RubyGems - spior - Versions diffs - 0.1.6 → 0.3.5 - Mend

spior 0.1.6 → 0.3.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (44) hide show

checksums.yaml +4 -4
checksums.yaml.gz.sig +0 -0
data/.github/workflows/rubocop-analysis.yml +47 -0
data/.gitignore +1 -0
data/CHANGELOG.md +21 -0
data/Gemfile +5 -0
data/README.md +13 -3
data/Rakefile +20 -9
data/bin/spior +1 -0
data/lib/auth.rb +46 -0
data/lib/spior/dep.rb +38 -23
data/lib/spior/helpers.rb +22 -25
data/lib/spior/iptables/default.rb +19 -13
data/lib/spior/iptables/root.rb +37 -37
data/lib/spior/iptables/rules.rb +103 -0
data/lib/spior/iptables/tor.rb +24 -23
data/lib/spior/iptables.rb +4 -0
data/lib/spior/ipv6.rb +35 -0
data/lib/spior/menu.rb +18 -24
data/lib/spior/msg.rb +30 -8
data/lib/spior/options.rb +20 -22
data/lib/spior/service/enable.rb +66 -0
data/lib/spior/service/restart.rb +5 -12
data/lib/spior/service/start.rb +7 -17
data/lib/spior/service/stop.rb +14 -0
data/lib/spior/service.rb +5 -0
data/lib/spior/status.rb +32 -24
data/lib/spior/tor/config.rb +137 -0
data/lib/spior/tor/data.rb +53 -0
data/lib/spior/tor/start.rb +65 -0
data/lib/spior/tor/stop.rb +53 -0
data/lib/spior/tor.rb +7 -1
data/lib/spior/version.rb +3 -1
data/lib/spior.rb +18 -23
data/spior.gemspec +24 -21
data/test/test_install.rb +2 -2
data/test/test_options.rb +2 -0
data.tar.gz.sig +2 -2
metadata +59 -51
metadata.gz.sig +0 -0
data/lib/spior/clear.rb +0 -35
data/lib/spior/copy.rb +0 -84
data/lib/spior/persist.rb +0 -51
data/lib/spior/tor/info.rb +0 -96

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: fc3cc3a5fd8b8a7ace72820d60d145efa04795f86a3381e3156178d4d4cfd09c
-  data.tar.gz: 8de21a9ee54c6dc50f3aad1e1a828dd92173c7a5b31571498af19d75b6fd20bf
+  metadata.gz: ecae8f75479fb87d8b09a28ea74c86728923802feb7b6c495af0c6e455dfc986
+  data.tar.gz: 442c8fbf6ea54e45b6b48abc4ba5de582ae09ae73bd71c1fce497ea082c929c1
 SHA512:
-  metadata.gz: acb66a1dd30e69c73f7ac79dbca7263fee90bd8bd6a8a1ace9dc7b35365a4996ce29aebde3d0652d1039f56ddcff259c29b739b8f3421bb9701b33a3d7b97c71
-  data.tar.gz: 284146408ef4dd90edf60e74f98488d0f5bf1ea92fdfff72edd30c219c26600c5e7934e71c7b54fc07bf7cf11a0e8b06ab31515d1314cc23ca570c029da551d3
+  metadata.gz: fe92411f967699b8cd29129f174030bb44a0d6ea2616fa5ff579e0879da63dfce83ce7bfeadfbed7e536141a882ff118315f730d3a26e45d8756bf9aed416130
+  data.tar.gz: 2195a94c764fcdecc221d2cea1688ca241901ac948cb02fb285b2c4c234b2f73335b2c44bd227014e795e32621b8221616dcaaecada2e95e779fad543d21ffff

checksums.yaml.gz.sig CHANGED Viewed

Binary file

data/.github/workflows/rubocop-analysis.yml ADDED Viewed

@@ -0,0 +1,47 @@
+# pulled from repo
+name: "Rubocop"
+on:
+  push:
+    branches: [ devel ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ devel ]
+  schedule:
+    - cron: '42 4 * * 6'
+jobs:
+  rubocop:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v1
+    # If running on a self-hosted runner, check it meets the requirements
+    # listed at https://github.com/ruby/setup-ruby#using-self-hosted-runners
+    - name: Set up Ruby
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: 2.6
+    # This step is not necessary if you add the gem to your Gemfile
+    - name: Install Code Scanning integration
+      run: bundle add code-scanning-rubocop --skip-install
+    - name: Install dependencies
+      run: bundle install
+    - name: Rubocop run
+      run: |
+        bash -c "
+          bundle exec rubocop --require code_scanning --format CodeScanning::SarifFormatter -o rubocop.sarif
+          [[ $? -ne 2 ]]
+        "
+    - name: Upload Sarif output
+      uses: github/codeql-action/upload-sarif@v2
+      with:
+        sarif_file: rubocop.sarif

data/.gitignore CHANGED Viewed

@@ -38,6 +38,7 @@ build-iPhoneSimulator/
 /_yardoc/
 /doc/
 /rdoc/
+/html/
 ## Environment normalization:
 /.bundle/

data/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,24 @@
+## 0.3.5, release 2023-10-26
+* Better code style, only 11 alerts from rubocop.
+* spior -t also block ipv6 traffic, no need to reboot.
+* Config is written at /etc/torrc.d/spior.conf and loaded with the native daemon.
+* Only '%include /etc/torrc.d/*.conf' is now added to /etc/tor/torrc.
+* Certificate update `certs/szorfein.pem`.
+## 0.2.8, release 2022-09-16
+* Spior used with `--clearnet` try to restore iptables rules found on your system, e.g: `/etc/iptables/iptables.rules` and `/etc/iptables/iptables.rules-backup` for Archlinux or use `Spior::Iptables::Default`.
+* Stdout enhanced.
+* Enhance `Spior::Dep` for install the dependencies.
+* Make `Spior::Persist` work for Archlinux.
+* Update `Spior::Menu`.
+* Start documenting code.
+* `spior --reload` make a new IP each time it called, `Spior::Service` was rewritten.
+* Spior can be configured with `Spior::CONFIG` if used as library.
+* Spior look options from the `/etc/tor/torrc` and use them if any.
+* Add Rubocop style, fix ~300 code reports.
+* Spior no longer backup/restore the file `/etc/tor/torrc`.
+* Certificate update `certs/szorfein.pem`.
 ## 0.1.6, release 2021-12-30
 * Make it work for Voidlinux.
 * Add a man page.

data/Gemfile ADDED Viewed

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+source 'https://rubygems.org'
+gem 'code-scanning-rubocop'

data/README.md CHANGED Viewed

@@ -4,11 +4,14 @@
 <br/>
 [![Gem Version](https://badge.fury.io/rb/spior.svg)](https://badge.fury.io/rb/spior)
+![GitHub Workflow Status (branch)](https://img.shields.io/github/workflow/status/szorfein/spior/Rubocop/develop)
+[![Ruby Style Guide](https://img.shields.io/badge/code_style-rubocop-brightgreen.svg)](https://github.com/rubocop/rubocop)
 ![GitHub](https://img.shields.io/github/license/szorfein/spior)
 </div>
-(Spider|Tor) A tool to make TOR your default gateway.
+(Spider|Tor) A tool to redirect all your local traffic to the [Tor](https://www.torproject.org/) network.
 ## Install
 Spior is cryptographically signed, so add my public key (if you haven’t already) as a trusted certificate.
@@ -19,10 +22,15 @@ And install the gem:
     $ gem install spior -P MediumSecurity
-Or user wide (Spior will use `sudo`)
+Or user wide (Spior will use `sudo`, `doas` will be supported in next release)
     $ gem install --user-install spior
+## Requirements
+Spior use `iptables` and `tor`, which can be installed with (if your distro is supported):
+    $ spior --install
 ## Usage
     $ spior -h
@@ -51,4 +59,6 @@ For any questions, comments, feedback or issues, submit a [new issue](https://gi
 ### links
 + https://rubyreferences.github.io/rubyref
-+ https://rubystyle.guide/
++ https://rubystyle.guide/
++ https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TransparentProxy
++ https://github.com/epidemics-scepticism/writing/blob/master/misconception.md

data/Rakefile CHANGED Viewed

@@ -1,20 +1,31 @@
+# frozen_string_literal: true
 # https://github.com/seattlerb/minitest#running-your-tests-
-require "rake/testtask"
-require File.dirname(__FILE__) + "/lib/spior/version"
+require 'rake/testtask'
+require 'rdoc/task'
+require "#{File.dirname(__FILE__)}/lib/spior/version"
+# rake rdoc
+Rake::RDocTask.new('rdoc') do |rdoc|
+  rdoc.title = 'spior'
+  rdoc.options << '--line-numbers'
+  rdoc.main = 'README.md'
+  rdoc.rdoc_files.include 'lib/**/*.rb', 'README.md'
+end
 Rake::TestTask.new(:test) do |t|
-  t.libs << "test"
-  t.libs << "lib"
-  t.test_files = FileList["test/test_*.rb"]
+  t.libs << 'test'
+  t.libs << 'lib'
+  t.test_files = FileList['test/test_*.rb']
 end
 namespace :gem do
-  desc "build the gem"
+  desc 'build the gem'
   task :build do
-    Dir["spior*.gem"].each {|f| File.unlink(f) }
-    system("gem build spior.gemspec")
+    Dir['spior*.gem'].each { |f| File.unlink(f) }
+    system('gem build spior.gemspec')
     system("gem install --user-install spior-#{Spior::VERSION}.gem -P MediumSecurity")
   end
 end
-task :default => :test
+task default: :test

data/bin/spior CHANGED Viewed

@@ -1,4 +1,5 @@
 #!/usr/bin/env ruby
+# frozen_string_literal: true
 require 'spior'

data/lib/auth.rb ADDED Viewed

@@ -0,0 +1,46 @@
+# lib/auth.rb
+# frozen_string_literal: true
+require 'open3'
+# When action require privilege, Auth search on the system for sudo or doas.
+class Auth
+  def initialize
+    @auth = search_app
+  end
+  def mkdir(path)
+    return unless File.exist?(path)
+    x("mkdir -p #{path}")
+  end
+  def sysctl(flag, value)
+    return if flag.nil?
+    x("sysctl -w #{flag}=#{value}")
+  end
+  protected
+  def search_app
+    if File.exist?('/usr/bin/doas') || File.exist?('/bin/doas')
+      'doas'
+    elsif File.exist?('/usr/bin/sudo') || File.exist?('/bin/sudo')
+      'sudo'
+    else
+      warn 'No auth program found, Spior need few privileges.'
+    end
+  end
+  private
+  def x(args)
+    Open3.popen2e("#{@auth} #{args}") do |_, stdout, wait_thr|
+      puts stdout.gets while stdout.gets
+      exit_status = wait_thr.value
+      raise "An error expected with #{@auth} #{args}" unless exit_status.success?
+    end
+  end
+end

data/lib/spior/dep.rb CHANGED Viewed

@@ -1,37 +1,52 @@
+# frozen_string_literal: true
 require 'nomansland'
 require 'tty-which'
 module Spior
+  # Dep: install all dependencies for Spior
   module Dep
-    def self.check
-      deps = [ 'iptables', 'tor' ]
-      is_ok = true
-      Msg.p 'Searching dependencies...'
-      deps.each {|dep|
-        unless TTY::Which.exist? dep
-          Msg.err "-> #{dep} is lacked."
-          is_ok = false
-        end
-      }
-      exit 1 unless is_ok
+    module_function
+    def looking
+      case Nomansland.distro?
+      when :archlinux
+        installing_deps('Arch', %w[iptables tor])
+      when :debian
+        installing_deps('Debian', %w[iptables tor])
+      when :gentoo
+        installing_deps('Gentoo', %w[iptables tor])
+      when :void
+        installing_deps('Void', %w[iptables tor])
+      else
+        Msg.report 'Install for your distro is not yet supported.'
+      end
     end
-    def self.install
-      case Nomansland::installer?
+    def installing_deps(distro, names)
+      names.map do |n|
+        Msg.p "Search #{n} for #{distro}..."
+        install(n) unless search_dep(n)
+      end
+    end
+    def install(name)
+      case Nomansland.installer?
+      when :apt_get
+        Helpers::Exec.new('apt-get').run("install #{name}")
       when :emerge
-        Helpers::Exec.new('emerge -av').run('tor iptables')
+        Helpers::Exec.new('emerge').run("-av #{name}")
       when :pacman
-        Helpers::Exec.new('pacman -S').run('tor iptables')
-      when :yum
-        Helpers::Exec.new('yum install').run('tor iptables')
+        Helpers::Exec.new('pacman').run("-S #{name}")
       when :void
-        Helpers::Exec.new('xbps-install -y').run('tor iptables runit-iptables')
-      when :debian
-        Helpers::Exec.new('apt-get install').run('tor iptables iptables-persistent')
-      else
-        Msg.report 'Your system is not yet supported.'
+        Helpers::Exec.new('xbps-install').run("-y #{name}")
+      when :yum
+        Helpers::Exec.new('yum').run("install #{name}")
       end
-      exit 0
+    end
+    def search_dep(name)
+      TTY::Which.exist?(name) ? true : false
     end
   end
 end

data/lib/spior/helpers.rb CHANGED Viewed

@@ -1,8 +1,11 @@
+# frozen_string_literal: true
 require 'fileutils'
 require 'tempfile'
 require 'open3'
 module Helpers
+  # Execute program using sudo when permission is required
   class Exec
     def initialize(name)
       @search_uid = Process::Sys.getuid
@@ -10,16 +13,12 @@ module Helpers
     end
     def run(args)
-      cmd = @search_uid == '0' ? @name : "sudo #{@name}"
-      Open3.popen2e("#{cmd} #{args}") do |stdin, stdout_err, wait_thr|
-        while line = stdout_err.gets
-          puts line
-        end
+      cmd = (@search_uid == '0' ? @name : "sudo #{@name}")
+      Open3.popen2e("#{cmd} #{args}") do |_, stdout_err, wait_thr|
+        puts stdout_err.gets while stdout_err.gets
         exit_status = wait_thr.value
-        unless exit_status.success?
-          raise "Error, Running #{cmd} #{args}"
-        end
+        raise "Error, Running #{cmd} #{args}" unless exit_status.success?
       end
     end
   end
@@ -38,27 +37,25 @@ module Helpers
     # * _string_ = string for the whole file
     # * _name_ = name of the file (e.g: resolv.conf)
     # * _dest_ = path (e.g: /etc)
-    def initialize(string, name, dest = "/tmp")
+    def initialize(string, name, dest = '/tmp')
       @string = string
       @name = name
-      @dest = dest + "/" + @name
+      @dest = "#{dest}/#{@name}"
     end
     # Method #add
     # Add the file at @dest
     def add
-      @mv = Helpers::Exec.new("mv")
+      @mv = Helpers::Exec.new('mv')
       tmp = Tempfile.new(@name)
-      File.open(tmp.path, 'w') do |file|
-        file.puts @string
-      end
+      File.write tmp.path, "#{@string}\n"
       puts "move #{tmp.path} to #{@dest}"
       @mv.run("#{tmp.path} #{@dest}")
     end
     def perm(user, perm)
-      chown = Helpers::Exec.new("chown")
-      chmod = Helpers::Exec.new("chmod")
+      chown = Helpers::Exec.new('chown')
+      chmod = Helpers::Exec.new('chmod')
       chown.run("#{user}:#{user} #{@dest}")
       chmod.run("#{perm} #{@dest}")
     end
@@ -88,30 +85,30 @@ module Helpers
     def initialize(string, name)
       super
       @systemd_dir = search_systemd_dir
-      @dest = @systemd_dir + "/" + @name
+      @dest = "#{@systemd_dir}/#{@name}"
     end
     # Method #add
     # Create a temporary file and move
     # the service @name to the systemd directory
     def add
-      @systemctl = Helpers::Exec.new("systemctl")
+      @systemctl = Helpers::Exec.new('systemctl')
       super
-      @systemctl.run("daemon-reload")
+      @systemctl.run('daemon-reload')
     end
     private
     # Method search_systemd_dir
     # Search the current directory for systemd services
     # + Gentoo can install at /lib/systemd/system or /usr/lib/systemd/system
     def search_systemd_dir
-      if Dir.exist? "/lib/systemd/system"
-        "/lib/systemd/system"
-      elsif Dir.exist? "/usr/lib/systemd/system"
-        "/usr/lib/systemd/system"
+      if Dir.exist? '/lib/systemd/system'
+        '/lib/systemd/system'
+      elsif Dir.exist? '/usr/lib/systemd/system'
+        '/usr/lib/systemd/system'
       else
-        raise "No directory systemd found"
-        exit
+        raise 'No directory systemd found'
       end
     end
   end

data/lib/spior/iptables/default.rb CHANGED Viewed

@@ -1,37 +1,43 @@
+# frozen_string_literal: true
 module Spior
   module Iptables
+    # Default and generic Iptables rules when Tor is not used.
+    #
+    # Allowed ports:
+    # * Input 22: for ssh connection
     class Default < Iptables::Root
       private
       def input
         # SSH
-        ipt "-A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT"
+        ipt '-A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT'
         # Allow loopback, rules
         ipt "-A INPUT -i #{@lo} -j ACCEPT"
         # Accept related
-        ipt "-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT"
+        ipt '-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT'
       end
       def output
-        ipt "-A OUTPUT -m conntrack --ctstate INVALID -j DROP"
-        ipt "-A OUTPUT -m state --state ESTABLISHED -j ACCEPT"
+        ipt '-A OUTPUT -m conntrack --ctstate INVALID -j DROP'
+        ipt '-A OUTPUT -m state --state ESTABLISHED -j ACCEPT'
         # Allow SSH
-        ipt "-A OUTPUT -p tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT"
+        ipt '-A OUTPUT -p tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT'
         # Allow Loopback
         ipt "-A OUTPUT -d #{@lo_addr}/8 -o #{@lo} -j ACCEPT"
         # Default
-        ipt "-A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT"
+        ipt '-A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT'
       end
       def all
-        ipt "-t filter -A OUTPUT -p udp -j ACCEPT"
-        ipt "-t filter -A OUTPUT -p icmp -j REJECT"
-        ipt "-P INPUT ACCEPT"
-        ipt "-P FORWARD ACCEPT"
-        ipt "-P OUTPUT ACCEPT"
+        ipt '-t filter -A OUTPUT -p udp -j ACCEPT'
+        ipt '-t filter -A OUTPUT -p icmp -j REJECT'
+        ipt '-P INPUT ACCEPT'
+        ipt '-P FORWARD ACCEPT'
+        ipt '-P OUTPUT ACCEPT'
       end
     end
   end

data/lib/spior/iptables/root.rb CHANGED Viewed

@@ -1,13 +1,16 @@
+# frozen_string_literal: true
 require 'interfacez'
 module Spior
   module Iptables
+    # Base class for iptables
     class Root
       def initialize
         @lo      = Interfacez.loopback
         @lo_addr = Interfacez.ipv4_address_of(@lo)
-        @i = Helpers::Exec.new("iptables")
-        Spior::Copy.new.save
+        @i = Helpers::Exec.new('iptables')
+        @debug = false
       end
       def run!
@@ -22,63 +25,60 @@ module Spior
       end
       def stop!
-        ipt "-F"
-        ipt "-X"
-        ipt "-t nat -F"
-        ipt "-t nat -X"
-        ipt "-t mangle -F"
-        ipt "-t mangle -X"
+        Msg.p 'Clearing Iptables rules...'
+        ipt '-F'
+        ipt '-X'
+        ipt '-t nat -F'
+        ipt '-t nat -X'
+        ipt '-t mangle -F'
+        ipt '-t mangle -X'
       end
       private
       def ipt(line)
-        @i.run("#{line}")
-        puts "added - #{@i} #{line}"
+        @i.run(line.to_s)
+        puts "Added - iptables #{line}" if @debug
       end
-      def redirect
-      end
+      def redirect; end
-      def input
-      end
+      def input; end
-      def output
-      end
+      def output; end
-      def all
-      end
+      def all; end
       def bogus_tcp_flags
-        ipt "-t mangle -A PREROUTING -p tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP"
-        ipt "-t mangle -A PREROUTING -p tcp --tcp-flags FIN,SYN FIN,SYN -j DROP"
-        ipt "-t mangle -A PREROUTING -p tcp --tcp-flags SYN,RST SYN,RST -j DROP"
-        ipt "-t mangle -A PREROUTING -p tcp --tcp-flags FIN,RST FIN,RST -j DROP"
-        ipt "-t mangle -A PREROUTING -p tcp --tcp-flags FIN,ACK FIN -j DROP"
-        ipt "-t mangle -A PREROUTING -p tcp --tcp-flags ACK,URG URG -j DROP"
-        ipt "-t mangle -A PREROUTING -p tcp --tcp-flags ACK,FIN FIN -j DROP"
-        ipt "-t mangle -A PREROUTING -p tcp --tcp-flags ACK,PSH PSH -j DROP"
-        ipt "-t mangle -A PREROUTING -p tcp --tcp-flags ALL ALL -j DROP"
-        ipt "-t mangle -A PREROUTING -p tcp --tcp-flags ALL NONE -j DROP"
-        ipt "-t mangle -A PREROUTING -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP"
-        ipt "-t mangle -A PREROUTING -p tcp --tcp-flags ALL SYN,FIN,PSH,URG -j DROP"
-        ipt "-t mangle -A PREROUTING -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP"
+        ipt '-t mangle -A PREROUTING -p tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP'
+        ipt '-t mangle -A PREROUTING -p tcp --tcp-flags FIN,SYN FIN,SYN -j DROP'
+        ipt '-t mangle -A PREROUTING -p tcp --tcp-flags SYN,RST SYN,RST -j DROP'
+        ipt '-t mangle -A PREROUTING -p tcp --tcp-flags FIN,RST FIN,RST -j DROP'
+        ipt '-t mangle -A PREROUTING -p tcp --tcp-flags FIN,ACK FIN -j DROP'
+        ipt '-t mangle -A PREROUTING -p tcp --tcp-flags ACK,URG URG -j DROP'
+        ipt '-t mangle -A PREROUTING -p tcp --tcp-flags ACK,FIN FIN -j DROP'
+        ipt '-t mangle -A PREROUTING -p tcp --tcp-flags ACK,PSH PSH -j DROP'
+        ipt '-t mangle -A PREROUTING -p tcp --tcp-flags ALL ALL -j DROP'
+        ipt '-t mangle -A PREROUTING -p tcp --tcp-flags ALL NONE -j DROP'
+        ipt '-t mangle -A PREROUTING -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP'
+        ipt '-t mangle -A PREROUTING -p tcp --tcp-flags ALL SYN,FIN,PSH,URG -j DROP'
+        ipt '-t mangle -A PREROUTING -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP'
       end
       def bad_packets
         # new packet not syn
-        ipt "-t mangle -A PREROUTING -p tcp ! --syn -m conntrack --ctstate NEW -j DROP"
+        ipt '-t mangle -A PREROUTING -p tcp ! --syn -m conntrack --ctstate NEW -j DROP'
         # fragment  packet
-        ipt "-A INPUT -f -j DROP"
+        ipt '-A INPUT -f -j DROP'
         # XMAS
-        ipt "-A INPUT -p tcp --tcp-flags ALL ALL -j DROP"
+        ipt '-A INPUT -p tcp --tcp-flags ALL ALL -j DROP'
         # null packet
-        ipt "-A INPUT -p tcp --tcp-flags ALL NONE -j DROP"
+        ipt '-A INPUT -p tcp --tcp-flags ALL NONE -j DROP'
       end
       def spoofing
-        subs=["224.0.0.0/3", "169.254.0.0/16", "172.16.0.0/12", "192.0.2.0/24", "0.0.0.0/8", "240.0.0.0/5"]
-        subs.each do |sub|
+        subs = %w[224.0.0.0/3 169.254.0.0/16 172.16.0.0/12 192.0.2.0/24 0.0.0.0/8 240.0.0.0/5]
+        subs.map do |sub|
           ipt "-t mangle -A PREROUTING -s #{sub} -j DROP"
         end
         ipt "-t mangle -A PREROUTING -s #{@lo_addr}/8 ! -i #{@lo} -j DROP"