iptablez 1.0.0.pre

data/lib/iptablez/commands/list.rb

@@ -0,0 +1,210 @@
+module Iptablez
+  module Commands
+    module List 
+      # Move on Module
+      include MoveOn
+     
+      UNKOWN_OPTION        = 'unknown option'.freeze
+      NO_CHAIN_MATCH_ERROR = 'iptables: No chain/target/match by that name.'.freeze
+      PERMISSION_DENIED    = 'Permission denied (you must be root)'.freeze
+      INVALID_RULE_NUMBER  = 'Invalid rule number'.freeze
+
+      KNOWN_ERRORS = [NO_CHAIN_MATCH_ERROR, PERMISSION_DENIED, INVALID_RULE_NUMBER, UNKOWN_OPTION].freeze
+
+      # @api private
+      # Determine a given error. Optionally a chain can be used to provide better context.
+      private_class_method def self.determine_error(error:, chain: false, number: false)
+        if error == NO_CHAIN_MATCH_ERROR
+          raise ChainExistenceError, "#{chain} doesn't exist!"
+        elsif error == INVALID_RULE_NUMBER
+          raise InvalidRuleIndexError, "#{chain} invalid number #{number}!"
+        else
+          raise error
+        end
+      end
+
+      # List all of the `iptables` rules. Note: this will not include policies.
+      # @todo Document params.
+      # @example Basic Usage
+      #   Iptablez::Commands::List.all
+      #   # => []
+      #   Iptablez::Commands::List.all.empty? # if no rules
+      #   # => true
+      # @example Basic Usage with a Block
+      #   Iptablez::Commands::List.all do |rule|
+      #     puts rule
+      #   end
+      # @yield Each result if a block is given.
+      # @return [Hash] key value pairing of each chain and the result of the check.
+      def self.all(error: false, continue: !error)
+        o, e, s = Open3.capture3(Iptablez.bin_path, '-L')      
+        if e["you must be root"]
+          e = PERMISSION_DENIED
+        else
+          e.strip!
+        end
+        results = []
+        if s.success?
+          o.split("\n").map(&:strip).each do |line|
+            next if line.split[0] == "Chain" || line.split[0] == "target" || line.empty?
+            yield line if block_given?
+            results << line
+          end
+          results
+        elsif MoveOn.continue?(continue: continue, message: e, known_errors: KNOWN_ERRORS)
+          return results
+        else
+          determine_error(chain: name, error: e)
+        end
+      end
+
+      # List the `iptables` rules for a chain of a given `name`.
+      # @todo Document params.
+      # @example Basic Usage
+      #   Iptablez::Commands::List.defaults
+      #   # => {"INPUT"=>"ACCEPT", "FORWARD"=>"ACCEPT", "OUTPUT"=>"ACCEPT"}
+      # @example Basic Usage with a Block
+      #   Iptablez::Commands::List.defaults do |name, target|
+      #     puts "#{name}: #{target}"
+      #   end
+      def self.defaults(names: Iptablez::Chains.defaults, error: false, continue: !error)
+        results = {}
+        names.each do |name|
+          result = chain(name: name, policy: true, continue: true)
+          result = result.map(&:split).map(&:last)[0] if result
+          yield [name, result] if block_given?
+          results[name] = result
+        end
+        results
+      end
+     
+      # List the full `iptables` output (no filtering from STDOUT) for a `chain` of a given name, or
+      # all chains if no chain `name` is given.
+      # @todo Document params.
+      # @example Basic Usage
+      #   Iptablez::Commands::List.full
+      #   Iptablez::Commands::List.full(chain: "INPUT")
+      # @example Basic Usage with a Block
+      #   Iptablez::Commands::List.full { |l| puts l }
+      #   Iptablez::Commands::List.full(chain: "FORWARD") do |line|
+      #     puts line
+      #   end
+      # @yield Each result if a block is given.
+      # @return [Array] Each line as the result.
+      def self.full(chain: false, error: false, continue: !error)
+        if chain
+          o, e, s = Open3.capture3(Iptablez.bin_path, '-L', chain)      
+        else
+          o, e, s = Open3.capture3(Iptablez.bin_path, '-L')      
+        end
+        e.strip!
+        if s.success?
+          return o.split("\n").map(&:strip).each do |line|
+            yield line if block_given?
+          end
+        elsif MoveOn.continue?(continue: continue, message: e, known_errors: KNOWN_ERRORS)
+          return false
+        else
+          determine_error(chain: name, error: e)
+        end
+      end
+
+      # List a rule for a `chain` of a given name and `number`.
+      # @example Basic Usage
+      #   Iptablez::Commands::List.number(chain: "INPUT", number: 1)
+      #   # => false
+      #   Iptablez::Commands::List.number(chain: "FORWARD", number: 1)
+      #   # => String containing rule number 1 from the FOWARD chain.
+      # @example Basic Usage with a Block
+      #   Iptablez::Commands::List.number(chain: "INPUT", number: 1) do |chain, num, result|
+      #     puts "Rule #{num} in #{chain} is #{result}" if result
+      #   end
+      def self.number(chain:, number:, error: false, continue: !error)
+        if number.is_a? Integer
+          if number <= 0 && error
+            raise ArgumentError, "Invalid rule number #{number}!"
+          else
+            number = number.to_s
+          end
+        end
+        o, e, s = Open3.capture3(Iptablez.bin_path, '-L', chain, number.to_s)      
+        e.strip!
+        o.strip!
+        o = false if o.empty?
+        e = INVALID_RULE_NUMBER if e["Invalid rule number"]
+        e = UNKOWN_OPTION if e[": unknown option "]
+        if s.success?
+          yield [chain, number, o] if block_given?
+          return o
+        elsif MoveOn.continue?(continue: continue, message: e, known_errors: KNOWN_ERRORS)
+          return false
+        else
+          determine_error(chain: name, error: e, number: number)
+        end
+      end
+
+      # Determine if there is a rule for a given `chain` name with a given `number`.
+      # @example Basic Usage
+      #   Iptablez::Commands::List.number?(chain: "INPUT", number: 1)
+      #   # => false
+      #   Iptablez::Commands::List.number?(chain: "FORWARD", number: 1)
+      #   # => true
+      def self.number?(chain:, number:, error: false, continue: !error)
+        if number(chain: chain, number: number, continue: continue)
+          true
+        else
+          false
+        end
+      end
+      
+      # Determine if a given `number` could even be a possible number. Note: this will not
+      # check `iptables` for validation.
+      # @example Basic Usage
+      #   Iptablez::Commands::List.possible_valid_number?(number: 2)
+      #   # => true
+      #   Iptablez::Commands::List.possible_valid_number?(number: 0)
+      #   # => false
+      def self.possible_valid_number?(number:)
+        number = number.to_i if number.is_a? String
+        if number >= 1
+          true
+        else
+          false
+        end
+      end
+
+      # List the `iptables` rules for a chain of a given `name`. Optionally, you
+      # may specify to include `policy` information which can be helpful.
+      # @example Basic Usage
+      #   Iptablez::Commands::List.chain(name: "INPUT")
+      #   # => []
+      #   Iptablez::Commands::List.chain(name: "INPUT", policy: true)
+      #   # => ["-P INPUT ACCEPT"]
+      # @example Basic Usage with a Block
+      #   Iptablez::Commands::List.chain(name: "INPUT", policy: true) do |rule|
+      #     puts rule
+      #   end
+      def self.chain(name:, policy: false, error: false, continue: !error)
+        if policy
+          o, e, s = Open3.capture3(Iptablez.bin_path, '-S', name)      
+        else
+          o, e, s = Open3.capture3(Iptablez.bin_path, '-L', name)      
+        end
+        e.strip!
+        if s.success?
+          results = o.split("\n").map(&:strip).delete_if do |line|
+            line if line.split[0] == "Chain" || line.split[0] == "target"
+          end
+          results.each do |line|
+            yield line if block_given?
+          end
+          results
+        elsif MoveOn.continue?(continue: continue, message: e, known_errors: KNOWN_ERRORS)
+          return false
+        else
+          determine_error(chain: name, error: e)
+        end 
+      end
+    end
+  end
+end

data/lib/iptablez/commands/new_chain.rb

@@ -0,0 +1,71 @@
+module Iptablez
+  module Commands
+    module NewChain
+      # Move on Module
+      include MoveOn
+
+      CHAIN_ALREADY_EXITS_ERROR = 'iptables: Chain already exists.'
+      KNOWN_ERRORS = [CHAIN_ALREADY_EXITS_ERROR] 
+
+      # @api private
+      # Determine a given error. Optionally a chain can be used to provide better context.
+      private_class_method def self.determine_error(error:, chain: false)
+        error.strip!
+        if error == CHAIN_ALREADY_EXITS_ERROR 
+          raise ChainAlreadyExistsError, "#{chain} already exist!"
+        else
+          raise error
+        end
+      end
+
+      # Create a new chain of a given +name+, unless is already exists. This is the heart of the module.
+      # @param name     [String]  Single chain +name+.
+      # @param error    [Boolean] Determine if operations should raise/halt other possible operations with errors.
+      # @param continue [Boolean] Determine if operations should continue despite errors.
+      #
+      # @example Basic Usage
+      #   Iptablez::Commands::NewChain.chain(name: "dogs")
+      #   # => true
+      #   Iptablez::Commands::NewChain.chain(name: "dogs")
+      #   # => false
+      # @yield  [String, Boolean] The +name+ of the chain and +result+ of the operation if a block if given.
+      # @return [String, Boolean] Key value pairing of the given chain +name+ and the +result+ of the operation.
+      def self.chain(name:, error: false, continue: !error)
+        name = name.to_s unless name.is_a? String
+        _, e, s = Open3.capture3(Iptablez.bin_path, '-N', name.shellescape)
+        e.strip! # remove new line 
+        if s.success?
+          yield [name, true] if block_given?
+          return true
+        elsif MoveOn.continue?(continue: continue, message: e, known_errors: KNOWN_ERRORS)
+          yield [name, false] if block_given?
+          return false
+        else
+          determine_error(chain: name, error: e)
+        end 
+      end
+
+      # Create each +name+ from a given array of +names+ unless the chain already exists.
+      # @param names    [Array<String>] An array of chains to delete.
+      # @param error    [Boolean]       Determine if operations should raise/halt other possible operations with errors.
+      # @param continue [Boolean]       Determine if operations should continue despite errors.
+      #
+      # @example Basic Usage
+      #   Iptablez::Commands::DeleteChain.chain(names: ["dogs", "whales"])
+      #   # => {"dogs"=>false, "whales"=>true}
+      #
+      # @yield  [String, Boolean] The +name+ of the chain and +result+ of the operation if a block if given.
+      # @return [Hash]            Key value pairing of each given chain +name+ and the +result+ of the operation.
+      def self.chains(names:, error: false, continue: !error)
+        results = {}
+        names.each do |name|
+          chain(name: name, continue: continue) do |name, result|
+            yield [name, result] if block_given?
+            results[name] = result
+          end
+        end
+        results
+      end
+    end
+  end
+end

data/lib/iptablez/commands/policy.rb

@@ -0,0 +1,65 @@
+module Iptablez
+  module Commands
+    module Policy 
+      # Move on Module
+      include MoveOn
+
+      NO_CHAIN_MATCH_ERROR = 'iptables: No chain/target/match by that name.'.freeze
+      KNOWN_ERRORS         = [NO_CHAIN_MATCH_ERROR].freeze
+      
+      # @api private
+      # Determine a given error. Optionally a chain can be used to provide better context.
+      private_class_method def self.determine_error(error:, chain: false)
+        if error == NO_CHAIN_MATCH_ERROR
+          raise ChainExistenceError, "#{chain} doesn't exist!"
+        else
+          raise error
+        end
+      end
+
+      def self.all(target:, error: false, continue: !error)
+        if target
+          chains(names: Iptablez::Chains.defaults, target: target, continue: continue) do |result|
+            yield result if block_given?
+          end
+        else
+          Iptables::Chains.policies do |result|
+            yield result
+          end
+        end  
+      end
+
+      def self.defaults(target:, error: false, continue: !error)
+        chains(names: Iptablez::Chains.defaults, target: target, continue: continue) do |result|
+          yield result if block_given?
+        end
+      end
+
+      def self.chain(name:, target:, error: false, continue: !error)
+        _, e, s = Open3.capture3(Iptablez.bin_path, '-P', name, target)      
+        e.strip!
+        if s.success?
+          yield [name, target, true] if block_given?
+          return true
+        elsif MoveOn.continue?(continue: continue, message: e, known_errors: KNOWN_ERRORS)
+          yield [name, target, false] if block_given?
+          return false
+        else
+          determine_error(chain: name, error: e)
+        end
+      end
+
+      def self.chains(names:, target:, error: false, continue: !error)
+        results = {}
+        names.each do |name|
+          results[name] = {}
+          results[name][target] = chain(name: name, target: target, continue: continue) do |result|
+            yield result if block_given?
+          end
+        end
+        results
+      end
+
+    end
+  end
+end

data/lib/iptablez/commands/rename_chain.rb

@@ -0,0 +1,65 @@
+module Iptablez
+  module Commands
+    module RenameChain 
+      # Move on Module
+      include MoveOn
+
+
+      NO_CHAIN_MATCH_ERROR = 'iptables: No chain/target/match by that name.'.freeze
+      CHAIN_ALREADY_EXISTS = 'iptables: File exists.'.freeze
+      KNOWN_ERRORS = [NO_CHAIN_MATCH_ERROR, CHAIN_ALREADY_EXISTS].freeze
+
+      # @api private
+      # Determine a given error. Optionally a chain can be used to provide better context.
+      private_class_method def self.determine_error(error:, chain: false)
+        if error == NO_CHAIN_MATCH_ERROR
+          raise ChainExistenceError, "#{chain} doesn't exist!"
+        elsif error == CHAIN_ALREADY_EXISTS
+          raise ChainExistenceError, "#{chain} already exists!"
+        else
+          raise error
+        end
+      end
+      
+      # Rename a chain +from+ a given name +to+ a new name. This is the heart of this module.
+      # @param from [String] Single chain name to change +from+.
+      # @param to   [String] Single chain name to change +to+.
+      #
+      # @example Basic Usage
+      #   Iptablez::Commands::RenameChain.chain(from: "dogs", to: "cats")
+      #   # => true
+      #   Iptablez::Commands::RenameChain.chain(from: "dogs", to: "birds")
+      #   # => false
+      # 
+      # @yield  [String, String]
+      # @return [Boolean] 
+      def self.chain(from:, to:, error: false, continue: !error)
+        to   = to.to_s   unless to.is_a?   String 
+        from = from.to_s unless from.is_a? String
+        _, e, s = Open3.capture3(Iptablez.bin_path, '-E', from.shellescape, to.shellescape)      
+        e.strip!
+        if s.success?
+          yield [from, to, true] if block_given?
+          return true
+        elsif MoveOn.continue?(continue: continue, message: e, known_errors: KNOWN_ERRORS)
+          yield [from, to, false] if block_given?
+          return false
+        else
+          determine_error(chain: name, error: e)
+        end
+      end
+
+      def self.chains(pairs:, error: false, continue: !error)
+        results = {}
+        pairs.each do |from, to|
+          results[from] = {}
+          results[from][to] = chain(from: from, to: to, continue: continue) do |from, to, result|
+            yield [from, to, result] if block_given?
+          end
+        end
+        results
+      end
+
+    end
+  end
+end

data/lib/iptablez/commands/version.rb

@@ -0,0 +1,18 @@
+module Iptablez
+  module Commands
+    # @todo
+    module Version 
+      def self.number 
+        o, e, s = Open3.capture3(Iptablez.bin_path, '--version')      
+        return o.strip.split[1].gsub('v','') if s.success?
+        raise e 
+      end
+      
+      def self.full
+        o, e, s = Open3.capture3(Iptablez.bin_path, '--version')      
+        return o.strip if s.success?
+        raise e 
+      end
+    end
+  end
+end

data/lib/iptablez/commands/zero.rb

@@ -0,0 +1,18 @@
+module Iptablez
+  module Commands
+    # @todo
+    module Zero 
+      def self.all
+        o, e, s = Open3.capture3(Iptablez.bin_path, '-Z')      
+        return true if s.success?
+        raise e 
+      end
+
+      def self.chain(name:)
+        o, e, s = Open3.capture3(Iptablez.bin_path, '-Z', name)      
+        return true if s.success?
+        raise e 
+      end
+    end
+  end
+end