puffy 0.1.0 → 0.2.0

data/lib/puffy/puppet.rb

@@ -15,8 +15,8 @@ module Puffy
 
       @formatters = [
         Puffy::Formatters::Pf::Ruleset.new,
-        Puffy::Formatters::Netfilter4::Ruleset.new,
-        Puffy::Formatters::Netfilter6::Ruleset.new,
+        Puffy::Formatters::Iptables4::Ruleset.new,
+        Puffy::Formatters::Iptables6::Ruleset.new,
       ]
     end
 
@@ -29,9 +29,7 @@ module Puffy
 
         next unless fragment_changed?(fragment_name, fragment_content)
 
-        File.open(fragment_name, 'w') do |f|
-          f.write(fragment_content)
-        end
+        File.write(fragment_name, fragment_content)
       end
     end
 
@@ -67,7 +65,7 @@ module Puffy
     def fragment_changed?(fragment_name, fragment_content)
       return true unless File.exist?(fragment_name)
 
-      File.read(fragment_name).split("\n").reject { |l| l =~ /^#/ } != fragment_content.split("\n").reject { |l| l =~ /^#/ }
+      File.read(fragment_name).split("\n").grep_v(/^#/) != fragment_content.split("\n").grep_v(/^#/)
     end
   end
 end

data/lib/puffy/resolver.rb

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
 
+require 'open-uri'
 require 'resolv'
 require 'singleton'
 
@@ -29,8 +30,39 @@ module Puffy
       end
     end
 
+    # Resolve the SRV record for +service+ and return its target and port.
+    #
+    # @example
+    #   Resolver.instance.resolv_srv('_http._tcp.deb.debian.org')
+    #   #=> [{ host: 'debian.map.fastlydns.net.', port: 80 }]
+    #
+    # @param service [String] The service to resolve
+    # @return [Array<Hash>]
+    def resolv_srv(service)
+      proto = service.split('.')[1][1..-1].to_sym
+      @dns.getresources(service, Resolv::DNS::Resource::IN::SRV).collect { |r| { host: r.target.to_s, port: r.port, proto_hint: proto } }.sort
+    end
+
+    def resolv_apt_mirror(url)
+      res = []
+      http_url = url.sub(%r{^mirror(\+http)?://}, 'http://')
+      res << parse_url(http_url)
+
+      URI.parse(http_url).open do |document|
+        document.each_line do |line|
+          res << parse_url(line)
+        end
+      end
+      res
+    end
+
     private
 
+    def parse_url(url)
+      url =~ %r{^([^:]+)://([^/]+)}
+      { host: Regexp.last_match(2), port: Regexp.last_match(1), proto_hint: :tcp }
+    end
+
     def resolv_ipaddress(address, address_family)
       filter_af(address, address_family)
     end

data/lib/puffy/rule.rb

@@ -66,6 +66,8 @@ module Puffy
 
       @af = detect_af unless af
 
+      self.proto ||= from_proto_hint || to_proto_hint
+
       raise "unsupported action `#{options[:action]}'" unless valid_action?
       raise 'if from_port or to_port is specified, the protocol must also be given' if port_without_protocol?
     end
@@ -138,16 +140,22 @@ module Puffy
     #   Returns the source host of the Puffy::Rule.
     # @!method from_port
     #   Returns the source port of the Puffy::Rule.
+    # @!method from_proto_hint
+    #   Returns the proto hint of the Puffy::Rule.
     # @!method to_host
     #   Returns the destination host of the Puffy::Rule.
     # @!method to_port
     #   Returns the destination port of the Puffy::Rule.
+    # @!method to_proto_hint
+    #   Returns the proto hint of the Puffy::Rule.
     # @!method rdr_to_host
     #   Returns the redirect destination host of the Puffy::Rule.
     # @!method rdr_to_port
     #   Returns the redirect destination port of the Puffy::Rule.
+    # @!method rdr_to_proto_hint
+    #   Returns the proto hint of the Puffy::Rule (does not make sense).
     %i[from to rdr_to].each do |destination|
-      %i[host port].each do |param|
+      %i[host port proto_hint].each do |param|
         define_method("#{destination}_#{param}") do
           res = public_send(destination)
           res && res[param]
@@ -197,7 +205,8 @@ module Puffy
         if res.nil? then nil
         elsif res.ipv4? then :inet
         elsif res.ipv6? then :inet6
-        else raise 'Fail'
+        else
+          raise 'Fail'
         end
       end.uniq.compact
     end

data/lib/puffy/rule_factory.rb

@@ -34,7 +34,7 @@ module Puffy
     def build(options = {})
       return [] if options == {}
 
-      options = { action: nil, return: false, dir: nil, af: nil, proto: nil, on: nil, from: { host: nil, port: nil }, to: { host: nil, port: nil }, nat_to: nil, rdr_to: { host: nil, port: nil } }.merge(options)
+      options = { action: nil, return: false, dir: nil, af: nil, proto: nil, on: nil, from: [{ host: nil, port: nil }], to: [{ host: nil, port: nil }], nat_to: nil, rdr_to: [{ host: nil, port: nil }] }.merge(options)
 
       options = resolv_hostnames_and_ports(options)
       instanciate_rules(options)
@@ -44,8 +44,10 @@ module Puffy
 
     def resolv_hostnames_and_ports(options)
       %i[from to rdr_to].each do |endpoint|
-        options[endpoint][:host] = host_lookup(options[endpoint][:host])
-        options[endpoint][:port] = port_lookup(options[endpoint][:port])
+        options[endpoint].map do |ep|
+          ep[:host] = host_lookup(ep[:host])
+          ep[:port] = port_lookup(ep[:port])
+        end
       end
       options[:nat_to] = host_lookup(options[:nat_to])
       options
@@ -74,8 +76,8 @@ module Puffy
       end
     end
 
-    def af_match_policy?(af)
-      @af.nil? || af.nil? || af == @af
+    def af_match_policy?(address_family)
+      @af.nil? || address_family.nil? || address_family == @af
     end
 
     def host_lookup(host)

data/lib/puffy/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Puffy # :nodoc:
-  VERSION = '0.1.0'
+  VERSION = '0.2.0'
 end

data/lib/puffy.rb

@@ -4,9 +4,9 @@ require 'core_ext'
 
 require 'puffy/parser.tab'
 require 'puffy/formatters/base'
-require 'puffy/formatters/netfilter'
-require 'puffy/formatters/netfilter4'
-require 'puffy/formatters/netfilter6'
+require 'puffy/formatters/iptables'
+require 'puffy/formatters/iptables4'
+require 'puffy/formatters/iptables6'
 require 'puffy/formatters/pf'
 require 'puffy/puppet'
 require 'puffy/resolver'
@@ -15,6 +15,7 @@ require 'puffy/rule_factory'
 require 'puffy/version'
 
 module Puffy
+  # Base class for application errors with a configuration file
   class PuffyError < RuntimeError
     def initialize(message, token)
       super(message)
@@ -54,9 +55,11 @@ module Puffy
     end
   end
 
+  # Invalid configuration file
   class ParseError < PuffyError
   end
 
+  # Syntax error in configuration file
   class SyntaxError < PuffyError
   end
 end

data/puffy.gemspec

@@ -18,6 +18,7 @@ Gem::Specification.new do |spec|
   spec.metadata['homepage_uri'] = spec.homepage
   spec.metadata['source_code_uri'] = spec.homepage
   spec.metadata['changelog_uri'] = spec.homepage
+  spec.metadata['rubygems_mfa_required'] = 'true'
 
   # Specify which files should be added to the gem when it is released.
   # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
@@ -36,6 +37,7 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'aruba'
   spec.add_development_dependency 'bundler'
   spec.add_development_dependency 'cucumber'
+  spec.add_development_dependency 'github_changelog_generator'
   spec.add_development_dependency 'racc'
   spec.add_development_dependency 'rake'
   spec.add_development_dependency 'rspec'

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: puffy
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.2.0
 platform: ruby
 authors:
 - Romain Tartière
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-10-11 00:00:00.000000000 Z
+date: 2022-12-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: cri
@@ -80,6 +80,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: github_changelog_generator
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: racc
   requirement: !ruby/object:Gem::Requirement
@@ -200,11 +214,13 @@ executables:
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/CODEOWNERS"
 - ".github/workflows/ci.yml"
 - ".gitignore"
 - ".rspec"
 - ".rubocop.yml"
 - ".simplecov"
+- CHANGELOG.md
 - Gemfile
 - README.md
 - Rakefile
@@ -213,9 +229,9 @@ files:
 - lib/puffy.rb
 - lib/puffy/cli.rb
 - lib/puffy/formatters/base.rb
-- lib/puffy/formatters/netfilter.rb
-- lib/puffy/formatters/netfilter4.rb
-- lib/puffy/formatters/netfilter6.rb
+- lib/puffy/formatters/iptables.rb
+- lib/puffy/formatters/iptables4.rb
+- lib/puffy/formatters/iptables6.rb
 - lib/puffy/formatters/pf.rb
 - lib/puffy/parser.tab.rb
 - lib/puffy/puppet.rb
@@ -232,6 +248,7 @@ metadata:
   homepage_uri: https://github.com/opus-codium/puffy
   source_code_uri: https://github.com/opus-codium/puffy
   changelog_uri: https://github.com/opus-codium/puffy
+  rubygems_mfa_required: 'true'
 post_install_message:
 rdoc_options: []
 require_paths:
@@ -247,7 +264,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.8
+rubygems_version: 3.3.23
 signing_key:
 specification_version: 4
 summary: Network firewall rules made easy!

data/lib/puffy/formatters/netfilter4.rb

@@ -1,23 +0,0 @@
-# frozen_string_literal: true
-
-module Puffy
-  module Formatters
-    module Netfilter4 # :nodoc:
-      # IPv4 Netfilter implementation of a Puffy Ruleset formatter.
-      class Ruleset < Puffy::Formatters::Netfilter::Ruleset # :nodoc:
-        # Return an IPv4 Netfilter String representation of the provided +rules+ Puffy::Rule with the +policy+ policy.
-        def emit_ruleset(rules, policy = :block)
-          super(rules.select(&:ipv4?), policy)
-        end
-
-        def filename_fragment
-          ['netfilter', 'rules.v4']
-        end
-      end
-
-      # IPv4 Netfilter implementation of a Puffy Rulet formatter.
-      class Rule < Puffy::Formatters::Netfilter::Rule # :nodoc:
-      end
-    end
-  end
-end

data/lib/puffy/formatters/netfilter6.rb

@@ -1,23 +0,0 @@
-# frozen_string_literal: true
-
-module Puffy
-  module Formatters
-    module Netfilter6 # :nodoc:
-      # IPv6 Netfilter implementation of a Puffy Ruleset formatter.
-      class Ruleset < Puffy::Formatters::Netfilter::Ruleset # :nodoc:
-        # Return an IPv6 Netfilter String representation of the provided +rules+ Puffy::Rule with the +policy+ policy.
-        def emit_ruleset(rules, policy = :block)
-          super(rules.select(&:ipv6?), policy)
-        end
-
-        def filename_fragment
-          ['netfilter', 'rules.v6']
-        end
-      end
-
-      # IPv6 Netfilter implementation of a Puffy Rule formatter.
-      class Rule < Puffy::Formatters::Netfilter::Rule # :nodoc:
-      end
-    end
-  end
-end