Module: PacketThief::Impl::Netfilter::IPTablesRuleHandler
- Included in:
- PacketThief::Impl::Netfilter
- Defined in:
- lib/packetthief/impl/netfilter.rb
Overview
Manages IPTablesRules. It actually runs the rule, and it tracks the rule so it can be deleted later.
Instance Attribute Summary collapse
-
#active_rules ⇒ Object
Returns the value of attribute active_rules.
Instance Method Summary collapse
-
#revert ⇒ Object
Reverts all executed rules that this handler knows about.
-
#run(rule) ⇒ Object
Executes a rule and holds onto it for later removal.
Instance Attribute Details
#active_rules ⇒ Object
Returns the value of attribute active_rules.
21 22 23 |
# File 'lib/packetthief/impl/netfilter.rb', line 21 def active_rules @active_rules end |
Instance Method Details
#revert ⇒ Object
Reverts all executed rules that this handler knows about.
39 40 41 42 43 44 45 46 47 48 49 50 51 52 |
# File 'lib/packetthief/impl/netfilter.rb', line 39 def revert return if @active_rules == nil or @active_rules.empty? @active_rules.each do |rule| args = ['/sbin/iptables', '-t', rule.table, '-D', rule.chain] args.concat rule.to_netfilter_command unless system(*args) raise "Command #{args.inspect} exited with error code #{$?.inspect}" end end @active_rules = [] end |
#run(rule) ⇒ Object
Executes a rule and holds onto it for later removal.
24 25 26 27 28 29 30 31 32 33 34 35 36 |
# File 'lib/packetthief/impl/netfilter.rb', line 24 def run(rule) @active_rules ||= [] args = ['/sbin/iptables', '-t', rule.table, '-A', rule.chain] args.concat rule.to_netfilter_command unless system(*args) raise "Command #{args.inspect} exited with error code #{$?.inspect}" end @active_rules << rule end |