Class: Dcmgr::VNet::Tasks::DropIpSpoofing

Inherits:
Dcmgr::VNet::Task show all
Includes:
Netfilter
Defined in:
lib/dcmgr/vnet/tasks/drop_ip_spoofing.rb

Overview

Disable instances from spoofing another ip address

Instance Attribute Summary collapse

Attributes inherited from Dcmgr::VNet::Task

#rules

Instance Method Summary collapse

Constructor Details

#initialize(ip, enable_logging, log_prefix) ⇒ DropIpSpoofing

Returns a new instance of DropIpSpoofing.



14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
# File 'lib/dcmgr/vnet/tasks/drop_ip_spoofing.rb', line 14

def initialize(ip,enable_logging,log_prefix)
super()
self.ip = ip
self.enable_logging = enable_logging
self.log_prefix = log_prefix

# Prevent spoofing to the outside world
self.rules << EbtablesRule.new(:filter,:forward,:arp,:outgoing,"--protocol arp --arp-ip-src ! #{self.ip} #{EbtablesRule.log_arp(self.log_prefix) if self.enable_logging} -j DROP")
# Prevent spoofing to the host
self.rules << EbtablesRule.new(:filter,:input,:arp,:outgoing,"--protocol arp --arp-ip-src ! #{self.ip} #{EbtablesRule.log_arp(self.log_prefix) if self.enable_logging} -j DROP")

# Prevent the outside world from spoofing to the instance
self.rules << EbtablesRule.new(:filter,:forward,:arp,:incoming,"--protocol arp --arp-ip-dst ! #{self.ip} #{EbtablesRule.log_arp(self.log_prefix) if self.enable_logging} -j DROP")
# Prevent the host from spoofing to the instance
self.rules << EbtablesRule.new(:filter,:output,:arp,:incoming,"--protocol arp --arp-ip-dst ! #{self.ip} #{EbtablesRule.log_arp(self.log_prefix) if self.enable_logging} -j DROP")
end

Instance Attribute Details

#enable_loggingObject

Returns the value of attribute enable_logging.



11
12
13
# File 'lib/dcmgr/vnet/tasks/drop_ip_spoofing.rb', line 11

def enable_logging
  @enable_logging
end

#ipObject

Returns the value of attribute ip.



10
11
12
# File 'lib/dcmgr/vnet/tasks/drop_ip_spoofing.rb', line 10

def ip
  @ip
end

#log_prefixObject

Returns the value of attribute log_prefix.



12
13
14
# File 'lib/dcmgr/vnet/tasks/drop_ip_spoofing.rb', line 12

def log_prefix
  @log_prefix
end