Class: PuppetX::SIMP::IPTables::Rule

Inherits:

Object

• Object
• PuppetX::SIMP::IPTables::Rule

Defined in:

lib/puppetx/simp/iptables/rule.rb

Instance Attribute Summary

• #chain ⇒ Object readonly

  Returns the value of attribute chain.

• #complex ⇒ Object readonly

  This is true if the rule has more than just a jump in it.

• #input_interface ⇒ Object readonly

  Returns the value of attribute input_interface.

• #jump ⇒ Object readonly

  Returns the value of attribute jump.

• #output_interface ⇒ Object readonly

  Returns the value of attribute output_interface.

• #rule ⇒ Object readonly

  Returns the value of attribute rule.

• #rule_hash ⇒ Object readonly

  Returns the value of attribute rule_hash.

• #rule_type ⇒ Object readonly

  Returns the value of attribute rule_type.

• #table ⇒ Object readonly

  Returns the value of attribute table.

Class Method Summary

• .normalize_addresses(to_normalize) ⇒ Object
• .parse(rule) ⇒ Object
• .to_hash(rule) ⇒ Object

Instance Method Summary

• #==(other) ⇒ Object
• #initialize(rule_str, table) ⇒ Rule constructor

  Create the particular rule.

• #normalize_addresses(to_normalize) ⇒ Object

  Retained for backward compatibiilty.

• #to_s ⇒ Object

Constructor Details

#initialize(rule_str, table) ⇒ Rule

Create the particular rule. The containing table should be passed in for future reference.

# File 'lib/puppetx/simp/iptables/rule.rb', line 119

def initialize(rule_str, table)
  @rule = rule_str.strip
  @rule_type = :rule

  if table.nil? || table.empty?
    raise(Puppet::Error, "All rules must have an associated table: '#{rule}'")
  end

  @table = table.strip

  parsed_rule = PuppetX::SIMP::IPTables::Rule.parse(rule)

  @chain = parsed_rule[:chain]
  @jump = parsed_rule[:jump]
  @input_interface = parsed_rule[:input_interface]
  @output_interface = parsed_rule[:output_interface]
  @rule_hash = parsed_rule[:rule_hash]

  @complex = true

  if @rule == 'COMMIT'
    @rule_type = :commit
  elsif @rule =~ %r{^\s*:(.*)\s+(.*)\s}
    @chain = ::Regexp.last_match(1)
    @rule = ":#{@chain} #{::Regexp.last_match(2)} [0:0]"
    @rule_type = :chain
  end

  # If there is only a jump, then the rule is simple
  return unless (parsed_rule[:rule_hash].keys - ['A', 'D', 'I', 'R', 'N', 'P', 'j']).empty?
  @complex = false
end

Instance Attribute Details

#chain ⇒ Object (readonly)

Returns the value of attribute chain.

# File 'lib/puppetx/simp/iptables/rule.rb', line 6

def chain
  @chain
end

#complex ⇒ Object (readonly)

This is true if the rule has more than just a jump in it.

# File 'lib/puppetx/simp/iptables/rule.rb', line 13

def complex
  @complex
end

#input_interface ⇒ Object (readonly)

Returns the value of attribute input_interface.

# File 'lib/puppetx/simp/iptables/rule.rb', line 8

def input_interface
  @input_interface
end

#jump ⇒ Object (readonly)

Returns the value of attribute jump.

# File 'lib/puppetx/simp/iptables/rule.rb', line 7

def jump
  @jump
end

#output_interface ⇒ Object (readonly)

Returns the value of attribute output_interface.

# File 'lib/puppetx/simp/iptables/rule.rb', line 9

def output_interface
  @output_interface
end

#rule ⇒ Object (readonly)

Returns the value of attribute rule.

# File 'lib/puppetx/simp/iptables/rule.rb', line 3

def rule
  @rule
end

#rule_hash ⇒ Object (readonly)

Returns the value of attribute rule_hash.

# File 'lib/puppetx/simp/iptables/rule.rb', line 10

def rule_hash
  @rule_hash
end

#rule_type ⇒ Object (readonly)

Returns the value of attribute rule_type.

# File 'lib/puppetx/simp/iptables/rule.rb', line 4

def rule_type
  @rule_type
end

#table ⇒ Object (readonly)

Returns the value of attribute table.

# File 'lib/puppetx/simp/iptables/rule.rb', line 5

def table
  @table
end

Class Method Details

.normalize_addresses(to_normalize) ⇒ Object

# File 'lib/puppetx/simp/iptables/rule.rb', line 15

def self.normalize_addresses(to_normalize)
  require 'ipaddr'

  normalized_array = []

  Array(to_normalize).each do |item|
    # Short circuit if it's obviously not an IP address
    if (item.count('.') == 3) || (item.count(':') > 1)
      begin
        test_addr = IPAddr.new(item)

        # Grab the netmask from the string and assign a reasonable default
        # if one does not exist
        test_netmask = item.split('/')[1] || ((test_addr.family == 2) ? '32' : '128')

        normalized_array << "#{test_addr}/#{test_netmask}"
      # rubocop:disable Lint/ShadowedException
      rescue ArgumentError, NoMethodError, IPAddr::InvalidAddressError
        normalized_array << item
      end
      # rubocop:enable Lint/ShadowedException
    else
      normalized_array << item
    end
  end

  return normalized_array.first if normalized_array.size == 1
  normalized_array
end

.parse(rule) ⇒ Object

# File 'lib/puppetx/simp/iptables/rule.rb', line 88

def self.parse(rule)
  output = {
    chain: nil,
    jump: nil,
    input_interface: nil,
    output_interface: nil,
  }

  rule_hash = PuppetX::SIMP::IPTables::Rule.to_hash(rule)

  if rule_hash
    chain = rule_hash.find { |k, _| ['A', 'D', 'I', 'R', 'N', 'P'].include?(k) }
    output[:chain] = chain.last[:value] if chain

    jump = rule_hash.find { |k, _| ['j'].include?(k) }
    output[:jump] = jump.last[:value] if jump

    input_interface = rule_hash.find { |k, _| ['i'].include?(k) }
    output[:input_interface] = input_interface.last[:value] if input_interface

    output_interface = rule_hash.find { |k, _| ['o'].include?(k) }
    output[:output_interface] = output_interface.last[:value] if output_interface
  end

  output[:rule_hash] = rule_hash

  output
end

.to_hash(rule) ⇒ Object

# File 'lib/puppetx/simp/iptables/rule.rb', line 45

def self.to_hash(rule)
  require 'optparse'
  require 'shellwords'

  opt_arr = Shellwords.shellwords(rule)

  opt_parser = OptionParser.new

  opts = {}
  negate = false

  until opt_arr.empty?
    begin
      opt_parser.parse!(opt_arr)
      opt_arr.shift
    rescue OptionParser::InvalidOption => e
      e.recover(opt_arr)

      key = opt_arr.shift.gsub(%r{^-*}, '')
      value = []

      value << opt_arr.shift while opt_arr.first && (opt_arr.first[0] != '-')

      negate_next = false
      if !value.empty? && (value.last.strip == '!')
        value.pop
        negate_next = true
      end

      next if !negate && ((value == ['0.0.0.0/0']) || (value == ['::/0']))

      opts[key] ||= { value: nil, negate: negate }
      opts[key][:value] = value.join(' ')
      opts[key][:value] = opts[key][:value].split(',').sort if opts[key][:value].include?(',')
      opts[key][:value] = normalize_addresses(opts[key][:value])

      negate = negate_next
    end
  end

  opts
end

Instance Method Details

#==(other) ⇒ Object

# File 'lib/puppetx/simp/iptables/rule.rb', line 161

def ==(other)
  return false if other.nil? || other.rule_hash.nil? || other.rule_hash.empty?

  return true if rule.strip == other.to_s.strip

  return false if @rule_hash.size != other.rule_hash.size

  local_hash = Marshal.load(Marshal.dump(@rule_hash))
  other_hash = Marshal.load(Marshal.dump(other.rule_hash))

  local_hash == other_hash
end

#normalize_addresses(to_normalize) ⇒ Object

Retained for backward compatibiilty

# File 'lib/puppetx/simp/iptables/rule.rb', line 157

def normalize_addresses(to_normalize)
  self.class.normalize_addresses(to_normalize)
end

#to_s ⇒ Object

# File 'lib/puppetx/simp/iptables/rule.rb', line 152

def to_s
  @rule
end