shutter 0.1.0 → 0.2.0

data/.travis.yml

@@ -0,0 +1,5 @@
+language: ruby
+rvm:
+  - 1.9.3
+  - 1.9.2
+  - 1.8.7

data/README.md

@@ -1,5 +1,7 @@
 # Shutter
 
+[![Build Status](https://secure.travis-ci.org/rlyon/shutter.png)](http://travis-ci.org/rlyon/shutter)
+
 Shutter is a tool that gives system administrators the ability to manage 
 iptables firewall settings through simple lists instead of complex iptables commands, making it
 easier to define host and service firewall setting with configuration management tools.  Please note:
@@ -52,7 +54,7 @@ access 'on-the-fly'.  To work correctly, you configure fail2ban to use the Jail
 INPUT.  The dynamic rules that fail2ban has created in the jail chain remain persistant when 
 shutter is 'restored' or reloaded.
 
-#### To check your firewall you can run:
+#### To show your firewall rules you can run:
 
     $ shutter --save
 
@@ -67,6 +69,13 @@ This command uses 'iptables-restore' under the hood to update the firewall.  You
 to make the changes permanent and survive reboots.  Persist can optionally take an argument which defines the location of the
 persist file if it is in a non-standard location.
 
+
+#### To check your current firewall rules generated by 'iptables-save' against the ones shutter will generate, use:
+
+    $ shutter --check
+
+The command will generate 'OK' if the rules and chains match and 'MISMATCH' if there is any variance.
+
 #### Command line options
     Usage: shutter [options]
             --init                       Create the initial configuration files.

data/lib/shutter/command_line.rb

@@ -6,13 +6,16 @@ module Shutter
     DISPLAY_OPTS_REINIT   = %q{Rereate the initial configuration files.}
     DISPLAY_OPTS_UPGRADE  = %q{Upgrade the configuration files that have changes with a new version.}
     DISPLAY_OPTS_DIR      = %q{Set the directory for configuration files.  Default is /etc/shutter.d.}
-    DISPLAY_OPTS_SAVE     = %q{Output the firewall to stdout. This is the default behavior.}
-    DISPLAY_OPTS_RESTORE  = %q{Restore the firewall through iptables-restore.}
-    DISPLAY_OPTS_PERSIST  = %q{Write the firewall to the persistance file.  If an argument is given, it will be used as the persistance file}
+    DISPLAY_OPTS_SAVE     = %q{Output the firewall rules to stdout. This is the default behavior.}
+    DISPLAY_OPTS_RESTORE  = %q{Restore the firewall rules through iptables-restore.}
+    DISPLAY_OPTS_PERSIST  = %q{Write the firewall to the persistance file.  If an argument is given, it will be used as the persistance file.}
+    DISPLAY_OPTS_CHECK    = %q{Check to see if the generated rules match the current firewall rules.}
     DISPLAY_OPTS_DEBUG    = %q{Turn on debugging for extra output.}
     DISPLAY_OPTS_HELP     = %q{Display help and exit.}
     DISPLAY_OPTS_VERSION  = %q{Display version and exit.}
 
+    attr_reader :os
+
     def initialize( path = "/etc/shutter.d")
       @config_path = path
       @os = Shutter::OS.new
@@ -71,6 +74,10 @@ module Shutter
           @persist = true
           @persist_file = file || persist_file
         end
+        # Check the generated rules against the current rules
+        opts.on( '-c', "--check", DISPLAY_OPTS_PERSIST) do |file| 
+          @command = :check
+        end
         # Sets the directory for configuration files
         opts.on( '-d', '--dir DIR', DISPLAY_OPTS_DIR) do |dir| 
           @config_path = dir
@@ -111,6 +118,12 @@ module Shutter
         firewall.restore
         puts "Writing to #{persist_file}" if persist
         firewall.persist(persist_file) if persist
+      when :check
+        if firewall.check
+          puts "OK"
+        else
+          puts "MISMATCH"
+        end
       end
     end
   end

data/lib/shutter/content.rb

@@ -48,27 +48,9 @@ BASE_IPT = %q{# Generated by Shutter
 # [RULES:JAIL]
 
 ##################################################################
-# Validity/Scanning/DDOS checking
+# Validity checking
 ##################################################################
 -A ValidCheck -m state --state INVALID -j DropInvalid
--A ValidCheck -p tcp --tcp-flags ALL FIN,URG,PSH -j DropScan
--A ValidCheck -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DropScan
--A ValidCheck -p tcp --tcp-flags ALL ALL -j DropScan
--A ValidCheck -p tcp --tcp-flags ALL FIN -j DropScan
--A ValidCheck -p tcp --tcp-flags ACK,FIN FIN -j DropScan
--A ValidCheck -p tcp --tcp-flags ACK,PSH PSH -j DropScan
--A ValidCheck -p tcp --tcp-flags ACK,URG URG -j DropScan
--A ValidCheck -p tcp --tcp-flags FIN,RST FIN,RST -j DropScan
--A ValidCheck -p tcp --tcp-flags ALL SYN,FIN -j DropScan
--A ValidCheck -p tcp --tcp-flags ALL URG,PSH,FIN -j DropScan
--A ValidCheck -p tcp --tcp-flags ALL URG,PSH,SYN,FIN -j DropScan
--A ValidCheck -p tcp --tcp-flags SYN,RST SYN,RST -j DropScan
--A ValidCheck -p tcp --tcp-flags SYN,FIN SYN,FIN -j DropScan
--A ValidCheck -p tcp --tcp-flags ALL NONE -j DropScan
--A ValidCheck -p tcp --tcp-option 64 -j DropScan
--A ValidCheck -p tcp --tcp-option 128 -j DropScan
--A ValidCheck -p tcp ! --dport 2049 -m multiport --sports 20,21,22,23,80,110,143,443,993,995 -j DropDDOS
--A ValidCheck -p udp ! --dport 2049 -m multiport --sports 20,21,22,23,80,110,143,443,993,995 -j DropDDOS
 -A ValidCheck -j RETURN
 
 ##################################################################

data/lib/shutter/iptables.rb

@@ -96,6 +96,16 @@ module Shutter
         "#{@os.iptables_restore}"
       end
 
+      ###
+      ### Check to see if base and iptables-save content match
+      ###
+      def check
+        gen_rules = filter_and_sort(generate)
+        ips_rules = filter_and_sort(iptables_save)
+        extra_rules = ips_rules - gen_rules
+        extra_rules.empty?
+      end
+
       ###
       ### Block Generation
       ###
@@ -213,6 +223,17 @@ module Shutter
         "-A Dmz -i #{iface} -j ACCEPT\n"
       end
 
+      private
+      ###
+      ### Filter and sort iptables-save for checking
+      ###
+      def filter_and_sort(content)
+        filtered = content.scan(/^[:-].*$/).sort
+        # Make sure that we remove (gsub) the counts on the chains and remove any
+        # trailing whitespace and newlines
+        filtered.map {|x| x.gsub(/\ \[.*\]/,"").strip}
+      end
+
     end
   end
 end

data/lib/shutter/version.rb

@@ -1,3 +1,3 @@
 module Shutter
-  VERSION = "0.1.0"
+  VERSION = "0.2.0"
 end

data/shutter.gemspec

@@ -19,6 +19,7 @@ Gem::Specification.new do |gem|
   gem.name          = "shutter"
   gem.require_paths = ["lib"]
   gem.version       = Shutter::VERSION
+  gem.add_development_dependency "rake"
   gem.add_development_dependency('rspec')
   gem.add_development_dependency('mocha')
   gem.add_development_dependency('simplecov')

data/spec/command_line_spec.rb

@@ -2,9 +2,16 @@ require File.dirname(__FILE__) + '/spec_helper'
 
 describe "Shutter::CommandLine" do
   before(:each) do
+    FileUtils.mkdir("./tmp")
+    Shutter::Files.create("./tmp")
     @cmd = Shutter::CommandLine.new("./tmp")
   end
 
+  after(:each) do
+    FileUtils.rm Dir.glob('./tmp/*')
+    FileUtils.rmdir("./tmp")
+  end
+
   it "should not raise exception when firewall is called" do
     expect { @cmd.firewall }.to_not raise_error
   end
@@ -36,6 +43,13 @@ describe "Shutter::CommandLine" do
     @cmd.persist.should == true
   end
 
+  it "should set the command to :check" do
+    @cmd.execute(["--check"],true)
+    @cmd.command.should == :check
+    @cmd.execute(["-c"],true)
+    @cmd.command.should == :check
+  end
+
   it "should set the command to :init" do
     @cmd.execute(["--init"],true)
     @cmd.command.should == :init
@@ -52,31 +66,31 @@ describe "Shutter::CommandLine" do
   end
 
   it "should set the config path and persist" do
-    Shutter::OS.stubs(:version).returns("Unknown")
-    @cmd.execute(["--dir", "/tmp", "--restore", "--persist"],true)
+    @cmd.os.stubs(:version).returns("Unknown")
+    @cmd.execute(["--dir", "./tmp", "--restore", "--persist"],true)
     @cmd.command.should == :restore
     @cmd.persist.should == true
     @cmd.persist_file.should == "/tmp/iptables.rules"
-    @cmd.config_path.should == "/tmp"
-    @cmd.execute(["-d", "/tmp", "--restore", "--persist"],true)
+    @cmd.config_path.should == "./tmp"
+    @cmd.execute(["-d", "./tmp", "--restore", "--persist"],true)
     @cmd.command.should == :restore
     @cmd.persist.should == true
     @cmd.persist_file.should == "/tmp/iptables.rules"
-    @cmd.config_path.should == "/tmp"
+    @cmd.config_path.should == "./tmp"
   end
 
   it "should set the config path and persist with file" do
-    Shutter::OS.stubs(:version).returns("Unknown")
-    @cmd.execute(["--dir", "/tmp", "--restore", "--persist", "/tmp/persistance.file"],true)
+    @cmd.os.stubs(:version).returns("Unknown")
+    @cmd.execute(["--dir", "./tmp", "--restore", "--persist", "./tmp/persistance.file"],true)
     @cmd.command.should == :restore
     @cmd.persist.should == true
-    @cmd.persist_file.should == "/tmp/persistance.file"
-    @cmd.config_path.should == "/tmp"
-    @cmd.execute(["-d", "/tmp", "--restore", "--persist", "/tmp/persistance.file"],true)
+    @cmd.persist_file.should == "./tmp/persistance.file"
+    @cmd.config_path.should == "./tmp"
+    @cmd.execute(["-d", "./tmp", "--restore", "--persist", "./tmp/persistance.file"],true)
     @cmd.command.should == :restore
     @cmd.persist.should == true
-    @cmd.persist_file.should == "/tmp/persistance.file"
-    @cmd.config_path.should == "/tmp"
+    @cmd.persist_file.should == "./tmp/persistance.file"
+    @cmd.config_path.should == "./tmp"
   end
 
 end

data/spec/content_spec.rb

@@ -3,7 +3,7 @@ require File.dirname(__FILE__) + '/spec_helper'
 describe "Shutter" do
   it "should have templates for all files" do
     Shutter::Content::CONFIG_FILES.each do |name|
-      Shutter::Content.constants.include?(:"#{name.upcase.gsub(/\./, "_")}").should == true
+      Shutter::Content.const_defined?(:"#{name.upcase.gsub(/\./, "_")}").should == true
     end
   end
 end

data/spec/files/iptables_save.out

@@ -61,25 +61,7 @@
 -A Private ! -d 0.0.0.255/0.0.0.255 -m limit --limit 3/min -j LOG --log-prefix "iptables: Unauthorized:" 
 -A Private -j DROP 
 -A Public -j RETURN 
--A ValidCheck -m state --state INVALID -j DropInvalid 
--A ValidCheck -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DropScan 
--A ValidCheck -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG -j DropScan 
--A ValidCheck -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DropScan 
--A ValidCheck -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN -j DropScan 
--A ValidCheck -p tcp -m tcp --tcp-flags FIN,ACK FIN -j DropScan 
--A ValidCheck -p tcp -m tcp --tcp-flags PSH,ACK PSH -j DropScan 
--A ValidCheck -p tcp -m tcp --tcp-flags ACK,URG URG -j DropScan 
--A ValidCheck -p tcp -m tcp --tcp-flags FIN,RST FIN,RST -j DropScan 
--A ValidCheck -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN -j DropScan 
--A ValidCheck -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DropScan 
--A ValidCheck -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,PSH,URG -j DropScan 
--A ValidCheck -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DropScan 
--A ValidCheck -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DropScan 
--A ValidCheck -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DropScan 
--A ValidCheck -p tcp -m tcp --tcp-option 64 -j DropScan 
--A ValidCheck -p tcp -m tcp --tcp-option 128 -j DropScan 
--A ValidCheck -p tcp -m tcp ! --dport 2049 -m multiport --sports 20,21,22,23,80,110,143,443,993,995 -j DropDDOS 
--A ValidCheck -p udp -m udp ! --dport 2049 -m multiport --sports 20,21,22,23,80,110,143,443,993,995 -j DropDDOS 
+-A ValidCheck -m state --state INVALID -j DropInvalid  
 -A ValidCheck -j RETURN 
 -A fail2ban-SSH -j RETURN
 COMMIT

data/spec/files/iptables_save_bare.out

@@ -0,0 +1,60 @@
+# Generated by iptables-save v1.4.7 on Sat Sep 29 14:34:04 2012
+*filter
+:INPUT DROP [0:0]
+:FORWARD DROP [0:0]
+:OUTPUT ACCEPT [3763472:853134022]
+:AllowIP - [0:0]
+:Allowed - [0:0]
+:Bastards - [0:0]
+:Dmz - [0:0]
+:DropBastards - [0:0]
+:DropDDOS - [0:0]
+:DropInvalid - [0:0]
+:DropJail - [0:0]
+:DropScan - [0:0]
+:Jail - [0:0]
+:Private - [0:0]
+:Public - [0:0]
+:ValidCheck - [0:0]
+:fail2ban-SSH - [0:0]
+-A INPUT -i lo -j ACCEPT 
+-A INPUT -j Jail 
+-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
+-A INPUT -j ValidCheck 
+-A INPUT -j Dmz 
+-A INPUT -j Bastards 
+-A INPUT -j Public 
+-A INPUT -j AllowIP 
+-A INPUT ! -d 0.0.0.255/0.0.0.255 -m limit --limit 1/min -j LOG --log-prefix "iptables: Block:" 
+-A INPUT -j DROP 
+-A AllowIP -j RETURN 
+-A Allowed -p icmp -m state --state NEW -m icmp --icmp-type 0 -j ACCEPT 
+-A Allowed -p icmp -m state --state NEW -m icmp --icmp-type 3 -j ACCEPT 
+-A Allowed -p icmp -m state --state NEW -m icmp --icmp-type 8 -j ACCEPT 
+-A Allowed -p icmp -m state --state NEW -m icmp --icmp-type 11 -j ACCEPT 
+-A Allowed -j Private 
+-A Allowed ! -d 0.0.0.255/0.0.0.255 -m limit --limit 1/min -j LOG --log-prefix "iptables: Authorized:" 
+-A Allowed -j ACCEPT 
+-A Bastards -j RETURN 
+-A Dmz -i eth0 -j ACCEPT 
+-A Dmz -j RETURN 
+-A DropBastards ! -d 0.0.0.255/0.0.0.255 -m limit --limit 3/min -j LOG --log-prefix "iptables: Bastards:" 
+-A DropBastards -j DROP 
+-A DropDDOS ! -d 0.0.0.255/0.0.0.255 -m limit --limit 3/min -j LOG --log-prefix "iptables: DDOS detected:" 
+-A DropDDOS -j DROP 
+-A DropInvalid ! -d 0.0.0.255/0.0.0.255 -m limit --limit 3/min -j LOG --log-prefix "iptables: Invalid:" 
+-A DropInvalid -j DROP 
+-A DropJail ! -d 0.0.0.255/0.0.0.255 -m limit --limit 3/min -j LOG --log-prefix "iptables: Jail:" 
+-A DropJail -j DROP 
+-A DropScan ! -d 0.0.0.255/0.0.0.255 -m limit --limit 3/min -j LOG --log-prefix "iptables: Scan detected:" 
+-A DropScan -j DROP 
+-A Jail -p tcp -m tcp --dport 22 -j fail2ban-SSH
+-A Jail -j RETURN
+-A Private ! -d 0.0.0.255/0.0.0.255 -m limit --limit 3/min -j LOG --log-prefix "iptables: Unauthorized:" 
+-A Private -j DROP 
+-A Public -j RETURN 
+-A ValidCheck -m state --state INVALID -j DropInvalid  
+-A ValidCheck -j RETURN 
+-A fail2ban-SSH -j RETURN
+COMMIT
+# Completed on Sat Sep 29 14:34:04 2012

data/spec/files/iptables_save_extrarules.out

@@ -0,0 +1,68 @@
+# Generated by iptables-save v1.4.7 on Sat Sep 29 14:34:04 2012
+*filter
+:INPUT DROP [0:0]
+:FORWARD DROP [0:0]
+:OUTPUT ACCEPT [3763472:853134022]
+:AllowIP - [0:0]
+:Allowed - [0:0]
+:Bastards - [0:0]
+:Dmz - [0:0]
+:DropBastards - [0:0]
+:DropDDOS - [0:0]
+:DropInvalid - [0:0]
+:DropJail - [0:0]
+:DropScan - [0:0]
+:Jail - [0:0]
+:Private - [0:0]
+:Public - [0:0]
+:ValidCheck - [0:0]
+:fail2ban-SSH - [0:0]
+-A INPUT -i lo -j ACCEPT 
+-A INPUT -j Jail 
+-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
+-A INPUT -j ValidCheck 
+-A INPUT -j Dmz 
+-A INPUT -j Bastards 
+-A INPUT -j Public 
+-A INPUT -j AllowIP 
+-A INPUT ! -d 0.0.0.255/0.0.0.255 -m limit --limit 1/min -j LOG --log-prefix "iptables: Block:" 
+-A INPUT -j DROP 
+-A AllowIP -s 192.168.0.0/16 -m state --state NEW -j Allowed 
+-A AllowIP -s 172.16.0.0/12 -m state --state NEW -j Allowed 
+-A AllowIP -s 10.0.0.0/8 -m state --state NEW -j Allowed 
+-A AllowIP -s 129.101.159.128/26 -m state --state NEW -j Allowed 
+-A AllowIP -s 129.101.142.128/26 -m state --state NEW -j Allowed 
+-A AllowIP -s 129.101.170.53/32 -m state --state NEW -j Allowed 
+-A AllowIP -s 129.101.112.0/24 -m state --state NEW -j Allowed 
+-A AllowIP -j RETURN 
+-A Allowed -p icmp -m state --state NEW -m icmp --icmp-type 0 -j ACCEPT 
+-A Allowed -p icmp -m state --state NEW -m icmp --icmp-type 3 -j ACCEPT 
+-A Allowed -p icmp -m state --state NEW -m icmp --icmp-type 8 -j ACCEPT 
+-A Allowed -p icmp -m state --state NEW -m icmp --icmp-type 11 -j ACCEPT 
+-A Allowed -j Private 
+-A Allowed ! -d 0.0.0.255/0.0.0.255 -m limit --limit 1/min -j LOG --log-prefix "iptables: Authorized:" 
+-A Allowed -j ACCEPT 
+-A Bastards -j RETURN 
+-A Dmz -i eth0 -j ACCEPT 
+-A Dmz -j RETURN 
+-A DropBastards ! -d 0.0.0.255/0.0.0.255 -m limit --limit 3/min -j LOG --log-prefix "iptables: Bastards:" 
+-A DropBastards -j DROP 
+-A DropDDOS ! -d 0.0.0.255/0.0.0.255 -m limit --limit 3/min -j LOG --log-prefix "iptables: DDOS detected:" 
+-A DropDDOS -j DROP 
+-A DropInvalid ! -d 0.0.0.255/0.0.0.255 -m limit --limit 3/min -j LOG --log-prefix "iptables: Invalid:" 
+-A DropInvalid -j DROP 
+-A DropJail ! -d 0.0.0.255/0.0.0.255 -m limit --limit 3/min -j LOG --log-prefix "iptables: Jail:" 
+-A DropJail -j DROP 
+-A DropScan ! -d 0.0.0.255/0.0.0.255 -m limit --limit 3/min -j LOG --log-prefix "iptables: Scan detected:" 
+-A DropScan -j DROP 
+-A Jail -p tcp -m tcp --dport 22 -j fail2ban-SSH
+-A Jail -j RETURN 
+-A Private -p tcp -m state --state NEW -m tcp --dport 22 -j RETURN 
+-A Private ! -d 0.0.0.255/0.0.0.255 -m limit --limit 3/min -j LOG --log-prefix "iptables: Unauthorized:" 
+-A Private -j DROP 
+-A Public -j RETURN 
+-A ValidCheck -m state --state INVALID -j DropInvalid  
+-A ValidCheck -j RETURN 
+-A fail2ban-SSH -j RETURN
+COMMIT
+# Completed on Sat Sep 29 14:34:04 2012

data/spec/files_spec.rb

@@ -2,6 +2,16 @@ require File.dirname(__FILE__) + '/spec_helper'
 require 'fileutils'
 
 describe "Shutter::Files" do
+  before(:each) do
+    FileUtils.mkdir("./tmp")
+    @cmd = Shutter::CommandLine.new("./tmp")
+  end
+
+  after(:each) do
+    FileUtils.rm Dir.glob('./tmp/*')
+    FileUtils.rmdir("./tmp")
+  end
+
   it "should create the configuration directory if it does not exist" do
     Shutter::Files.create_config_dir('./tmp/configs')
     File.directory?('./tmp/configs').should == true
@@ -12,11 +22,11 @@ describe "Shutter::Files" do
     expect { Shutter::Files.create_config_dir('./tmp/configs/this') }.to raise_error
   end
 
-  it "should include the templates for all files" do
-    Shutter::Files::CONFIG_FILES.each do |name|
-      Shutter::Files.constants.include?(:"#{name.upcase.gsub(/\./, "_")}").should == true
-    end
-  end
+  # it "should include the templates for all files" do
+  #   Shutter::Files::CONFIG_FILES.each do |name|
+  #     Shutter::Files.const_defined?(:"#{name.upcase.gsub(/\./, "_")}").should == true
+  #   end
+  # end
 
   it "should create the files in the configuration directory if they do not exist" do
     Shutter::Files.create_config_dir('./spec/tmp')

data/spec/iptables_spec.rb

@@ -53,6 +53,18 @@ describe "Shutter::Firewall::IPTables" do
 }
   end
 
+  it "should return true if generated rules and iptables-save rules match" do
+    iptables_save = File.read("./spec/files/iptables_save_bare.out")
+    @ipt.stubs(:iptables_save).returns(iptables_save)
+    @ipt.check.should == true
+  end
+
+  it "should return false if generated rules and iptables-save rules don't match" do
+    iptables_save = File.read("./spec/files/iptables_save_extrarules.out")
+    @ipt.stubs(:iptables_save).returns(iptables_save)
+    @ipt.check.should == false
+  end
+
   it "should return the correct output for generate" do
     iptables_save = File.read("./spec/files/iptables_save.out")
     @ipt.stubs(:iptables_save).returns(iptables_save)

data/spec/spec_helper.rb

@@ -9,7 +9,7 @@ end
 
 require 'rubygems'
 require 'bundler/setup'
-require 'mocha_standalone'
+require 'mocha/api'
 require 'shutter'
 
 RSpec.configure do |config|

metadata

@@ -1,78 +1,90 @@
---- !ruby/object:Gem::Specification
+--- !ruby/object:Gem::Specification 
 name: shutter
-version: !ruby/object:Gem::Version
-  version: 0.1.0
+version: !ruby/object:Gem::Version 
+  hash: 23
   prerelease: 
+  segments: 
+  - 0
+  - 2
+  - 0
+  version: 0.2.0
 platform: ruby
-authors:
+authors: 
 - Rob Lyon
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-10-01 00:00:00.000000000 Z
-dependencies:
-- !ruby/object:Gem::Dependency
-  name: rspec
-  requirement: !ruby/object:Gem::Requirement
+
+date: 2013-02-03 00:00:00 Z
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  prerelease: false
+  name: rake
+  version_requirements: &id001 !ruby/object:Gem::Requirement 
     none: false
-    requirements:
-    - - ! '>='
-      - !ruby/object:Gem::Version
-        version: '0'
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
   type: :development
+  requirement: *id001
+- !ruby/object:Gem::Dependency 
   prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
+  name: rspec
+  version_requirements: &id002 !ruby/object:Gem::Requirement 
     none: false
-    requirements:
-    - - ! '>='
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  type: :development
+  requirement: *id002
+- !ruby/object:Gem::Dependency 
+  prerelease: false
   name: mocha
-  requirement: !ruby/object:Gem::Requirement
+  version_requirements: &id003 !ruby/object:Gem::Requirement 
     none: false
-    requirements:
-    - - ! '>='
-      - !ruby/object:Gem::Version
-        version: '0'
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
   type: :development
+  requirement: *id003
+- !ruby/object:Gem::Dependency 
   prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ! '>='
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
   name: simplecov
-  requirement: !ruby/object:Gem::Requirement
+  version_requirements: &id004 !ruby/object:Gem::Requirement 
     none: false
-    requirements:
-    - - ! '>='
-      - !ruby/object:Gem::Version
-        version: '0'
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
   type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ! '>='
-      - !ruby/object:Gem::Version
-        version: '0'
-description: ! "Shutter is a tool that gives system administrators the ability \n
-  \                        to manage iptables firewall settings through simple lists
-  instead \n                         of complex iptables rules. Please note:  This
-  application is currently \n                         only tested with Red Hat based
-  distributions.  Ubuntu and Debian should \n                         work but are
-  not supported..\n                        "
-email:
+  requirement: *id004
+description: "Shutter is a tool that gives system administrators the ability \n                         to manage iptables firewall settings through simple lists instead \n                         of complex iptables rules. Please note:  This application is currently \n                         only tested with Red Hat based distributions.  Ubuntu and Debian should \n                         work but are not supported..\n                        "
+email: 
 - nosignsoflifehere@gmail.com
-executables:
+executables: 
 - shutter
 extensions: []
+
 extra_rdoc_files: []
-files:
+
+files: 
 - .gitignore
+- .travis.yml
 - Gemfile
 - LICENSE
 - README.md
@@ -95,37 +107,48 @@ files:
 - spec/files/ip.allow
 - spec/files/ip.deny
 - spec/files/iptables_save.out
+- spec/files/iptables_save_bare.out
+- spec/files/iptables_save_extrarules.out
 - spec/files/ports.private
 - spec/files/ports.public
 - spec/files_spec.rb
 - spec/iptables_spec.rb
 - spec/os_spec.rb
 - spec/spec_helper.rb
-homepage: ''
+homepage: ""
 licenses: []
+
 post_install_message: 
 rdoc_options: []
-require_paths:
+
+require_paths: 
 - lib
-required_ruby_version: !ruby/object:Gem::Requirement
+required_ruby_version: !ruby/object:Gem::Requirement 
   none: false
-  requirements:
-  - - ! '>='
-    - !ruby/object:Gem::Version
-      version: '0'
-required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
   none: false
-  requirements:
-  - - ! '>='
-    - !ruby/object:Gem::Version
-      version: '0'
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
 requirements: []
+
 rubyforge_project: 
-rubygems_version: 1.8.20
+rubygems_version: 1.8.25
 signing_key: 
 specification_version: 3
 summary: Shutter helps manage iptables firewalls
-test_files:
+test_files: 
 - spec/command_line_spec.rb
 - spec/content_spec.rb
 - spec/files/base.ipt
@@ -134,6 +157,8 @@ test_files:
 - spec/files/ip.allow
 - spec/files/ip.deny
 - spec/files/iptables_save.out
+- spec/files/iptables_save_bare.out
+- spec/files/iptables_save_extrarules.out
 - spec/files/ports.private
 - spec/files/ports.public
 - spec/files_spec.rb