
+      end
+
+      def self.rename_chain(from:, to:)
+        if from && to
+          RenameChain.chain(from: from, to: to)
+        else
+          raise "No from/to specified."
+        end
+      end
+
+      def self.version(full: false)
+        if full
+          Version.full
+        else
+          Version.number
+        end
+      end
+
+      def self.zero(all: true, chain: false)
+        if chain
+          Zero.chain(name: chain)
+        elsif all 
+          Zero.all
+        else
+          raise "No all/chain specified."
+        end
+      end
+
+    end
+  end
+end