netfilter-ruby 4.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (24) hide show
  1. checksums.yaml +7 -0
  2. data/.gitignore +17 -0
  3. data/.rspec +2 -0
  4. data/Gemfile +4 -0
  5. data/LICENSE.txt +22 -0
  6. data/README.md +63 -0
  7. data/Rakefile +5 -0
  8. data/lib/netfilter.rb +107 -0
  9. data/lib/netfilter/chain.rb +61 -0
  10. data/lib/netfilter/eb_tables.rb +18 -0
  11. data/lib/netfilter/filter.rb +52 -0
  12. data/lib/netfilter/ip6_tables.rb +5 -0
  13. data/lib/netfilter/ip_tables.rb +23 -0
  14. data/lib/netfilter/table.rb +62 -0
  15. data/lib/netfilter/tool.rb +132 -0
  16. data/lib/netfilter/version.rb +3 -0
  17. data/netfilter.gemspec +26 -0
  18. data/spec/netfilter/eb_tables_spec.rb +209 -0
  19. data/spec/netfilter/ip_tables_spec.rb +133 -0
  20. data/spec/netfilter/table_spec.rb +15 -0
  21. data/spec/netfilter/tool_spec.rb +123 -0
  22. data/spec/netfilter_spec.rb +82 -0
  23. data/spec/spec_helper.rb +18 -0
  24. metadata +143 -0
data/spec/netfilter/table_spec.rb ADDED
@@ -0,0 +1,15 @@
1
+ #encoding: utf-8
2
+ require 'spec_helper'
3
+ describe Netfilter::Table do
4
+ describe "Instance Methods" do
5
+ describe "chain" do
6
+ it "should not create a new chain if one with the same name already exists" do
7
+ tool = Netfilter::Tool.new
8
+ tool.table("filter").chain("test1")
9
+ tool.table("filter").chain("test2")
10
+ tool.table("filter").chain(:test1)
11
+ tool.table("filter").chains.count.should eq(2)
12
+ end
13
+ end
14
+ end
15
+ end
data/spec/netfilter/tool_spec.rb ADDED
@@ -0,0 +1,123 @@
1
+ #encoding: utf-8
2
+ require 'spec_helper'
3
+ describe Netfilter::Tool do
4
+ describe "Instance Methods" do
5
+ before do
6
+ @tool = Netfilter::Tool.new do |eb|
7
+ eb.table :filter do |t|
8
+ t.chain :input do |c|
9
+ c.filter :protocol => :tcp, :dport => 22, :jump => :text
10
+ c.insert :protocol => :udp, :dport => 53, :jump => :text
11
+ end
12
+
13
+ t.chain :text do |c|
14
+ c.filter :protocol => :udp, :dport => 80, :jump => :return
15
+ end
16
+ end
17
+ end
18
+ end
19
+
20
+ describe "commands" do
21
+ it "should return a list of system command to apply the rules to the system" do
22
+ @tool.commands.should eq [
23
+ "tool --table filter --new-chain text",
24
+ "tool --table filter --append INPUT --protocol udp --dport 53 --jump text",
25
+ "tool --table filter --append INPUT --protocol tcp --dport 22 --jump text",
26
+ "tool --table filter --append text --protocol udp --dport 80 --jump RETURN",
27
+ ]
28
+ end
29
+
30
+ it "should respect a set namespace" do
31
+ @tool.namespace = "bobby"
32
+ @tool.commands.should eq [
33
+ "tool --table filter --new-chain bobby-text",
34
+ "tool --table filter --append INPUT --protocol udp --dport 53 --jump bobby-text",
35
+ "tool --table filter --append INPUT --protocol tcp --dport 22 --jump bobby-text",
36
+ "tool --table filter --append bobby-text --protocol udp --dport 80 --jump RETURN",
37
+ ]
38
+ end
39
+ end
40
+
41
+ describe "up" do
42
+ it "should apply the rules to the system" do
43
+ executed = []
44
+ @tool.stub(:execute){ |command| executed << command }
45
+ @tool.up
46
+ executed.should eq [
47
+ "tool --table filter --new-chain text",
48
+ "tool --table filter --append INPUT --protocol udp --dport 53 --jump text",
49
+ "tool --table filter --append INPUT --protocol tcp --dport 22 --jump text",
50
+ "tool --table filter --append text --protocol udp --dport 80 --jump RETURN",
51
+ ]
52
+ end
53
+
54
+ it "should remove again all already applied rules in case applying the next rule fails" do
55
+ trigger = true
56
+ executed = []
57
+ @tool.stub(:execute) do |command|
58
+ if trigger && executed.count == 3
59
+ trigger = false
60
+ raise Netfilter::SystemError, "fake"
61
+ end
62
+ executed << command
63
+ end
64
+ lambda{ @tool.up }.should raise_error(Netfilter::SystemError, "fake")
65
+ executed.should eq [
66
+ "tool --table filter --new-chain text",
67
+ "tool --table filter --append INPUT --protocol udp --dport 53 --jump text",
68
+ "tool --table filter --append INPUT --protocol tcp --dport 22 --jump text",
69
+ "tool --table filter --delete INPUT --protocol tcp --dport 22 --jump text",
70
+ "tool --table filter --delete INPUT --protocol udp --dport 53 --jump text",
71
+ "tool --table filter --delete-chain text",
72
+ ]
73
+ end
74
+ end
75
+
76
+ describe "down" do
77
+ it "should remove the rules from the system" do
78
+ executed = []
79
+ @tool.stub(:execute){ |command| executed << command }
80
+ @tool.down
81
+ executed.should eq [
82
+ "tool --table filter --delete text --protocol udp --dport 80 --jump RETURN",
83
+ "tool --table filter --delete INPUT --protocol tcp --dport 22 --jump text",
84
+ "tool --table filter --delete INPUT --protocol udp --dport 53 --jump text",
85
+ "tool --table filter --delete-chain text",
86
+ ]
87
+ end
88
+
89
+ it "should not delete individual rules if the whole chain gets deleted" do
90
+ pending "optimization not implemented yet"
91
+ # executed = []
92
+ # @tool.stub(:execute){ |command| executed << command }
93
+ # @tool.down
94
+ # executed.should eq [
95
+ # "tool --table filter --delete-chain text",
96
+ # "tool --table filter --delete INPUT --protocol tcp --dport 22 --jump text",
97
+ # ]
98
+ end
99
+ end
100
+
101
+ describe "export" do
102
+ it "should return a hash suitable for import" do
103
+ import = Netfilter::Tool.import(@tool.export)
104
+ @tool.commands.should eq(import.commands)
105
+ end
106
+
107
+ it "should return a hash suitable for json serialization and later import" do
108
+ import = Netfilter::Tool.import(JSON.parse(@tool.export.to_json))
109
+ @tool.commands.should eq(import.commands)
110
+ end
111
+ end
112
+
113
+ describe "table" do
114
+ it "should not create a new table if one with the same name already exists" do
115
+ tool = Netfilter::Tool.new
116
+ tool.table("filter")
117
+ tool.table(:filter)
118
+ tool.table("nat")
119
+ tool.tables.count.should eq(2)
120
+ end
121
+ end
122
+ end
123
+ end
data/spec/netfilter_spec.rb ADDED
@@ -0,0 +1,82 @@
1
+ #encoding: utf-8
2
+ require 'spec_helper'
3
+ describe Netfilter do
4
+ describe "Instance Methods" do
5
+ before do
6
+ @netfilter = Netfilter.new
7
+ end
8
+
9
+ describe "up" do
10
+ it "should apply the rules of all underlying tools" do
11
+ @netfilter.eb_tables.should_receive(:up).ordered
12
+ @netfilter.ip_tables.should_receive(:up).ordered
13
+ @netfilter.ip6_tables.should_receive(:up).ordered
14
+ @netfilter.up
15
+ end
16
+
17
+ it "should remove applied rules again if anything fails" do
18
+ @netfilter.eb_tables.should_receive(:up).ordered
19
+ @netfilter.ip_tables.should_receive(:up).ordered.and_return{ raise ArgumentError, "fake" }
20
+ @netfilter.eb_tables.should_receive(:down).ordered
21
+ lambda{ @netfilter.up }.should raise_error(ArgumentError, "fake")
22
+ end
23
+ end
24
+
25
+ describe "down" do
26
+ it "should remove the rules of all underlying tools" do
27
+ @netfilter.eb_tables.should_receive(:down).ordered
28
+ @netfilter.ip_tables.should_receive(:down).ordered
29
+ @netfilter.ip6_tables.should_receive(:down).ordered
30
+ @netfilter.down
31
+ end
32
+
33
+ it "should apply removed rules again if anything fails" do
34
+ @netfilter.eb_tables.should_receive(:down).ordered
35
+ @netfilter.ip_tables.should_receive(:down).ordered.and_return{ raise ArgumentError, "fake" }
36
+ @netfilter.eb_tables.should_receive(:up).ordered
37
+ lambda{ @netfilter.down }.should raise_error(ArgumentError, "fake")
38
+ end
39
+ end
40
+
41
+ describe "export" do
42
+ before do
43
+ @netfilter.ip_tables do |ip|
44
+ ip.table :filter do |t|
45
+ t.chain :input do |c|
46
+ c.filter :protocol => :udp, :jump => :drop
47
+ c.insert :protocol => :tcp, :jump => :drop
48
+ end
49
+ end
50
+ end
51
+
52
+ @netfilter.ip6_tables do |ip|
53
+ ip.table :filter do |t|
54
+ t.chain :input do |c|
55
+ c.filter :protocol => :tcp, :jump => :drop
56
+ end
57
+ end
58
+ end
59
+
60
+ @netfilter.eb_tables do |eb|
61
+ eb.table :filter do |t|
62
+ t.chain :input do |c|
63
+ c.filter :protocol => :arp, :jump => :drop
64
+ end
65
+ end
66
+ end
67
+ end
68
+
69
+ it "should return a hash suitable for import" do
70
+ export = @netfilter.export
71
+ import = Netfilter.import(export)
72
+ import.export.should == export
73
+ end
74
+
75
+ it "should return a hash suitable for json serialization and later import" do
76
+ export = @netfilter.export.to_json
77
+ import = Netfilter.import(JSON.parse(export))
78
+ import.export.to_json.should == export
79
+ end
80
+ end
81
+ end
82
+ end
data/spec/spec_helper.rb ADDED
@@ -0,0 +1,18 @@
1
+ #encoding: utf-8
2
+ require "rubygems"
3
+ require "bundler/setup"
4
+ require "netfilter"
5
+ require "awesome_print"
6
+ require "json"
7
+
8
+ RSpec.configure do |config|
9
+ config.treat_symbols_as_metadata_keys_with_true_values = true
10
+ config.run_all_when_everything_filtered = true
11
+ config.filter_run :focus
12
+
13
+ # Run specs in random order to surface order dependencies. If you find an
14
+ # order dependency and want to debug it, you can fix the order by providing
15
+ # the seed, which is printed after each run.
16
+ # --seed 1234
17
+ config.order = "random"
18
+ end
metadata ADDED
@@ -0,0 +1,143 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: netfilter-ruby
3
+ version: !ruby/object:Gem::Version
4
+ version: '4.2'
5
+ platform: ruby
6
+ authors:
7
+ - Netskin GmbH
8
+ - Corin Langosch
9
+ autorequire:
10
+ bindir: bin
11
+ cert_chain: []
12
+ date: 2013-12-20 00:00:00.000000000 Z
13
+ dependencies:
14
+ - !ruby/object:Gem::Dependency
15
+ name: activesupport
16
+ requirement: !ruby/object:Gem::Requirement
17
+ requirements:
18
+ - - '>='
19
+ - !ruby/object:Gem::Version
20
+ version: 3.0.0
21
+ type: :runtime
22
+ prerelease: false
23
+ version_requirements: !ruby/object:Gem::Requirement
24
+ requirements:
25
+ - - '>='
26
+ - !ruby/object:Gem::Version
27
+ version: 3.0.0
28
+ - !ruby/object:Gem::Dependency
29
+ name: rspec
30
+ requirement: !ruby/object:Gem::Requirement
31
+ requirements:
32
+ - - ~>
33
+ - !ruby/object:Gem::Version
34
+ version: '2.12'
35
+ type: :development
36
+ prerelease: false
37
+ version_requirements: !ruby/object:Gem::Requirement
38
+ requirements:
39
+ - - ~>
40
+ - !ruby/object:Gem::Version
41
+ version: '2.12'
42
+ - !ruby/object:Gem::Dependency
43
+ name: awesome_print
44
+ requirement: !ruby/object:Gem::Requirement
45
+ requirements:
46
+ - - '>='
47
+ - !ruby/object:Gem::Version
48
+ version: '0'
49
+ type: :development
50
+ prerelease: false
51
+ version_requirements: !ruby/object:Gem::Requirement
52
+ requirements:
53
+ - - '>='
54
+ - !ruby/object:Gem::Version
55
+ version: '0'
56
+ - !ruby/object:Gem::Dependency
57
+ name: json
58
+ requirement: !ruby/object:Gem::Requirement
59
+ requirements:
60
+ - - '>='
61
+ - !ruby/object:Gem::Version
62
+ version: '0'
63
+ type: :development
64
+ prerelease: false
65
+ version_requirements: !ruby/object:Gem::Requirement
66
+ requirements:
67
+ - - '>='
68
+ - !ruby/object:Gem::Version
69
+ version: '0'
70
+ - !ruby/object:Gem::Dependency
71
+ name: rake
72
+ requirement: !ruby/object:Gem::Requirement
73
+ requirements:
74
+ - - '>='
75
+ - !ruby/object:Gem::Version
76
+ version: '0'
77
+ type: :development
78
+ prerelease: false
79
+ version_requirements: !ruby/object:Gem::Requirement
80
+ requirements:
81
+ - - '>='
82
+ - !ruby/object:Gem::Version
83
+ version: '0'
84
+ description: Awesome Netfilter management
85
+ email:
86
+ - info@netskin.com
87
+ - info@corinlangosch.com
88
+ executables: []
89
+ extensions: []
90
+ extra_rdoc_files: []
91
+ files:
92
+ - .gitignore
93
+ - .rspec
94
+ - Gemfile
95
+ - LICENSE.txt
96
+ - README.md
97
+ - Rakefile
98
+ - lib/netfilter.rb
99
+ - lib/netfilter/chain.rb
100
+ - lib/netfilter/eb_tables.rb
101
+ - lib/netfilter/filter.rb
102
+ - lib/netfilter/ip6_tables.rb
103
+ - lib/netfilter/ip_tables.rb
104
+ - lib/netfilter/table.rb
105
+ - lib/netfilter/tool.rb
106
+ - lib/netfilter/version.rb
107
+ - netfilter.gemspec
108
+ - spec/netfilter/eb_tables_spec.rb
109
+ - spec/netfilter/ip_tables_spec.rb
110
+ - spec/netfilter/table_spec.rb
111
+ - spec/netfilter/tool_spec.rb
112
+ - spec/netfilter_spec.rb
113
+ - spec/spec_helper.rb
114
+ homepage: http://github.com/netskin/netfilter-ruby
115
+ licenses: []
116
+ metadata: {}
117
+ post_install_message:
118
+ rdoc_options: []
119
+ require_paths:
120
+ - lib
121
+ required_ruby_version: !ruby/object:Gem::Requirement
122
+ requirements:
123
+ - - '>='
124
+ - !ruby/object:Gem::Version
125
+ version: '0'
126
+ required_rubygems_version: !ruby/object:Gem::Requirement
127
+ requirements:
128
+ - - '>='
129
+ - !ruby/object:Gem::Version
130
+ version: '0'
131
+ requirements: []
132
+ rubyforge_project:
133
+ rubygems_version: 2.1.11
134
+ signing_key:
135
+ specification_version: 4
136
+ summary: Awesome Netfilter (iptables & ebtables) management using ruby
137
+ test_files:
138
+ - spec/netfilter/eb_tables_spec.rb
139
+ - spec/netfilter/ip_tables_spec.rb
140
+ - spec/netfilter/table_spec.rb
141
+ - spec/netfilter/tool_spec.rb
142
+ - spec/netfilter_spec.rb
143
+ - spec/spec_helper.rb