Class: EnfCli::Cmd::Xfw

Inherits:
EnfThor
  • Object
show all
Defined in:
lib/enfcli/commands/xfw.rb

Instance Method Summary collapse

Methods inherited from EnfThor

capture_stdout, command_help, handle_argument_error, help

Instance Method Details

#add_firewall_ruleObject 



104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
 
# File 'lib/enfcli/commands/xfw.rb', line 104

def add_firewall_rule
  protocol_map = { "TCP" => "TCP", "UDP" => "UDP", "ICMP6" => "ICMP6", "6" => "TCP", "17" => "UDP", "58" => "ICMP6" }
  try_with_rescue_in_session do
    # get options
    rule = {
      :ip_family => "IP6",
      :priority => options[:priority],
      :protocol => protocol_map[options[:protocol]],
      :source_ip => options[:source_ip] ? options[:source_ip] : "*",
      :source_port => options[:source_port] ? options[:source_port] : 0,
      :dest_ip => options[:dest_ip] ? options[:dest_ip] : "*",
      :dest_port => options[:dest_port] ? options[:dest_port] : 0,
      :direction => options[:direction],
      :action => options[:action],
    }

    # call the api
    data = EnfApi::Firewall.instance.add_firewall_rule options[:network], rule
    rules = data[:data]

    # print success
    say "Created firewall rule!", :green
    display_firewall_rules rules
  end
end

#delete_firewall_ruleObject 



134
135
136
137
138
139
140
141
142
 
# File 'lib/enfcli/commands/xfw.rb', line 134

def delete_firewall_rule
  try_with_rescue_in_session do
    # call the api
    EnfApi::Firewall.instance.delete_firewall_rules options[:network], options[:id]

    # print success
    say "Deleted firewall rule in #{options[:network]}!", :green
  end
end

#list_firewall_rulesObject 



44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
 
# File 'lib/enfcli/commands/xfw.rb', line 44

def list_firewall_rules
  try_with_rescue_in_session do
    # call the api
    data = EnfApi::Firewall.instance.list_firewall_rules options[:network]
    rules = data[:data]

    # display empty table and return
    if rules.length == 0
      display_firewall_rules rules
      return
    end

    # sort the rules by direction, priority
    sorted_rules = rules.sort { |x, y|
      r = x[:direction] <=> y[:direction]
      if r == 0
        x[:priority] <=> y[:priority]
      else
        r
      end
    }

    # chunk them into egress/ingress arrays
    egress_rules = Array.new
    ingress_rules = Array.new
    sorted_rules.each { |rule|
      if rule[:direction] == "INGRESS"
        ingress_rules << rule
      else
        egress_rules << rule
      end
    }

    # display data
    if egress_rules.length > 0
      say "Egress firewall rules(Endpoint -> ENF)", :yellow
      display_firewall_rules egress_rules

      # separate two tables
      say ""
    end

    if ingress_rules.length > 0
      say "Ingress firewall rules(ENF -> Endpoint)", :yellow
      display_firewall_rules ingress_rules
    end
  end
end