Class: PuppetX::SIMP::IPTables::Rule

Inherits:

Object

• Object
• PuppetX::SIMP::IPTables::Rule

Defined in:

lib/puppetx/simp/iptables/rule.rb

Instance Attribute Summary

• #chain ⇒ Object readonly

  Returns the value of attribute chain.

• #complex ⇒ Object readonly

  This is true if the rule has more than just a jump in it.

• #input_interface ⇒ Object readonly

  Returns the value of attribute input_interface.

• #jump ⇒ Object readonly

  Returns the value of attribute jump.

• #output_interface ⇒ Object readonly

  Returns the value of attribute output_interface.

• #rule ⇒ Object readonly

  Returns the value of attribute rule.

• #rule_hash ⇒ Object readonly

  Returns the value of attribute rule_hash.

• #rule_type ⇒ Object readonly

  Returns the value of attribute rule_type.

• #table ⇒ Object readonly

  Returns the value of attribute table.

Class Method Summary

• .normalize_addresses(to_normalize) ⇒ Object
• .parse(rule) ⇒ Object
• .to_hash(rule) ⇒ Object

Instance Method Summary

• #==(other_rule) ⇒ Object
• #initialize(rule_str, table) ⇒ Rule constructor

  Create the particular rule.

• #normalize_addresses(to_normalize) ⇒ Object

  Retained for backward compatibiilty.

• #to_s ⇒ Object

Constructor Details

#initialize(rule_str, table) ⇒ Rule

Create the particular rule. The containing table should be passed in for future reference.

# File 'lib/puppetx/simp/iptables/rule.rb', line 122

def initialize(rule_str, table)
  @rule = rule_str.strip
  @rule_type = :rule

  if table.nil? or table.empty? then
    raise(Puppet::Error, "All rules must have an associated table: '#{rule}'")
  end

  @table = table.strip

  parsed_rule = PuppetX::SIMP::IPTables::Rule.parse(rule)

  @chain = parsed_rule[:chain]
  @jump = parsed_rule[:jump]
  @input_interface = parsed_rule[:input_interface]
  @output_interface = parsed_rule[:output_interface]
  @rule_hash = parsed_rule[:rule_hash]

  @complex = true

  if @rule == 'COMMIT' then
    @rule_type = :commit
  elsif @rule =~ /^\s*:(.*)\s+(.*)\s/
    @chain = $1
    @rule = ":#{@chain} #{$2} [0:0]"
    @rule_type = :chain
  end

  # If there is only a jump, then the rule is simple
  if (parsed_rule[:rule_hash].keys - ['A','D','I','R','N','P','j']).empty?
    @complex = false
  end
end

Instance Attribute Details

#chain ⇒ Object (readonly)

Returns the value of attribute chain.

# File 'lib/puppetx/simp/iptables/rule.rb', line 8

def chain
  @chain
end

#complex ⇒ Object (readonly)

This is true if the rule has more than just a jump in it.

# File 'lib/puppetx/simp/iptables/rule.rb', line 15

def complex
  @complex
end

#input_interface ⇒ Object (readonly)

Returns the value of attribute input_interface.

# File 'lib/puppetx/simp/iptables/rule.rb', line 10

def input_interface
  @input_interface
end

#jump ⇒ Object (readonly)

Returns the value of attribute jump.

# File 'lib/puppetx/simp/iptables/rule.rb', line 9

def jump
  @jump
end

#output_interface ⇒ Object (readonly)

Returns the value of attribute output_interface.

# File 'lib/puppetx/simp/iptables/rule.rb', line 11

def output_interface
  @output_interface
end

#rule ⇒ Object (readonly)

Returns the value of attribute rule.

# File 'lib/puppetx/simp/iptables/rule.rb', line 5

def rule
  @rule
end

#rule_hash ⇒ Object (readonly)

Returns the value of attribute rule_hash.

# File 'lib/puppetx/simp/iptables/rule.rb', line 12

def rule_hash
  @rule_hash
end

#rule_type ⇒ Object (readonly)

Returns the value of attribute rule_type.

# File 'lib/puppetx/simp/iptables/rule.rb', line 6

def rule_type
  @rule_type
end

#table ⇒ Object (readonly)

Returns the value of attribute table.

# File 'lib/puppetx/simp/iptables/rule.rb', line 7

def table
  @table
end

Class Method Details

.normalize_addresses(to_normalize) ⇒ Object

# File 'lib/puppetx/simp/iptables/rule.rb', line 17

def self.normalize_addresses(to_normalize)
  require 'ipaddr'

  normalized_array = []

  Array(to_normalize).each do |item|
    # Short circuit if it's obviously not an IP address
    if (item.count('.') == 3) || (item.count(':') > 1)
      begin
        test_addr = IPAddr.new(item)

        # Grab the netmask from the string and assign a reasonable default
        # if one does not exist
        test_netmask = item.split('/')[1] || (test_addr.family == 2 ? '32' : '128')

        normalized_array << "#{test_addr}/#{test_netmask}"
      rescue ArgumentError, NoMethodError, IPAddr::InvalidAddressError
        normalized_array << item
      end
    else
      normalized_array << item
    end
  end

  return normalized_array.first if (normalized_array.size == 1)
  return normalized_array
end

.parse(rule) ⇒ Object

# File 'lib/puppetx/simp/iptables/rule.rb', line 91

def self.parse(rule)
  output = {
    :chain => nil,
    :jump => nil,
    :input_interface => nil,
    :output_interface => nil
  }

  rule_hash = PuppetX::SIMP::IPTables::Rule.to_hash(rule)

  if rule_hash
    chain = rule_hash.find{ |k,_| ['A','D','I','R','N','P'].include?(k)}
    output[:chain] = chain.last[:value] if chain

    jump = rule_hash.find{ |k,_| ['j'].include?(k)}
    output[:jump] = jump.last[:value] if jump

    input_interface = rule_hash.find{ |k,_| ['i'].include?(k)}
    output[:input_interface] = input_interface.last[:value] if input_interface

    output_interface = rule_hash.find{ |k,_| ['o'].include?(k)}
    output[:output_interface] = output_interface.last[:value] if output_interface
  end

  output[:rule_hash] = rule_hash

  return output
end

.to_hash(rule) ⇒ Object

# File 'lib/puppetx/simp/iptables/rule.rb', line 45

def self.to_hash(rule)
  require 'optparse'
  require 'shellwords'


  opt_arr = Shellwords.shellwords(rule)

  opt_parser = OptionParser.new

  opts = Hash.new
  negate = false

  until opt_arr.empty? do
    begin
      opt_parser.parse!(opt_arr)
      opt_arr.shift
    rescue OptionParser::InvalidOption => e
      e.recover(opt_arr)

      key = opt_arr.shift.gsub(/^-*/,'')
      value = []

      while opt_arr.first && (opt_arr.first[0] != '-')
        value << opt_arr.shift
      end

      negate_next = false
      if !value.empty? && (value.last.strip == '!')
        value.pop
        negate_next = true
      end

      next if !negate && ((value == ['0.0.0.0/0']) || (value == ['::/0']))

      opts[key] ||= { :value => nil, :negate => negate }
      opts[key][:value] = value.join(' ')
      opts[key][:value] = opts[key][:value].split(',').sort if opts[key][:value].include?(',')
      opts[key][:value] = normalize_addresses(opts[key][:value])

      negate = negate_next
    end
  end

  return opts
end

Instance Method Details

#==(other_rule) ⇒ Object

# File 'lib/puppetx/simp/iptables/rule.rb', line 165

def ==(other_rule)
  return false if (other_rule.nil? || other_rule.rule_hash.nil? || other_rule.rule_hash.empty?)

  return true if (rule.strip == other_rule.to_s.strip)

  return false if (@rule_hash.size != other_rule.rule_hash.size)

  local_hash = Marshal.load(Marshal.dump(@rule_hash))
  other_hash = Marshal.load(Marshal.dump(other_rule.rule_hash))

  return local_hash == other_hash
end

#normalize_addresses(to_normalize) ⇒ Object

Retained for backward compatibiilty

# File 'lib/puppetx/simp/iptables/rule.rb', line 161

def normalize_addresses(to_normalize)
  self.class.normalize_addresses(to_normalize)
end

#to_s ⇒ Object

# File 'lib/puppetx/simp/iptables/rule.rb', line 156

def to_s
  return @rule
end