puffy 0.3.1 → 1.1.0.pre.rc1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/dependabot.yml +18 -0
- data/.github/workflows/ci.yml +3 -10
- data/.rubocop.yml +14 -0
- data/CHANGELOG.md +9 -0
- data/README.md +8 -0
- data/Rakefile +6 -2
- data/lib/core_ext.rb +6 -8
- data/lib/puffy/cli.rb +2 -2
- data/lib/puffy/formatters/base.rb +3 -3
- data/lib/puffy/formatters/iptables.rb +35 -15
- data/lib/puffy/formatters/iptables4.rb +3 -3
- data/lib/puffy/formatters/iptables6.rb +3 -3
- data/lib/puffy/formatters/pf.rb +21 -6
- data/lib/puffy/parser.tab.rb +1145 -426
- data/lib/puffy/puppet.rb +2 -2
- data/lib/puffy/resolver.rb +13 -0
- data/lib/puffy/rule.rb +2 -3
- data/lib/puffy/rule_factory.rb +2 -2
- data/lib/puffy/version.rb +1 -1
- data/puffy.gemspec +2 -2
- metadata +4 -7
data/lib/puffy/puppet.rb
CHANGED
|
@@ -53,11 +53,11 @@ module Puffy
|
|
|
53
53
|
def each_fragment
|
|
54
54
|
@parser.nodes.each do |hostname|
|
|
55
55
|
rules = @parser.ruleset_for(hostname)
|
|
56
|
-
|
|
56
|
+
policies = @parser.policies_for(hostname)
|
|
57
57
|
|
|
58
58
|
@formatters.each do |formatter|
|
|
59
59
|
filename = File.join(@path, hostname, formatter.filename_fragment)
|
|
60
|
-
yield filename, formatter.emit_ruleset(rules,
|
|
60
|
+
yield filename, formatter.emit_ruleset(rules, policies)
|
|
61
61
|
end
|
|
62
62
|
end
|
|
63
63
|
end
|
data/lib/puffy/resolver.rb
CHANGED
|
@@ -56,8 +56,21 @@ module Puffy
|
|
|
56
56
|
res
|
|
57
57
|
end
|
|
58
58
|
|
|
59
|
+
def resolv_azure_ip_range(service_name)
|
|
60
|
+
res = azure_ip_range['values'].select { |service| service['name'] == service_name }[0]['properties']['addressPrefixes']
|
|
61
|
+
res.map { |ip| IPAddr.new(ip) }
|
|
62
|
+
end
|
|
63
|
+
|
|
59
64
|
private
|
|
60
65
|
|
|
66
|
+
def azure_ip_range
|
|
67
|
+
@azure_ip_range ||= begin
|
|
68
|
+
page = URI('https://www.microsoft.com/en-us/download/details.aspx?id=56519').read
|
|
69
|
+
url = page.match(%r{https://download\.microsoft\.com/download/7/1/d/71d86715-5596-4529-9b13-da13a5de5b63/ServiceTags_Public_\d+\.json}).to_s
|
|
70
|
+
JSON.parse(URI(url).read)
|
|
71
|
+
end
|
|
72
|
+
end
|
|
73
|
+
|
|
61
74
|
def parse_url(url)
|
|
62
75
|
url =~ %r{^([^:]+)://([^/]+)}
|
|
63
76
|
{ host: Regexp.last_match(2), port: Regexp.last_match(1), proto_hint: :tcp }
|
data/lib/puffy/rule.rb
CHANGED
|
@@ -54,7 +54,7 @@ module Puffy
|
|
|
54
54
|
# @!attribute no_quick
|
|
55
55
|
# Prevent the rule from being a quick one.
|
|
56
56
|
# @return [Boolean] Quick flag
|
|
57
|
-
attr_accessor :action, :return, :dir, :proto, :af, :on, :in, :out, :from, :to, :nat_to, :rdr_to, :no_quick
|
|
57
|
+
attr_accessor :action, :return, :dir, :log, :proto, :af, :on, :in, :out, :from, :to, :nat_to, :rdr_to, :no_quick
|
|
58
58
|
|
|
59
59
|
# Instanciate a firewall Puffy::Rule.
|
|
60
60
|
#
|
|
@@ -64,8 +64,7 @@ module Puffy
|
|
|
64
64
|
def initialize(options = {})
|
|
65
65
|
send_options(options)
|
|
66
66
|
|
|
67
|
-
|
|
68
|
-
|
|
67
|
+
self.af ||= detect_af
|
|
69
68
|
self.proto ||= from_proto_hint || to_proto_hint
|
|
70
69
|
|
|
71
70
|
raise "unsupported action `#{options[:action]}'" unless valid_action?
|
data/lib/puffy/rule_factory.rb
CHANGED
|
@@ -56,7 +56,7 @@ module Puffy
|
|
|
56
56
|
def instanciate_rules(options)
|
|
57
57
|
options.expand.map do |hash|
|
|
58
58
|
rule = Rule.new(hash)
|
|
59
|
-
rule if
|
|
59
|
+
rule if af_match_scope?(rule.af)
|
|
60
60
|
rescue AddressFamilyConflict
|
|
61
61
|
nil
|
|
62
62
|
end.compact
|
|
@@ -76,7 +76,7 @@ module Puffy
|
|
|
76
76
|
end
|
|
77
77
|
end
|
|
78
78
|
|
|
79
|
-
def
|
|
79
|
+
def af_match_scope?(address_family)
|
|
80
80
|
@af.nil? || address_family.nil? || address_family == @af
|
|
81
81
|
end
|
|
82
82
|
|
data/lib/puffy/version.rb
CHANGED
data/puffy.gemspec
CHANGED
|
@@ -31,6 +31,6 @@ Gem::Specification.new do |spec|
|
|
|
31
31
|
spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
|
|
32
32
|
spec.require_paths = ['lib']
|
|
33
33
|
|
|
34
|
-
spec.
|
|
35
|
-
spec.
|
|
34
|
+
spec.add_dependency 'cri'
|
|
35
|
+
spec.add_dependency 'deep_merge'
|
|
36
36
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: puffy
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 1.1.0.pre.rc1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Romain Tartière
|
|
8
|
-
autorequire:
|
|
9
8
|
bindir: bin
|
|
10
9
|
cert_chain: []
|
|
11
|
-
date:
|
|
10
|
+
date: 1980-01-02 00:00:00.000000000 Z
|
|
12
11
|
dependencies:
|
|
13
12
|
- !ruby/object:Gem::Dependency
|
|
14
13
|
name: cri
|
|
@@ -38,7 +37,6 @@ dependencies:
|
|
|
38
37
|
- - ">="
|
|
39
38
|
- !ruby/object:Gem::Version
|
|
40
39
|
version: '0'
|
|
41
|
-
description:
|
|
42
40
|
email:
|
|
43
41
|
- romain@blogreen.org
|
|
44
42
|
executables:
|
|
@@ -47,6 +45,7 @@ extensions: []
|
|
|
47
45
|
extra_rdoc_files: []
|
|
48
46
|
files:
|
|
49
47
|
- ".github/CODEOWNERS"
|
|
48
|
+
- ".github/dependabot.yml"
|
|
50
49
|
- ".github/workflows/ci.yml"
|
|
51
50
|
- ".gitignore"
|
|
52
51
|
- ".rspec"
|
|
@@ -81,7 +80,6 @@ metadata:
|
|
|
81
80
|
source_code_uri: https://github.com/opus-codium/puffy
|
|
82
81
|
changelog_uri: https://github.com/opus-codium/puffy
|
|
83
82
|
rubygems_mfa_required: 'true'
|
|
84
|
-
post_install_message:
|
|
85
83
|
rdoc_options: []
|
|
86
84
|
require_paths:
|
|
87
85
|
- lib
|
|
@@ -96,8 +94,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
96
94
|
- !ruby/object:Gem::Version
|
|
97
95
|
version: '0'
|
|
98
96
|
requirements: []
|
|
99
|
-
rubygems_version: 3.
|
|
100
|
-
signing_key:
|
|
97
|
+
rubygems_version: 3.7.2
|
|
101
98
|
specification_version: 4
|
|
102
99
|
summary: Network firewall rules made easy!
|
|
103
100
|
test_files: []
|