Module: Firewall::IptablesHelper

Defined in:
app/helpers/firewall/iptables_helper.rb

Defined Under Namespace

Classes: NotSudoException

Class Method Summary collapse

Class Method Details

.add_rule(rule) ⇒ Object 



26
27
28
29
30
31
32
 
# File 'app/helpers/firewall/iptables_helper.rb', line 26

def add_rule(rule)
  gain_sudo()
  puts "add_rule #{rule}"
  rule_array = rule.split(' ')
  f = IO.popen(['sudo', '-n', 'iptables'] + rule_array, :err=>[:child, :out])
  return f.readlines.join
end

.apply_rules(all_rules_as_string) ⇒ Object

This method overrides all existing rules



86
87
88
89
90
91
92
93
 
# File 'app/helpers/firewall/iptables_helper.rb', line 86

def apply_rules(all_rules_as_string)
  reset_rules()

  #sudo already gained in reset
  f = IO.popen(['sudo', 'iptables-restore'], mode="a+", :err=>[:child, :out])
  f.write(all_rules_as_string)
  f.close
end

.blacklist_ip(ip, blacklist_name = 'blacklist') ⇒ Object 



40
41
42
43
44
45
 
# File 'app/helpers/firewall/iptables_helper.rb', line 40

def blacklist_ip(ip, blacklist_name='blacklist')
  gain_sudo()
  #FIXME: check if ip only consists of numbers and '.'
  #FIXME: check if blacklist_name only consists of alphanumerics and has no ';'
  return system "sudo sh -c \'echo \"+#{ip}\" >> /proc/net/xt_recent/#{blacklist_name}\'"
end

.blacklisted_ips(blacklist_name = 'blacklist') ⇒ Object 



61
62
63
64
 
# File 'app/helpers/firewall/iptables_helper.rb', line 61

def blacklisted_ips(blacklist_name='blacklist')
  f = IO.popen(['cat', "#{blacklist_name}"], :err=>[:child, :out])
  return f.readlines.join
end

.gain_sudoObject 



11
12
13
14
15
16
17
18
19
20
21
22
23
24
 
# File 'app/helpers/firewall/iptables_helper.rb', line 11

def gain_sudo
  @password = Config.sudo_password
  io = IO.popen(["sudo", "-S", 'pwd'], mode="a+")

  io.write("#{@password}\n")
  io.write("#{@password}\n")
  io.write("#{@password}\n")

  l = io.readlines

  if(l.size == 0)
    raise NotSudoException.new
  end
end

.get_rulesObject 



80
81
82
83
 
# File 'app/helpers/firewall/iptables_helper.rb', line 80

def get_rules()
  f = IO.popen(['sudo', 'iptables-save'], :err=>[:child, :out])
  return f.readlines.join
end

.remove_rule(linenumber, chain = "INPUT") ⇒ Object 



34
35
36
37
38
 
# File 'app/helpers/firewall/iptables_helper.rb', line 34

def remove_rule(linenumber, chain="INPUT")
  gain_sudo()
  f = IO.popen(['sudo', '-n', 'iptables', '-D', "#{chain}", "#{linenumber}"], :err=>[:child, :out])
  return f.readlines.join
end

.reset_rulesObject 



66
67
68
69
70
71
72
73
74
75
76
77
78
 
# File 'app/helpers/firewall/iptables_helper.rb', line 66

def reset_rules
  gain_sudo

  system("sudo iptables -F")
  system("sudo iptables -X")
  system("sudo iptables -t nat -F")
  system("sudo iptables -t nat -X")
  system("sudo iptables -t mangle -F")
  system("sudo iptables -t mangle -X")
  system("sudo iptables -P INPUT ACCEPT")
  system("sudo iptables -P FORWARD ACCEPT")
  system("sudo iptables -P OUTPUT ACCEPT")
end

.show_rulesObject 



54
55
56
57
58
59
 
# File 'app/helpers/firewall/iptables_helper.rb', line 54

def show_rules
  gain_sudo()
  f = IO.popen(['sudo', '-n', 'iptables', '-n', '-L', '--line-numbers'], :err=>[:child, :out])
  result = f.readlines.join
  return result
end

.unblacklist_ip(ip, blacklist_name = 'blacklist') ⇒ Object 



47
48
49
50
51
52
 
# File 'app/helpers/firewall/iptables_helper.rb', line 47

def unblacklist_ip(ip, blacklist_name='blacklist')
  gain_sudo()
  #FIXME: check if ip only consists of numbers and '.'
  #FIXME: check if blacklist_name only consists of alphanumerics and has no ';'
  return system "sudo sh -c \'echo \"-#{ip}\" >> /proc/net/xt_recent/#{blacklist_name}\'"
end