ript 0.8.4 → 0.8.8
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.gitignore +1 -0
- data/.ruby-version +1 -0
- data/AUTHORS.md +6 -1
- data/CHANGELOG.md +16 -1
- data/Gemfile.lock +7 -5
- data/{LICENCE → LICENSE} +1 -1
- data/README.md +5 -3
- data/bin/ript +34 -3
- data/dist/ript.conf +9 -0
- data/features/cli.feature +29 -0
- data/features/step_definitions/example_steps.rb +1 -0
- data/lib/ript/bootstrap.rb +4 -4
- data/lib/ript/dsl.rb +0 -1
- data/lib/ript/dsl/primitives/filter.rb +29 -12
- data/lib/ript/dsl/primitives/nat.rb +3 -3
- data/lib/ript/patches.rb +9 -7
- data/lib/ript/version.rb +1 -1
- data/ript.gemspec +2 -2
- metadata +25 -38
- data/.rbenv-version +0 -1
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: e8be9583d1347183f21a3d6fd027aa05a071f1b2
|
4
|
+
data.tar.gz: b1c113e7c5d266b1d8deaf94879abdba4164f4c6
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: a9c22e90daffccc7485dda9993b68451ef7da57bc2c22fbbbf080f3f357323144df7ba84b395683b72e1849c558188a3410351b30b0f198e361fe9e9d28dbc24
|
7
|
+
data.tar.gz: 35669bb525b1450409e94c5f70ff88257e2ffebaa82f4d75e54c227b9803857ccaca46fa7a0515c2a3eee8e3b80a58525303087d6df4b1026e144acc8b7bc675
|
data/.gitignore
CHANGED
data/.ruby-version
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
2.3.0
|
data/AUTHORS.md
CHANGED
@@ -8,9 +8,14 @@ Patches have been merged from:
|
|
8
8
|
Arthur Barton (@arthurbarton)
|
9
9
|
John Ferlito (@johnf)
|
10
10
|
Jesse Reynolds (@jessereynolds)
|
11
|
+
Michael Baker (@elmobp)
|
12
|
+
Greg Cockburn (@gergnz)
|
11
13
|
|
12
14
|
Inspiration given by:
|
13
15
|
|
14
16
|
Matt Moor (@mattm0)
|
15
17
|
|
16
|
-
|
18
|
+
Contact:
|
19
|
+
foundation@bulletproof.net will send an email to the development team within Bulletproof Networks, any issues should be raised via Github.
|
20
|
+
|
21
|
+
Ript is copyright Bulletproof Networks 2011-2016, all rights reserved.
|
data/CHANGELOG.md
CHANGED
@@ -1,6 +1,21 @@
|
|
1
1
|
## Changelog
|
2
2
|
|
3
|
-
# 0.8.
|
3
|
+
# 0.8.8 - 2016/12/02
|
4
|
+
- Bug: Support for an array of protocols (@elmobp)
|
5
|
+
- Bug: Support Ruby 2.0+ (@elmobp)
|
6
|
+
- Feature: Protocol validation using /etc/protocols, by adding this support in the validation ensures many other parts of the software performed correctly (@elmobp)
|
7
|
+
- Feature: Protocol validation whitelist (@elmobp)
|
8
|
+
|
9
|
+
# 0.8.7 - 2013/06/23
|
10
|
+
- Bug: The I forgot to push to github release, just a version bump (@johnf)
|
11
|
+
|
12
|
+
# 0.8.6 - 2013/06/23
|
13
|
+
- Feature: Add `ript rules flush` command to flush all rules (@johnf)
|
14
|
+
|
15
|
+
# 0.8.5 - 2013/04/16
|
16
|
+
- Bug: Write the output of `ript diff` to a file and execute that, so sh doesn't choke on huge insertions #8
|
17
|
+
|
18
|
+
# 0.8.4 - 2012/08/12
|
4
19
|
- Bug: DNAT rules from one port to another were adding a filter rule for the
|
5
20
|
source instead of destination port (@johnf)
|
6
21
|
|
data/Gemfile.lock
CHANGED
@@ -1,10 +1,10 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
ript (0.8.
|
4
|
+
ript (0.8.9)
|
5
5
|
|
6
6
|
GEM
|
7
|
-
remote:
|
7
|
+
remote: https://rubygems.org/
|
8
8
|
specs:
|
9
9
|
arr-pm (0.0.7)
|
10
10
|
cabin (> 0)
|
@@ -27,8 +27,7 @@ GEM
|
|
27
27
|
json (>= 1.4.6)
|
28
28
|
term-ansicolor (>= 1.0.6)
|
29
29
|
diff-lcs (1.1.3)
|
30
|
-
ffi (1.0.
|
31
|
-
rake (>= 0.8.7)
|
30
|
+
ffi (1.0.11)
|
32
31
|
fpm (0.4.5)
|
33
32
|
arr-pm (~> 0.0.7)
|
34
33
|
backports (= 2.3.0)
|
@@ -38,7 +37,7 @@ GEM
|
|
38
37
|
gherkin (2.9.3)
|
39
38
|
json (>= 1.4.6)
|
40
39
|
json (1.6.6)
|
41
|
-
rake (
|
40
|
+
rake (10.1.0)
|
42
41
|
rspec (2.5.0)
|
43
42
|
rspec-core (~> 2.5.0)
|
44
43
|
rspec-expectations (~> 2.5.0)
|
@@ -60,3 +59,6 @@ DEPENDENCIES
|
|
60
59
|
rake
|
61
60
|
ript!
|
62
61
|
rspec
|
62
|
+
|
63
|
+
BUNDLED WITH
|
64
|
+
1.13.6
|
data/{LICENCE → LICENSE}
RENAMED
data/README.md
CHANGED
@@ -9,7 +9,7 @@ Ript works with `iptables` on Linux, and is written in Ruby.
|
|
9
9
|
Installing
|
10
10
|
----------
|
11
11
|
|
12
|
-
Make sure you have Ruby 1.9
|
12
|
+
Make sure you have Ruby 1.9+ installed, and run:
|
13
13
|
|
14
14
|
``` bash
|
15
15
|
gem install ript
|
@@ -24,6 +24,8 @@ sudo update-rc.d ript defaults
|
|
24
24
|
sudo mkdir /var/lib/ript
|
25
25
|
sudo chown root.adm /var/lib/ript
|
26
26
|
sudo chmod 770 /var/lib/ript
|
27
|
+
# Only If you are using Xenial
|
28
|
+
sudo cp "$(dirname $(dirname $(dirname $(gem which ript/dsl.rb))))"/dist/ript.conf /etc/systemd/system/
|
27
29
|
```
|
28
30
|
|
29
31
|
Applying rules
|
@@ -48,12 +50,12 @@ to your workflow.
|
|
48
50
|
Developing
|
49
51
|
----------
|
50
52
|
|
51
|
-
It is recommended to use a Ubuntu
|
53
|
+
It is recommended to use a Ubuntu Xenial VM to develop Ript. If you develop on a machine without iptables some of the tests will fail.
|
52
54
|
|
53
55
|
It is also recommended that you use [rbenv](http://rbenv.org/).
|
54
56
|
|
55
57
|
``` bash
|
56
|
-
rbenv install
|
58
|
+
rbenv install 2.3.0
|
57
59
|
gem install bundler
|
58
60
|
rbenv rehash
|
59
61
|
```
|
data/bin/ript
CHANGED
@@ -6,6 +6,7 @@ $: << Pathname.new(__FILE__).parent.parent.join('lib').expand_path.to_s
|
|
6
6
|
$: << Pathname.new(__FILE__).parent.parent.expand_path.to_s
|
7
7
|
$: << Dir.pwd
|
8
8
|
require 'ript/dsl'
|
9
|
+
require 'tempfile'
|
9
10
|
|
10
11
|
if RUBY_VERSION =~ /^1.8/ then
|
11
12
|
puts "Ript requires Ruby 1.9 to run. Exiting."
|
@@ -119,10 +120,40 @@ if ARGV[0] == 'rules'
|
|
119
120
|
end
|
120
121
|
|
121
122
|
if ARGV[1] == "apply" then
|
122
|
-
output
|
123
|
+
output = `#{$0} rules diff #{ARGV[2..-1].join(' ')} 2>&1`
|
124
|
+
tempfile = Tempfile.open("ript-apply-#{Time.now.to_i}") {|f| f << output}
|
123
125
|
puts "#{output}"
|
124
|
-
system("
|
126
|
+
system("sh -e #{tempfile.path}")
|
127
|
+
exit
|
128
|
+
end
|
125
129
|
|
130
|
+
if ARGV[1] == 'flush' then
|
131
|
+
output = <<-EOF
|
132
|
+
iptables --flush --table filter
|
133
|
+
iptables --delete-chain --table filter
|
134
|
+
iptables --table filter --policy INPUT ACCEPT
|
135
|
+
iptables --table filter --policy FORWARD ACCEPT
|
136
|
+
iptables --table filter --policy OUTPUT ACCEPT
|
137
|
+
|
138
|
+
# Clean NAT
|
139
|
+
iptables --flush --table nat
|
140
|
+
iptables --delete-chain --table nat
|
141
|
+
iptables --table nat --policy PREROUTING ACCEPT
|
142
|
+
iptables --table nat --policy POSTROUTING ACCEPT
|
143
|
+
iptables --table nat --policy OUTPUT ACCEPT
|
144
|
+
|
145
|
+
# Clean mangle
|
146
|
+
iptables --flush --table mangle
|
147
|
+
iptables --delete-chain --table mangle
|
148
|
+
iptables --table mangle --policy PREROUTING ACCEPT
|
149
|
+
iptables --table mangle --policy POSTROUTING ACCEPT
|
150
|
+
iptables --table mangle --policy INPUT ACCEPT
|
151
|
+
iptables --table mangle --policy FORWARD ACCEPT
|
152
|
+
iptables --table mangle --policy OUTPUT ACCEPT
|
153
|
+
EOF
|
154
|
+
tempfile = Tempfile.open("ript-apply-#{Time.now.to_i}") {|f| f << output}
|
155
|
+
puts "#{output}"
|
156
|
+
system("sh -e #{tempfile.path}")
|
126
157
|
exit
|
127
158
|
end
|
128
159
|
|
@@ -172,7 +203,7 @@ if ARGV[0] == "clean" then
|
|
172
203
|
chains.uniq.each do |chain|
|
173
204
|
table = types[type]
|
174
205
|
|
175
|
-
clean_command = `iptables-save --table #{table} 2>&1 | grep -- '-A partition-#{type}' | grep -- '-j #{chain}'`.split("\n")
|
206
|
+
clean_command = `iptables-save --table #{table} 2>&1 | grep -- '-A partition-#{type}' | grep -- '-j #{chain}'`.split("\n")
|
176
207
|
clean_command.map! {|line| "iptables --table #{table} #{line}" }
|
177
208
|
clean_command.map! {|line| line.gsub(" -A", " --delete") }
|
178
209
|
clean_command.map! {|line| line.gsub(" -s", " --source") }
|
data/dist/ript.conf
ADDED
data/features/cli.feature
CHANGED
@@ -113,3 +113,32 @@ Feature: Ript cli utility
|
|
113
113
|
:OUTPUT ACCEPT \[\d+:\d+\]
|
114
114
|
COMMIT
|
115
115
|
"""
|
116
|
+
|
117
|
+
@sudo @timeout-10
|
118
|
+
Scenario: Flush rules
|
119
|
+
Given I have no iptables rules loaded
|
120
|
+
When I run `ript rules flush`
|
121
|
+
Then the output from "ript rules flush" should match:
|
122
|
+
"""
|
123
|
+
iptables --flush --table filter
|
124
|
+
iptables --delete-chain --table filter
|
125
|
+
iptables --table filter --policy INPUT ACCEPT
|
126
|
+
iptables --table filter --policy FORWARD ACCEPT
|
127
|
+
iptables --table filter --policy OUTPUT ACCEPT
|
128
|
+
|
129
|
+
# Clean NAT
|
130
|
+
iptables --flush --table nat
|
131
|
+
iptables --delete-chain --table nat
|
132
|
+
iptables --table nat --policy PREROUTING ACCEPT
|
133
|
+
iptables --table nat --policy POSTROUTING ACCEPT
|
134
|
+
iptables --table nat --policy OUTPUT ACCEPT
|
135
|
+
|
136
|
+
# Clean mangle
|
137
|
+
iptables --flush --table mangle
|
138
|
+
iptables --delete-chain --table mangle
|
139
|
+
iptables --table mangle --policy PREROUTING ACCEPT
|
140
|
+
iptables --table mangle --policy POSTROUTING ACCEPT
|
141
|
+
iptables --table mangle --policy INPUT ACCEPT
|
142
|
+
iptables --table mangle --policy FORWARD ACCEPT
|
143
|
+
iptables --table mangle --policy OUTPUT ACCEPT
|
144
|
+
"""
|
@@ -18,6 +18,7 @@ Then /^the created chain name in all tables should match$/ do
|
|
18
18
|
next if line.size == 0
|
19
19
|
next if line =~ /--(new-chain|jump) partition-/
|
20
20
|
next if line =~ /--(new-chain|jump) ript_bootstrap-/
|
21
|
+
next if line =~ /^\(in \/.*\)$/ # Exclude rake output from clean_slate
|
21
22
|
|
22
23
|
line.should match(%r{(^\# #{@chain_name})|(#{@chain_names.join('|')})}) if line !~ /LOG/
|
23
24
|
end
|
data/lib/ript/bootstrap.rb
CHANGED
@@ -3,10 +3,10 @@ module Ript
|
|
3
3
|
def self.partition
|
4
4
|
rules = []
|
5
5
|
|
6
|
-
rules << Rule.new("table" => "filter",
|
7
|
-
rules << Rule.new("table" => "filter",
|
8
|
-
rules << Rule.new("table" => "filter",
|
9
|
-
rules << Rule.new("table" => "filter",
|
6
|
+
rules << Rule.new("table" => "filter", "new-chain" => "partition-a")
|
7
|
+
rules << Rule.new("table" => "filter", "insert" => "INPUT 1", "jump" => "partition-a")
|
8
|
+
rules << Rule.new("table" => "filter", "insert" => "OUTPUT 1", "jump" => "partition-a")
|
9
|
+
rules << Rule.new("table" => "filter", "insert" => "FORWARD 1", "jump" => "partition-a")
|
10
10
|
|
11
11
|
rules << Rule.new("table" => "nat", "new-chain" => "partition-d")
|
12
12
|
rules << Rule.new("table" => "nat", "insert" => "PREROUTING 1", "jump" => "partition-d")
|
data/lib/ript/dsl.rb
CHANGED
@@ -94,8 +94,7 @@ module Ript
|
|
94
94
|
"source" => from_address,
|
95
95
|
"jump" => jump
|
96
96
|
}
|
97
|
-
attributes.insert_before("destination", "in-interface"
|
98
|
-
|
97
|
+
attributes.insert_before("destination", [ "in-interface", @interface ]) if @interface
|
99
98
|
# Build up a list of arguments we need to build expanded rules.
|
100
99
|
#
|
101
100
|
# This allows us to expand shorthand definitions like:
|
@@ -122,24 +121,42 @@ module Ript
|
|
122
121
|
# If we have arguments, iterate through them
|
123
122
|
if arguments.size > 0
|
124
123
|
arguments.each do |options|
|
125
|
-
|
126
|
-
|
127
|
-
|
128
|
-
|
129
|
-
|
130
|
-
|
124
|
+
options.each_pair do |key, value|
|
125
|
+
supported_protocols = IO.readlines("/etc/protocols")
|
126
|
+
ignored_values = %w(all tcp udp)
|
127
|
+
supported_protocols.map! {|proto| proto.split("\t")[0] }
|
128
|
+
if key == "protocol" and value.instance_of?(String) and !ignored_values.include? value.downcase and value != "" and !supported_protocols.include? value
|
129
|
+
puts "Invalid protocol a) #{value} specified cannot continue"
|
130
|
+
exit
|
131
|
+
end
|
132
|
+
if value.is_a? Array
|
133
|
+
value.each do |valueout|
|
134
|
+
if !ignored_values.include? valueout.downcase and !supported_protocols.include? valueout
|
135
|
+
puts "Invalid protocol b) #{valueout} specified cannot continue"
|
136
|
+
exit 100
|
137
|
+
end
|
138
|
+
attributes = attributes.dup # avoid overwriting existing hash values from previous iterations
|
139
|
+
attributes.insert_before("destination", [ key, valueout ])
|
140
|
+
@table << Rule.new(attributes.merge("jump" => "LOG")) if log
|
141
|
+
@table << Rule.new(attributes)
|
142
|
+
end
|
143
|
+
return
|
144
|
+
else
|
145
|
+
attributes = attributes.dup # avoid overwriting existing hash values from previous iterations
|
146
|
+
attributes.insert_before("destination", [ key, value ])
|
147
|
+
end
|
148
|
+
end
|
149
|
+
@table << Rule.new(attributes.merge("jump" => "LOG")) if log
|
131
150
|
@table << Rule.new(attributes)
|
132
|
-
end
|
151
|
+
end
|
133
152
|
else
|
134
|
-
@table << Rule.new(attributes.merge("jump" => "LOG")) if log
|
153
|
+
@table << Rule.new(attributes.merge("jump" => "LOG")) if log
|
135
154
|
@table << Rule.new(attributes)
|
136
155
|
end # if
|
137
156
|
end # @tos.each
|
138
157
|
end # @froms.each
|
139
|
-
|
140
158
|
end # def build_rule
|
141
159
|
end
|
142
160
|
end
|
143
161
|
end
|
144
162
|
end
|
145
|
-
|
@@ -57,7 +57,7 @@ module Ript
|
|
57
57
|
"jump" => "ACCEPT" }
|
58
58
|
|
59
59
|
@froms.map {|from| @labels[from][:address]}.each do |address|
|
60
|
-
attributes.insert_before("destination", "source"
|
60
|
+
attributes.insert_before("destination", ["source", address])
|
61
61
|
end
|
62
62
|
|
63
63
|
@table << Rule.new(attributes.merge("jump" => "LOG")) if log
|
@@ -113,7 +113,7 @@ module Ript
|
|
113
113
|
"dport" => destination_port,
|
114
114
|
"jump" => "ACCEPT" }
|
115
115
|
|
116
|
-
attributes.insert_before("destination", "source"
|
116
|
+
attributes.insert_before("destination", ["source", from_address]) unless from_address == "0.0.0.0/0"
|
117
117
|
|
118
118
|
@table << Rule.new(attributes.merge("jump" => "LOG")) if log
|
119
119
|
@table << Rule.new(attributes)
|
@@ -136,7 +136,7 @@ module Ript
|
|
136
136
|
"dport" => port,
|
137
137
|
"jump" => "ACCEPT" }
|
138
138
|
|
139
|
-
attributes.insert_before("destination", "source"
|
139
|
+
attributes.insert_before("destination", ["source" , from_address]) unless from_address == "0.0.0.0/0"
|
140
140
|
|
141
141
|
@table << Rule.new(attributes.merge("jump" => "LOG")) if log
|
142
142
|
@table << Rule.new(attributes)
|
data/lib/ript/patches.rb
CHANGED
@@ -1,10 +1,12 @@
|
|
1
|
-
#!/usr/bin/env ruby
|
2
|
-
|
3
1
|
class Hash
|
4
|
-
def insert_before(key,
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
2
|
+
def insert_before(key, kvpair)
|
3
|
+
arr = to_a
|
4
|
+
pos = arr.index(arr.assoc(key))
|
5
|
+
if pos
|
6
|
+
arr.insert(pos, kvpair)
|
7
|
+
else
|
8
|
+
arr << kvpair
|
9
|
+
end
|
10
|
+
replace Hash[arr]
|
9
11
|
end
|
10
12
|
end
|
data/lib/ript/version.rb
CHANGED
data/ript.gemspec
CHANGED
@@ -7,8 +7,8 @@ Gem::Specification.new do |s|
|
|
7
7
|
s.name = "ript"
|
8
8
|
s.version = Ript::VERSION
|
9
9
|
s.platform = Gem::Platform::RUBY
|
10
|
-
s.authors = [ "
|
11
|
-
s.email = [ "
|
10
|
+
s.authors = [ "Bulletproof Group Ltd" ]
|
11
|
+
s.email = [ "foundation@bulletproof.net" ]
|
12
12
|
s.homepage = "http://bulletproof.net/"
|
13
13
|
s.summary = %q{DSL for iptables, and tool for incrementally applying firewall rules}
|
14
14
|
s.description = %q{Ript provides a clean Ruby DSL for describing firewall rules, and implements database migrations-like functionality for applying the rules}
|
metadata
CHANGED
@@ -1,134 +1,122 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: ript
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.8.
|
5
|
-
prerelease:
|
4
|
+
version: 0.8.8
|
6
5
|
platform: ruby
|
7
6
|
authors:
|
8
|
-
-
|
7
|
+
- Bulletproof Group Ltd
|
9
8
|
autorequire:
|
10
9
|
bindir: bin
|
11
10
|
cert_chain: []
|
12
|
-
date:
|
11
|
+
date: 2016-12-12 00:00:00.000000000 Z
|
13
12
|
dependencies:
|
14
13
|
- !ruby/object:Gem::Dependency
|
15
14
|
name: rake
|
16
15
|
requirement: !ruby/object:Gem::Requirement
|
17
|
-
none: false
|
18
16
|
requirements:
|
19
|
-
- -
|
17
|
+
- - ">="
|
20
18
|
- !ruby/object:Gem::Version
|
21
19
|
version: '0'
|
22
20
|
type: :development
|
23
21
|
prerelease: false
|
24
22
|
version_requirements: !ruby/object:Gem::Requirement
|
25
|
-
none: false
|
26
23
|
requirements:
|
27
|
-
- -
|
24
|
+
- - ">="
|
28
25
|
- !ruby/object:Gem::Version
|
29
26
|
version: '0'
|
30
27
|
- !ruby/object:Gem::Dependency
|
31
28
|
name: rspec
|
32
29
|
requirement: !ruby/object:Gem::Requirement
|
33
|
-
none: false
|
34
30
|
requirements:
|
35
|
-
- -
|
31
|
+
- - ">="
|
36
32
|
- !ruby/object:Gem::Version
|
37
33
|
version: '0'
|
38
34
|
type: :development
|
39
35
|
prerelease: false
|
40
36
|
version_requirements: !ruby/object:Gem::Requirement
|
41
|
-
none: false
|
42
37
|
requirements:
|
43
|
-
- -
|
38
|
+
- - ">="
|
44
39
|
- !ruby/object:Gem::Version
|
45
40
|
version: '0'
|
46
41
|
- !ruby/object:Gem::Dependency
|
47
42
|
name: cucumber
|
48
43
|
requirement: !ruby/object:Gem::Requirement
|
49
|
-
none: false
|
50
44
|
requirements:
|
51
|
-
- -
|
45
|
+
- - ">="
|
52
46
|
- !ruby/object:Gem::Version
|
53
47
|
version: 1.1.9
|
54
48
|
type: :development
|
55
49
|
prerelease: false
|
56
50
|
version_requirements: !ruby/object:Gem::Requirement
|
57
|
-
none: false
|
58
51
|
requirements:
|
59
|
-
- -
|
52
|
+
- - ">="
|
60
53
|
- !ruby/object:Gem::Version
|
61
54
|
version: 1.1.9
|
62
55
|
- !ruby/object:Gem::Dependency
|
63
56
|
name: aruba
|
64
57
|
requirement: !ruby/object:Gem::Requirement
|
65
|
-
none: false
|
66
58
|
requirements:
|
67
|
-
- -
|
59
|
+
- - ">="
|
68
60
|
- !ruby/object:Gem::Version
|
69
61
|
version: '0'
|
70
62
|
type: :development
|
71
63
|
prerelease: false
|
72
64
|
version_requirements: !ruby/object:Gem::Requirement
|
73
|
-
none: false
|
74
65
|
requirements:
|
75
|
-
- -
|
66
|
+
- - ">="
|
76
67
|
- !ruby/object:Gem::Version
|
77
68
|
version: '0'
|
78
69
|
- !ruby/object:Gem::Dependency
|
79
70
|
name: colorize
|
80
71
|
requirement: !ruby/object:Gem::Requirement
|
81
|
-
none: false
|
82
72
|
requirements:
|
83
|
-
- -
|
73
|
+
- - ">="
|
84
74
|
- !ruby/object:Gem::Version
|
85
75
|
version: '0'
|
86
76
|
type: :development
|
87
77
|
prerelease: false
|
88
78
|
version_requirements: !ruby/object:Gem::Requirement
|
89
|
-
none: false
|
90
79
|
requirements:
|
91
|
-
- -
|
80
|
+
- - ">="
|
92
81
|
- !ruby/object:Gem::Version
|
93
82
|
version: '0'
|
94
83
|
- !ruby/object:Gem::Dependency
|
95
84
|
name: fpm
|
96
85
|
requirement: !ruby/object:Gem::Requirement
|
97
|
-
none: false
|
98
86
|
requirements:
|
99
|
-
- -
|
87
|
+
- - ">="
|
100
88
|
- !ruby/object:Gem::Version
|
101
89
|
version: 0.4.5
|
102
90
|
type: :development
|
103
91
|
prerelease: false
|
104
92
|
version_requirements: !ruby/object:Gem::Requirement
|
105
|
-
none: false
|
106
93
|
requirements:
|
107
|
-
- -
|
94
|
+
- - ">="
|
108
95
|
- !ruby/object:Gem::Version
|
109
96
|
version: 0.4.5
|
110
97
|
description: Ript provides a clean Ruby DSL for describing firewall rules, and implements
|
111
98
|
database migrations-like functionality for applying the rules
|
112
99
|
email:
|
113
|
-
-
|
100
|
+
- foundation@bulletproof.net
|
114
101
|
executables:
|
115
102
|
- rbenv-sudo
|
116
103
|
- ript
|
117
104
|
extensions: []
|
118
105
|
extra_rdoc_files: []
|
119
106
|
files:
|
120
|
-
- .gitignore
|
121
|
-
- .
|
107
|
+
- ".gitignore"
|
108
|
+
- ".ruby-version"
|
122
109
|
- AUTHORS.md
|
123
110
|
- CHANGELOG.md
|
124
111
|
- Gemfile
|
125
112
|
- Gemfile.lock
|
126
|
-
-
|
113
|
+
- LICENSE
|
127
114
|
- README.md
|
128
115
|
- Rakefile
|
129
116
|
- bin/rbenv-sudo
|
130
117
|
- bin/ript
|
131
118
|
- dist/init.d
|
119
|
+
- dist/ript.conf
|
132
120
|
- examples/accept-multiple-from-and-to.rb
|
133
121
|
- examples/accept-with-a-list-of-ports.rb
|
134
122
|
- examples/accept-with-specific-port-and-interface.rb
|
@@ -197,27 +185,26 @@ files:
|
|
197
185
|
- ript.gemspec
|
198
186
|
homepage: http://bulletproof.net/
|
199
187
|
licenses: []
|
188
|
+
metadata: {}
|
200
189
|
post_install_message:
|
201
190
|
rdoc_options: []
|
202
191
|
require_paths:
|
203
192
|
- lib
|
204
193
|
required_ruby_version: !ruby/object:Gem::Requirement
|
205
|
-
none: false
|
206
194
|
requirements:
|
207
|
-
- -
|
195
|
+
- - ">="
|
208
196
|
- !ruby/object:Gem::Version
|
209
197
|
version: 1.9.2
|
210
198
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
211
|
-
none: false
|
212
199
|
requirements:
|
213
|
-
- -
|
200
|
+
- - ">="
|
214
201
|
- !ruby/object:Gem::Version
|
215
202
|
version: 1.3.6
|
216
203
|
requirements: []
|
217
204
|
rubyforge_project: ript
|
218
|
-
rubygems_version:
|
205
|
+
rubygems_version: 2.5.1
|
219
206
|
signing_key:
|
220
|
-
specification_version:
|
207
|
+
specification_version: 4
|
221
208
|
summary: DSL for iptables, and tool for incrementally applying firewall rules
|
222
209
|
test_files:
|
223
210
|
- features/cli.feature
|
data/.rbenv-version
DELETED
@@ -1 +0,0 @@
|
|
1
|
-
1.9.2-p290
|