riptables 1.0.2 → 1.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/bin/riptables +1 -0
- data/lib/riptables/base.rb +8 -2
- data/lib/riptables/dsl/base.rb +11 -0
- data/lib/riptables/dsl/host_group.rb +18 -0
- data/lib/riptables/host.rb +15 -0
- data/lib/riptables/host_group.rb +21 -0
- data/lib/riptables/rule.rb +10 -2
- data/lib/riptables/rule_permutation.rb +57 -13
- data/lib/riptables/version.rb +1 -1
- metadata +6 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 766566a3853854ae3589b867f2439e9290caa9ff
|
|
4
|
+
data.tar.gz: cd44a4c622678cbb8b096b79a1e88d918591e36d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 0991728751419c75fd2fe73b9969d4a62b363da466ac19a8654e04b4dfee019ad6efb108be6f103ce2dbda93b6f6f0efa2ee13cc56c5642971b008013c4ef389
|
|
7
|
+
data.tar.gz: 32c66598e8ef354764bfc9bdf99f454b1e0d184c88b0635b80a69ce3e4cfb61ca6c017f70966e269c0c64538aa57d694d700bf37a1b7f5333a271d41b8f0b260
|
data/bin/riptables
CHANGED
data/lib/riptables/base.rb
CHANGED
|
@@ -5,9 +5,11 @@ module Riptables
|
|
|
5
5
|
class Base
|
|
6
6
|
|
|
7
7
|
attr_reader :tables
|
|
8
|
+
attr_reader :host_groups
|
|
8
9
|
|
|
9
10
|
def initialize(&block)
|
|
10
11
|
@tables = []
|
|
12
|
+
@host_groups = {}
|
|
11
13
|
dsl.instance_eval(&block) if block_given?
|
|
12
14
|
end
|
|
13
15
|
|
|
@@ -16,14 +18,18 @@ module Riptables
|
|
|
16
18
|
end
|
|
17
19
|
|
|
18
20
|
def self.load_from_file(file)
|
|
21
|
+
base = Base.new
|
|
19
22
|
if File.file?(file)
|
|
20
|
-
base
|
|
21
|
-
base.dsl.instance_eval(File.read(file), file)
|
|
23
|
+
base.load_from_file(file)
|
|
22
24
|
base
|
|
23
25
|
else
|
|
24
26
|
raise Error, "File not found at `#{file}`"
|
|
25
27
|
end
|
|
26
28
|
end
|
|
27
29
|
|
|
30
|
+
def load_from_file(file)
|
|
31
|
+
self.dsl.instance_eval(File.read(file), file)
|
|
32
|
+
end
|
|
33
|
+
|
|
28
34
|
end
|
|
29
35
|
end
|
data/lib/riptables/dsl/base.rb
CHANGED
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
require 'riptables/dsl/base'
|
|
2
2
|
require 'riptables/table'
|
|
3
|
+
require 'riptables/host_group'
|
|
3
4
|
|
|
4
5
|
module Riptables
|
|
5
6
|
module DSL
|
|
@@ -15,6 +16,16 @@ module Riptables
|
|
|
15
16
|
@base.tables << table
|
|
16
17
|
end
|
|
17
18
|
|
|
19
|
+
def host_group(name, &block)
|
|
20
|
+
host_group = Riptables::HostGroup.new(@base, name)
|
|
21
|
+
host_group.dsl.instance_eval(&block)
|
|
22
|
+
@base.host_groups[name] = host_group
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
def load(name)
|
|
26
|
+
@base.load_from_file(File.expand_path(name))
|
|
27
|
+
end
|
|
28
|
+
|
|
18
29
|
end
|
|
19
30
|
end
|
|
20
31
|
end
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
require 'riptables/dsl/global'
|
|
2
|
+
require 'riptables/host'
|
|
3
|
+
|
|
4
|
+
module Riptables
|
|
5
|
+
module DSL
|
|
6
|
+
class HostGroup < Global
|
|
7
|
+
|
|
8
|
+
def initialize(host_group)
|
|
9
|
+
@host_group = host_group
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def host(name, options = {})
|
|
13
|
+
@host_group.hosts[name] = Riptables::Host.new(self, name, options)
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
end
|
|
17
|
+
end
|
|
18
|
+
end
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
require 'riptables/dsl/host_group'
|
|
2
|
+
|
|
3
|
+
module Riptables
|
|
4
|
+
class HostGroup
|
|
5
|
+
|
|
6
|
+
attr_reader :base
|
|
7
|
+
attr_reader :name
|
|
8
|
+
attr_reader :hosts
|
|
9
|
+
|
|
10
|
+
def initialize(base, name)
|
|
11
|
+
@base = base
|
|
12
|
+
@name = name
|
|
13
|
+
@hosts = {}
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
def dsl
|
|
17
|
+
@dsl ||= DSL::HostGroup.new(self)
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
end
|
|
21
|
+
end
|
data/lib/riptables/rule.rb
CHANGED
|
@@ -17,7 +17,6 @@ module Riptables
|
|
|
17
17
|
attr_accessor :versions
|
|
18
18
|
attr_reader :chain
|
|
19
19
|
attr_reader :permutations
|
|
20
|
-
attr_reader :conditions
|
|
21
20
|
|
|
22
21
|
def dsl
|
|
23
22
|
@dsl ||= DSL::Rule.new(self)
|
|
@@ -31,9 +30,18 @@ module Riptables
|
|
|
31
30
|
if permutations.empty?
|
|
32
31
|
[self]
|
|
33
32
|
else
|
|
34
|
-
permutations.map(&:
|
|
33
|
+
permutations.map(&:to_rules).flatten
|
|
35
34
|
end
|
|
36
35
|
end
|
|
37
36
|
|
|
37
|
+
def dup
|
|
38
|
+
new_rule = self.class.new(self.chain)
|
|
39
|
+
new_rule.description = self.description.dup if self.description
|
|
40
|
+
new_rule.rule = self.rule.dup if self.rule
|
|
41
|
+
new_rule.action = self.action if self.action
|
|
42
|
+
new_rule.conditions = self.conditions.dup if self.conditions
|
|
43
|
+
new_rule
|
|
44
|
+
end
|
|
45
|
+
|
|
38
46
|
end
|
|
39
47
|
end
|
|
@@ -16,25 +16,69 @@ module Riptables
|
|
|
16
16
|
attr_reader :options
|
|
17
17
|
attr_reader :conditions
|
|
18
18
|
|
|
19
|
+
def version
|
|
20
|
+
self.options[:v] ||
|
|
21
|
+
self.options[:version] ||
|
|
22
|
+
(has_ipv4_ip_address? ? 4 : nil) ||
|
|
23
|
+
(has_ipv6_ip_address? ? 6 : nil)
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
#
|
|
27
|
+
# Does this permutation include an IPv6 address option?
|
|
28
|
+
#
|
|
29
|
+
def has_ipv4_ip_address?
|
|
30
|
+
self.options[:ip].is_a?(String) && self.options[:ip] =~ /\A\d+\.\d+\.\d+\.\d+/
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
#
|
|
34
|
+
# Does this permutation include an IPv6 address option?
|
|
35
|
+
#
|
|
36
|
+
def has_ipv6_ip_address?
|
|
37
|
+
self.options[:ip].is_a?(String) && self.options[:ip].include?(':')
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
#
|
|
41
|
+
# Does this permutation include a host group?
|
|
42
|
+
#
|
|
43
|
+
def has_host_group?
|
|
44
|
+
self.options[:ip].is_a?(Symbol)
|
|
45
|
+
end
|
|
46
|
+
|
|
19
47
|
#
|
|
20
48
|
# Convert this permutation into a full rule in its own right
|
|
21
49
|
#
|
|
22
|
-
def
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
value
|
|
50
|
+
def to_rules
|
|
51
|
+
Array.new.tap do |rules|
|
|
52
|
+
new_rule = Rule.new(rule.chain)
|
|
53
|
+
new_rule.description = "#{rule.description} (#{self.description})"
|
|
54
|
+
new_rule.rule = rule.rule.gsub(/\{\{(\w+)\}\}/) do
|
|
55
|
+
if value = self.options[$1.to_sym]
|
|
56
|
+
value
|
|
57
|
+
else
|
|
58
|
+
"{{#{$1}}}"
|
|
59
|
+
end
|
|
60
|
+
end
|
|
61
|
+
new_rule.action = rule.action
|
|
62
|
+
new_rule.conditions = rule.conditions | self.conditions
|
|
63
|
+
if self.version
|
|
64
|
+
new_rule.versions = [self.version]
|
|
65
|
+
end
|
|
66
|
+
|
|
67
|
+
if has_host_group?
|
|
68
|
+
host_group = @rule.chain.table.base.host_groups[self.options[:ip]]
|
|
69
|
+
host_group.hosts.each do |key, host|
|
|
70
|
+
host.ips.each do |v, ip|
|
|
71
|
+
hg_rule = new_rule.dup
|
|
72
|
+
hg_rule.description += " (#{host.name} via #{host_group.name})"
|
|
73
|
+
hg_rule.rule.gsub!(host_group.name.to_s, ip)
|
|
74
|
+
hg_rule.versions = [v]
|
|
75
|
+
rules << hg_rule
|
|
76
|
+
end
|
|
77
|
+
end
|
|
28
78
|
else
|
|
29
|
-
|
|
79
|
+
rules << new_rule
|
|
30
80
|
end
|
|
31
81
|
end
|
|
32
|
-
new_rule.action = rule.action
|
|
33
|
-
new_rule.conditions = rule.conditions | self.conditions
|
|
34
|
-
if v = (self.options[:v] || self.options[:version])
|
|
35
|
-
new_rule.versions = [v.to_i]
|
|
36
|
-
end
|
|
37
|
-
new_rule
|
|
38
82
|
end
|
|
39
83
|
|
|
40
84
|
end
|
data/lib/riptables/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: riptables
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0
|
|
4
|
+
version: 1.1.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Adam Cooke
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2015-08-13 00:00:00.000000000 Z
|
|
12
12
|
dependencies: []
|
|
13
13
|
description: 'An Ruby DSL for generating iptables configuration. '
|
|
14
14
|
email:
|
|
@@ -27,9 +27,12 @@ files:
|
|
|
27
27
|
- lib/riptables/condition.rb
|
|
28
28
|
- lib/riptables/dsl/base.rb
|
|
29
29
|
- lib/riptables/dsl/global.rb
|
|
30
|
+
- lib/riptables/dsl/host_group.rb
|
|
30
31
|
- lib/riptables/dsl/rule.rb
|
|
31
32
|
- lib/riptables/dsl/table.rb
|
|
32
33
|
- lib/riptables/error.rb
|
|
34
|
+
- lib/riptables/host.rb
|
|
35
|
+
- lib/riptables/host_group.rb
|
|
33
36
|
- lib/riptables/role_condition.rb
|
|
34
37
|
- lib/riptables/rule.rb
|
|
35
38
|
- lib/riptables/rule_permutation.rb
|
|
@@ -60,9 +63,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
60
63
|
version: '0'
|
|
61
64
|
requirements: []
|
|
62
65
|
rubyforge_project:
|
|
63
|
-
rubygems_version: 2.
|
|
66
|
+
rubygems_version: 2.4.5
|
|
64
67
|
signing_key:
|
|
65
68
|
specification_version: 4
|
|
66
69
|
summary: An Ruby DSL for generating iptables configuration.
|
|
67
70
|
test_files: []
|
|
68
|
-
has_rdoc:
|