Class: Tablomat::IPTablesBase::Chain

Inherits:
Object
  • Object
show all
Defined in:
lib/tablomat/iptables/chain.rb

Overview

The IPTables class is the interface to the iptables command

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(table, name, owned = true) ⇒ Chain

Returns a new instance of Chain.



12
13
14
15
16
17
18
19
20
21
22
 
# File 'lib/tablomat/iptables/chain.rb', line 12

def initialize(table, name, owned = true)
  @system = table.system
  @table = table
  @name = name
  @policy = 'ACCEPT'
  @rules = {}
  @rules_sorted = []
  @owned = owned
  @active = false
  activate if @table.active
end

Instance Attribute Details

#activeObject (readonly)

Returns the value of attribute active.



10
11
12
 
# File 'lib/tablomat/iptables/chain.rb', line 10

def active
  @active
end

#nameObject (readonly)

Returns the value of attribute name.



10
11
12
 
# File 'lib/tablomat/iptables/chain.rb', line 10

def name
  @name
end

#ownedObject

Returns the value of attribute owned.



9
10
11
 
# File 'lib/tablomat/iptables/chain.rb', line 9

def owned
  @owned
end

#rulesObject (readonly)

Returns the value of attribute rules.



10
11
12
 
# File 'lib/tablomat/iptables/chain.rb', line 10

def rules
  @rules
end

#tableObject (readonly)

Returns the value of attribute table.



10
11
12
 
# File 'lib/tablomat/iptables/chain.rb', line 10

def table
  @table
end

Instance Method Details

#activate(override = false) ⇒ Object 



92
93
94
95
96
97
98
99
100
101
 
# File 'lib/tablomat/iptables/chain.rb', line 92

def activate(override = false)
  return unless @owned || override
  return if @active

  @active = true
  return if override

  apply_create
  activate_all_rules
end

#append(data) ⇒ Object 



66
67
68
69
70
71
 
# File 'lib/tablomat/iptables/chain.rb', line 66

def append(data)
  rule(data) do |rule|
    @rules_sorted << rule
    rule.activate if @active
  end
end

#apply_createObject 



114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
 
# File 'lib/tablomat/iptables/chain.rb', line 114

def apply_create
  unless exists?
    begin
      command = "#{@system.iptables_bin} -t #{@table.name} -N #{@name}"
      @system.exec command
    rescue StandardError
      puts "Error: #{$ERROR_INFO}"
    end
  end
  # apply policy if builtin chain
  return unless builtin?

  command = "#{@system.iptables_bin} -t #{@table.name} -P #{@name} #{@policy}"
  @system.exec command
end

#apply_deleteObject 



130
131
132
133
134
135
136
137
138
139
140
141
 
# File 'lib/tablomat/iptables/chain.rb', line 130

def apply_delete
  return unless exists? && !builtin?

  begin
    command = "#{@system.iptables_bin} -t #{@table.name} -F #{@name}"
    @system.exec command
    command = "#{@system.iptables_bin} -t #{@table.name} -X #{@name}"
    @system.exec command
  rescue StandardError
    puts "Error removing chain #{command}, message: #{$ERROR_INFO}"
  end
end

#builtin?Boolean

Returns:

  • (Boolean) 


151
152
153
 
# File 'lib/tablomat/iptables/chain.rb', line 151

def builtin?
  @table.system.builtin_chains.key?(@table.name.to_sym) && @table.system.builtin_chains[@table.name.to_sym].include?(@name)
end

#deactivate(override = false) ⇒ Object 



103
104
105
106
107
108
109
110
111
112
 
# File 'lib/tablomat/iptables/chain.rb', line 103

def deactivate(override = false)
  return unless @owned || override
  return unless @active

  @active = false
  return if override

  deactivate_all_rules
  @active = false
end

#delete(data) ⇒ Object 



80
81
82
83
84
85
86
87
88
89
90
 
# File 'lib/tablomat/iptables/chain.rb', line 80

def delete(data)
  rule = if data.is_a? Rule
           data
         else
           self.rule(data)
         end
  rule.deactivate if rule.active

  @rules_sorted.delete(rule)
  @rules.delete_if { |_k, v| v.description == rule.description }
end

#exists?Boolean

Returns:

  • (Boolean) 


143
144
145
146
147
148
149
 
# File 'lib/tablomat/iptables/chain.rb', line 143

def exists?
  command = "#{@system.iptables_bin} -t #{@table.name} -nL #{@name}"
  @system.exec command
  true
rescue StandardError
  false
end

#insert(data, pos) ⇒ Object 



56
57
58
59
60
61
62
63
64
 
# File 'lib/tablomat/iptables/chain.rb', line 56

def insert(data, pos)
  rule(data) do |rule|
    rule.method = 'INSERT'
    rule.position = pos
    @rules_sorted.insert(pos - 1, rule)
    update_rules_position
    rule.activate if @active
  end
end

#policy(action) ⇒ Object 



24
25
26
27
28
29
30
31
32
33
 
# File 'lib/tablomat/iptables/chain.rb', line 24

def policy(action)
  # set policy as the last rule of the chain
  raise 'Unable to assign policy to non builtin chains, TODO: implement handling' unless builtin?

  @policy = action
  return unless @active

  command = "#{@table.system.iptables_bin} -t #{@table.name} -P #{@name} #{@policy}"
  @system.exec command
end

#rule(name, owned = true, &block) ⇒ Object 



35
36
37
38
39
40
41
42
43
44
45
 
# File 'lib/tablomat/iptables/chain.rb', line 35

def rule(name, owned = true, &block)
  if name.is_a? Hash
    name = sethandling(name) if name.key?(:set)
    name = name.map { |k, v| "--#{k} #{v}" }.join(' ')
  end
  key = name.to_s.downcase
  (@rules[key] || Rule.new(self, name, owned)).tap do |rule|
    @rules[key] = rule
    block&.call(rule)
  end
end

#sethandling(name) ⇒ Object 



47
48
49
50
51
52
53
54
 
# File 'lib/tablomat/iptables/chain.rb', line 47

def sethandling(name)
  trash = {}
  name.each do |k, v|
    trash[k] = v
    trash[:match] = trash.delete :set if trash.key?(:set)
  end
  trash
end

#update_rules_positionObject 



73
74
75
76
77
78
 
# File 'lib/tablomat/iptables/chain.rb', line 73

def update_rules_position
  @rules_sorted = @rules_sorted.compact
  @rules_sorted.select(&:active).each_with_index do |rule, index|
    rule.position = index + 1 if (rule.position != 0) && (rule.position != (index + 1))
  end
end