Class: IPTables::Table

Inherits:

Object

• Object
• IPTables::Table

Defined in:

lib/iptables/tables.rb

Constant Summary

@@chain_policy_regex =

Example: :INPUT DROP [0:0]

/^:(\S+)\s+(\S+)\s+/

@@chain_rule_regex =

Example: -A INPUT -m comment –comment “BEGIN: in-bound traffic”

/^-A\s+(\S+)\s+(.+)/

Instance Attribute Summary

• #chains ⇒ Object readonly

  standard tables: nat, mangle, raw, filter.

• #my_iptables ⇒ Object readonly

  standard tables: nat, mangle, raw, filter.

• #name ⇒ Object readonly

  standard tables: nat, mangle, raw, filter.

• #node_addition_points ⇒ Object readonly

  standard tables: nat, mangle, raw, filter.

Instance Method Summary

• #apply_additions(other_firewall) ⇒ Object
• #as_array(comments = true) ⇒ Object
• #get_node_additions(chain_name) ⇒ Object
• #initialize(name, my_iptables, table_info_hash = {}) ⇒ Table constructor

  A new instance of Table.

• #merge(table_object) ⇒ Object
• #parse(lines) ⇒ Object
• #path ⇒ Object
• #register_node_addition_point(addition_name) ⇒ Object

Constructor Details

#initialize(name, my_iptables, table_info_hash = {}) ⇒ Table

Returns a new instance of Table.

# File 'lib/iptables/tables.rb', line 212

def initialize(name, my_iptables, table_info_hash={})
  @name = name
  @my_iptables = my_iptables
  $log.debug("init Table #{@name}")

  @node_addition_points = {}
  @chains = {}

  table_info_hash.keys.sort.each{ |chain_name|
    chain_info = table_info_hash[chain_name]
    case chain_info
    when Hash
      @chains[chain_name] = IPTables::Chain.new(chain_name, chain_info, self)

    when false, nil
      @chains[chain_name] = chain_info

    else
      raise "don't know how to handle #{chain_name}: #{chain_info.inspect}"
    end
  }
  $log.debug("table #{@name} is #{self}")
end

Instance Attribute Details

#chains ⇒ Object (readonly)

standard tables: nat, mangle, raw, filter

# File 'lib/iptables/tables.rb', line 205

def chains
  @chains
end

#my_iptables ⇒ Object (readonly)

standard tables: nat, mangle, raw, filter

# File 'lib/iptables/tables.rb', line 205

def my_iptables
  @my_iptables
end

#name ⇒ Object (readonly)

standard tables: nat, mangle, raw, filter

# File 'lib/iptables/tables.rb', line 205

def name
  @name
end

#node_addition_points ⇒ Object (readonly)

standard tables: nat, mangle, raw, filter

# File 'lib/iptables/tables.rb', line 205

def node_addition_points
  @node_addition_points
end

Instance Method Details

#apply_additions(other_firewall) ⇒ Object

# File 'lib/iptables/tables.rb', line 287

def apply_additions(other_firewall)
  $log.debug("node addition points: #{@node_addition_points.inspect}")
  @chains.each{ |name, chain_object|
    $log.debug("looking for additions to chain #{name}")
    next unless @node_addition_points.has_key? name
    chain_object.apply_additions(other_firewall)
  }
end

#as_array(comments = true) ⇒ Object

# File 'lib/iptables/tables.rb', line 236

def as_array(comments = true)
  policies = []
  chains = []

  # special sorting rule INPUT FORWARD OUTPUT are always first, in this order
  chain_order = @chains.keys.sort()
  %w/INPUT FORWARD OUTPUT/.reverse.each{ |chain|
    next unless chain_order.include? chain
    chain_order -= [chain]
    chain_order.unshift(chain)
  }
  $log.debug("chain order: #{chain_order.inspect}")

  chain_order.each{ |name|
    $log.debug("chain #{name}")
    chain = @chains[name]
    policies.push ":#{name} #{chain.output_policy}"
    chains += chain.as_array(comments)
  }
  return policies + chains
end

#get_node_additions(chain_name) ⇒ Object

# File 'lib/iptables/tables.rb', line 301

def get_node_additions(chain_name)
  return unless @chains.has_key? chain_name
  return @chains[chain_name].get_node_additions
end

#merge(table_object) ⇒ Object

# File 'lib/iptables/tables.rb', line 262

def merge(table_object)
  table_object.chains.each{ |chain_name, chain_object|
    $log.debug("merging chain #{chain_name}")

    case chain_object
    when false
      @chains.delete(chain_name)
      next

    when nil
      next
    end
    # only a Chain is expected from here onwards

    # merge Chain
    if @chains.has_key? chain_name
      @chains[chain_name].merge(chain_object)
      next
    end

    # copy Chain
    @chains[chain_name] = chain_object if chain_object.complete?
  }
end

#parse(lines) ⇒ Object

# File 'lib/iptables/tables.rb', line 306

def parse(lines)
  position = 0
  while position < lines.length
    line = lines[position]
    position += 1

    case line
    when @@chain_policy_regex 
      @chains[$1] = IPTables::Chain.new($1, {'policy' => $2}, self)
    when @@chain_rule_regex 
      raise "unrecognized chain: #{$1}" unless @chains.has_key? $1
      @chains[$1].parse_rule($2)
    else
      $log.debug("returning on unrecognized line: #{line}")
      # back up a line
      return position - 1
    end
  end
end

#path ⇒ Object

# File 'lib/iptables/tables.rb', line 258

def path()
  @name
end

#register_node_addition_point(addition_name) ⇒ Object

# File 'lib/iptables/tables.rb', line 296

def register_node_addition_point(addition_name)
  $log.debug("registering node addition point for #{addition_name}")
  @node_addition_points[addition_name] = true
end