RubyGems - pomelo-router - Versions diffs - 0.0.2 - Mend

pomelo-router 0.0.2

Files changed (7) hide show

checksums.yaml ADDED

@@ -0,0 +1,15 @@
+---
+!binary "U0hBMQ==":
+  metadata.gz: !binary |-
+    ODc0MzUwYWIxZWJhMWUwYzVmY2ZjNzkyNjk4ZWFlZGNiOTkzMmQwMg==
+  data.tar.gz: !binary |-
+    ZTAyMDU2ZmEyODkxMWQ5MjFkMWM1MmQxNGVjMzdjOGQyNGIyZjkyOQ==
+SHA512:
+  metadata.gz: !binary |-
+    YjY3MGQ2Njg3NGJiZjgyYTZlYWFiMGY4NGYxYjQxYTA5ZDU1ZjQwODk4YmI3
+    ZDNkYWI0NjI5NzI1ODZmNzhhZjA5NDY4ZjBlZjAzMjE4YTQ1ZjYyYWMzNTI0
+    NTM3Y2ZlYzU2Y2NkZmIyYTczMTk0NWI4N2QyODZiZTk2Njc1MGU=
+  data.tar.gz: !binary |-
+    MTNmZjdkMDg4OWE1MzBhNDJhOTZhMGE1MjU4MTYzOTBhZjFmNjg5MDFiZmQ3
+    OGEwODNkMTA0YzBkMmNkNTljMjg3NzY2NGE0NjI5YjAxOGU1MWEyYTZiNDU3
+    YjkyNzQzYzJlMmM5ZWVlMTc1NTliMDQ5MWRhNDk3MTIxYTAxOTk=

data/bin/pomelo ADDED

@@ -0,0 +1,6 @@
+#! /usr/bin/env ruby
+require 'pomelo'
+p = Pomelo.from_argv(ARGV)
+p.run

data/config.toml.example ADDED

@@ -0,0 +1,85 @@
+[networks]
+  # required, the loopback device, normally will be lo or lo0
+  loopback = "lo"
+  allow_icmp = true
+  [networks.internet]
+    ip = "111.111.111.111"
+    dev = "eth0"
+  [networks.locals]
+    [networks.locals.office]
+      net = "192.168.0.0/24"
+      dev = "eth1"
+    [networks.locals.guest]
+      net = "192.168.1.0/24"
+      dev = "eth1"
+  [networks.externals]
+    [networks.externals.vpn]
+      host = "192.168.99.2/24"
+      dev = "tun0"
+# custom host/ip ranges definitions
+[groups]
+  [groups.router]
+    host = "192.168.0.1"
+  [groups.www]
+    host = "192.168.0.2"
+  [groups.users]
+    range = "192.168.0.100-192.168.0.199"
+[traffic]
+  # default iptables rule, allow or deny
+  # if you set this to be deny, you will
+  # have to manually set the ports
+  # in the ports section
+  global = "deny"
+# openning ports on router
+# not necessary when traffic.global is "allow"
+[[ports]]
+  protocol = "tcp"
+  port = 22
+  dev = "eth0"
+[[ports]]
+  protocol = "tcp"
+  port = 8080
+  dev = "eth0"
+[[ports]]
+  protocol = "tcp"
+  port = 443
+  dev = "eth0"
+# rules
+[[rules]]
+  # access vpns for users
+  method = "gateway"
+  from = "#{groups.users}"
+  to = "#{networks.externals.vpn}"
+# gateway settings
+[[rules]]
+  method = "gateway"
+  from = "#{networks.locals.office}"
+  to = "#{networks.internet}"
+[[rules]]
+  method = "gateway"
+  from = "#{networks.locals.guest}"
+  to = "#{networks.internet}"
+# port forwarding
+[[rules]]
+  method = "forward"
+  from = 8080
+  protocol = "tcp"
+  to = "#{groups.www.host}:80"
+[[rules]]
+  method = "forward"
+  from = "50000:60000"
+  protocol = "tcp"
+  to = "#{groups.www.host}"

data/lib/pomelo.rb ADDED

@@ -0,0 +1,9 @@
+require 'pomelo/opts'
+require 'pomelo/parser'
+module Pomelo
+  def Pomelo.from_argv(argv)
+    opts = Opts.parse(argv)
+    return Parser.new(opts)
+  end
+end

data/lib/pomelo/opts.rb ADDED

@@ -0,0 +1,39 @@
+require 'optparse'
+require 'optparse/time'
+require 'ostruct'
+module Pomelo
+class Opts
+  def self.parse(args)
+    options = OpenStruct.new
+    options.mode = "run"
+    options.config_file = nil
+    opt = OptionParser.new do |opts|
+      opts.banner = "Usage: pomelo [-rp] path/to/config.yaml"
+      opts.separator ""
+      opts.separator "Specific options:"
+      opts.on("-r", "--run", "run commands") do
+        options.mode = "run"
+      end
+      opts.on("-p", "--print", "print commands") do
+        options.mode = "print"
+      end
+      opts.on("-c", "--configi [PATH]", String, "config file path") do |f|
+        options.config_file = f
+      end
+      opts.separator ""
+      opts.separator "Common options:"
+      opts.on_tail("-h", "--help", "Show help message") do
+        puts opts
+        exit
+      end
+    end
+    opt.parse!(args)
+    return options
+  end
+end
+end

data/lib/pomelo/parser.rb ADDED

@@ -0,0 +1,158 @@
+require 'toml'
+module Pomelo
+  class Parser
+    def initialize(opts)
+      @opts = opts
+      @commands = []
+      @config = get_config
+    end
+    def parse
+      parse_routes
+      parse_iptables
+    end
+    def run
+      parse
+      run_commands = @commands.join("\n")
+      if print_only?
+        puts run_commands
+      else
+        system run_commands
+      end
+    end
+    private
+    def print_only?
+      return @opts.mode == "print"
+    end
+    def get_config
+      config_file = @opts.config_file
+      unless config_file
+        puts "config file required"
+        exit
+      end
+      begin
+        config = TOML.load_file(config_file)
+      rescue Exception => e
+        puts e
+        puts e.backtrace.join("\n")
+        exit
+      end
+      return config
+    end
+    def parse_routes
+    end
+    def parse_iptables
+      init_iptables
+      open_ports
+      traffic_rules
+    end
+    def add_command(cmd)
+      @commands << cmd
+    end
+    def get_value(key)
+      parts = key.split "."
+      c = @config
+      parts.each do |p|
+        c = c[p]
+      end
+      # parsing quotes
+      c = parse_value(c) if c.is_a?(String)
+      return c
+    end
+    def parse_value(str)
+      return str.gsub(/\#\{([^\}]+)\}/) do |s|
+        a = s.gsub(/[\#\{\}]/, "")
+        return get_value(a)
+      end
+    end
+    def init_iptables
+      s = get_value("traffic.global") == "allow" ? "ACCEPT" : "DROP"
+      lo = get_value("networks.loopback")
+      add_command "iptables -F"
+      add_command "iptables -P INPUT #{s}"
+      add_command "iptables -P OUTPUT #{s}"
+      add_command "iptables -P FORWARD #{s}"
+      # allow loopback
+      add_command "iptables -A INPUT -i #{lo} -j ACCEPT"
+      add_command "iptables -A OUTPUT -o #{lo} -j ACCEPT"
+      # allow ping
+      if get_value("networks.allow_icmp")
+        add_command "iptables -A INPUT -p icmp -j ACCEPT"
+        add_command "iptables -A OUTPUT -p icmp -j ACCEPT"
+      end
+    end
+    def open_ports
+      get_value("ports").each do |p|
+        add_command "iptables -A INPUT -i #{p["dev"]} -p #{p["protocol"]} --dport #{p["port"]} -j ACCEPT"
+        add_command "iptables -A OUTPUT -o #{p["dev"]} -p #{p["protocol"]} --sport #{p["port"]} -j ACCEPT"
+      end
+    end
+    def traffic_rules
+      get_value("rules").each do |r|
+        parse_rule(r)
+      end
+    end
+    def parse_rule(r)
+      method = r["method"]
+      if method == "gateway"
+        parse_gateway_rule(r)
+      elsif method == "forward"
+        parse_forward_rule(r)
+      end
+    end
+    def parse_gateway_rule(r)
+      from = parse_value(r["from"])
+      to = parse_value(r["to"])
+      source = nil
+      if from["host"]
+        source = "-s #{from["host"]}"
+      elsif from["net"]
+        source = "-s #{from["net"]}"
+      elsif from["range"]
+        source = "-m iprange --src-range #{from["range"]}"
+      else
+        raise "from must contain host or range"
+      end
+      add_command "iptables -t nat -A POSTROUTING #{source} -o #{to["dev"]} -j MASQUERADE"
+    end
+    def parse_forward_rule(r)
+      from = r["from"]
+      protocol = r["protocol"] || "tcp"
+      # forward requires host for destination
+      to_host, to_port = parse_value(r["to"]).split(":")
+      if to_port
+        to = "#{to_host}:#{to_port}"
+      else
+        to_port = from
+        to = to_host
+      end
+      add_command "iptables -t nat -A PREROUTING -p #{protocol} --dport #{from} -j DNAT --to #{to}"
+      add_command "iptables -A FORWARD -p #{protocol} -d #{to_host} --dport #{to_port} -j ACCEPT"
+    end
+  end
+end

metadata ADDED

@@ -0,0 +1,63 @@
+--- !ruby/object:Gem::Specification
+name: pomelo-router
+version: !ruby/object:Gem::Version
+  version: 0.0.2
+platform: ruby
+authors:
+- Leon Chen
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2015-09-11 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: toml
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.1.2
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.1.2
+description: linux router network setup automation
+email: leonhart.chen@gmail.com
+executables:
+- pomelo
+extensions: []
+extra_rdoc_files: []
+files:
+- bin/pomelo
+- config.toml.example
+- lib/pomelo.rb
+- lib/pomelo/opts.rb
+- lib/pomelo/parser.rb
+homepage: https://github.com/leonchen/pomelo
+licenses:
+- MIT
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project:
+rubygems_version: 2.4.6
+signing_key:
+specification_version: 4
+summary: pomelo-router
+test_files: []