Module: Firewool::InstanceMethods

Defined in:
lib/firewool/instance_methods.rb

Instance Method Summary collapse

Instance Method Details

#ip_allow?(ip) ⇒ Boolean

Returns:

  • (Boolean) 


16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
 
# File 'lib/firewool/instance_methods.rb', line 16

def ip_allow?(ip)
  firewool_config = self.class.firewool_config.yaml_config[Rails.env]

  if firewool_config['ip_restriction']
    # get our policy from the conf file
    allowed_ranges = firewool_config['allow']
    denied_ranges = firewool_config['deny']

    # default allow check
    if allowed_ranges.include?("0.0.0.0")
      # default_allow done with access_decision true first
      # allow -> deny
      access_decision = true
    else
      # without default_allow is access_decision is false by default
      # deny -> allow -> deny
      access_decision = false
    end

    client_ip = IPAddress::parse ip

    # apply allow rules
    if !allowed_ranges.nil?
      if in_range?(allowed_ranges, client_ip)
        access_decision = true
      end
    end

    # apply deny rules      
    if !denied_ranges.nil?
      if in_range?(denied_ranges, client_ip)
        access_decision = false
      end
    end

    # return our shizz
    access_decision
  end
end

#ip_filterObject

TODO: opinionated. provide instructions on how to forget about this filter and redirect to their own thing. but this should redirect to the 403.html in public



5
6
7
8
9
10
11
12
13
14
 
# File 'lib/firewool/instance_methods.rb', line 5

def ip_filter
  # if no allowed ranges match, then deny
  if !ip_allow?(request.remote_ip)
    if File.exists? "#{::Rails.root.to_s}/public/403.html"
      render :file => "#{::Rails.root.to_s}/public/403.html", :layout => false, :status => 403
    else
      render :text => "Public Access Denied.", :status => 403
    end
  end
end