Class: IPAccess::UDPSocket
- Inherits:
-
UDPSocket
- Object
- UDPSocket
- IPAccess::UDPSocket
- Includes:
- Patches::UDPSocket
- Defined in:
- lib/ipaccess/ghost_doc/ghost_doc_sockets.rb,
lib/ipaccess/socket.rb
Overview
UDPSocket class with IP access control. It uses input and output access lists. Default list for rules management methods is input
.
This class acts the same way as UDPSocket class but provides special member called acl
and a few new instance methods for controlling IP access.
This documentation doesn’t cover description of all class and instance methods of the original UDPSocket class, just the patched variants that make use of IP access control.
Instance Attribute Summary collapse
-
#acl ⇒ Object
=== Example require ‘ipaccess/socket’ # load sockets subsystem socket = IPAccess::UDPSocket.new socket.acl = :global # use global access set socket.acl = :private # create and use individual access set socket.acl = IPAccess::Set.new # use external (shared) access set.
Attributes included from Patches::ACL
Instance Method Summary collapse
-
#acl_recheck ⇒ Object
This method allows you to re-check access on demad.
-
#blacklist(*addresses) ⇒ Object
(also: #add_black, #deny, #block)
This method blacklists IP address(-es) in the input or output access list selected by the list argument (
:input
or:output
). If the access list selector is omited it operates on the default access list that certain kind of network object uses. The allowed format of address is the same as for IPAccess.to_cidrs. This method will not add nor remove any whitelisted item.Restrictions
This method won’t allow you to modify the list if the global access set is associated with an object. You may operate on IPAccess::Set.Global or use blacklist! instead.
Return value
It will return the result of calling IPAccess::List#blacklist on the list.
Revalidation
After modyfing access set current connection is validated again to avoid access leaks.
DNS Warning
You should avoid passing hostnames as arguments since DNS is not reliable and responses may change with time, which may cause security flaws.
-
#blacklist!(*addresses) ⇒ Object
(also: #add_black!, #deny!, #block!)
This method works same way as blacklist but it will allow you to modify the list even if the global access set is used by object.
-
#blacklist_reasonable(reason, *addresses) ⇒ Object
This method works like blacklist but allows to set reason.
-
#blacklist_reasonable!(reason, *addresses) ⇒ Object
This method works like blacklist! but allows to set reason.
-
#unblacklist(*addresses) ⇒ Object
(also: #unblock, #del_black)
This method removes blacklisted IP address(-es) from the input or output access list selected by the list argument (
:input
or:output
). If the access list selector is omited it operates on the default access list that certain kind of network object uses. The allowed format of address is the same as for IPAccess.to_cidrs. This method will not add nor remove any whitelisted item.Restrictions
This method won’t allow you to modify the list if the global access set is associated with an object. You may operate on IPAccess::Set.Global or use unblacklist! instead.
Return value
It will return the result of calling IPAccess::List#unblacklist on the list.
Revalidation
After modyfing access set current connection is validated again to avoid access leaks.
DNS Warning
You should avoid passing hostnames as arguments since DNS is not reliable and responses may change with time, which may cause security flaws.
-
#unblacklist!(*addresses) ⇒ Object
(also: #unblock!, #del_black!)
This method works same way as unblacklist but it will allow you to modify the list even if the global access set is used by object.
-
#unwhitelist(*addresses) ⇒ Object
(also: #del_white)
This method removes whitelisted IP address(-es) from the input or output access list selected by the list argument (
:input
or:output
). If the access list selector is omited it operates on the default access list that certain kind of network object uses. The allowed format of address is the same as for IPAccess.to_cidrs. This method will not add nor remove any blacklisted item.Restrictions
This method won’t allow you to modify the list if the global access set is associated with an object. You may operate on IPAccess::Set.Global or use unwhitelist! instead.
Return value
It will return the result of calling IPAccess::List#unwhitelist on the list.
Revalidation
After modyfing access set current connection is validated again to avoid access leaks.
DNS Warning
You should avoid passing hostnames as arguments since DNS is not reliable and responses may change with time, which may cause security flaws.
-
#unwhitelist!(*addresses) ⇒ Object
(also: #del_white!)
This method works same way as unwhitelist but it will allow you to modify the list even if the global access set is used by object.
-
#whitelist(*addresses) ⇒ Object
This method whitelists IP address(-es) in the input or output access list selected by the list argument (
:input
or:output
). If the access list selector is omited it operates on the default access list that certain kind of network object uses. The allowed format of address is the same as for IPAccess.to_cidrs. This method will not add nor remove any blacklisted item.Restrictions
This method won’t allow you to modify the list if the global access set is associated with an object. You may operate on IPAccess::Set.Global or use whitelist! instead.
Return value
It will return the result of calling IPAccess::List#whitelist on the list.
Revalidation
After modyfing access set current connection is validated again to avoid access leaks.
DNS Warning
You should avoid passing hostnames as arguments since DNS is not reliable and responses may change with time, which may cause security flaws.
@overload(*addresses) @overload(list, *addresses)
-
#whitelist!(*addresses) ⇒ Object
This method works same way as whitelist but it will allow you to modify the list even if the global access set is used by object.
-
#whitelist_reasonable(reason, *addresses) ⇒ Object
This method works like whitelist but allows to set reason.
-
#whitelist_reasonable!(reason, *addresses) ⇒ Object
This method works like whitelist! but allows to set reason.
Methods included from Patches::ACL
#__ipa_wrap_socket_call, #close_on_deny, #close_on_deny=, #default_list, #terminate, #valid_acl?
Instance Attribute Details
#acl ⇒ Object
406 407 408 |
# File 'lib/ipaccess/ghost_doc/ghost_doc_sockets.rb', line 406 def acl @acl end |
Instance Method Details
#acl_recheck ⇒ Object
This method allows you to re-check access on demad. It uses internal socket’s address and access set assigned to an object. It will close your communication session before throwing an exception in case of denied access – you can prevent it by setting the flag opened_on_deny
to true
. The flag can be set while initializing object (through argument :opened_on_deny
) or by setting the attribute.
417 418 419 |
# File 'lib/ipaccess/ghost_doc/ghost_doc_sockets.rb', line 417 def acl_recheck # Real code hidden. end |
#blacklist(*addresses) ⇒ Object #blacklist(list, *addresses) ⇒ Object Also known as: add_black, deny, block
344 |
# File 'lib/ipaccess/ghost_doc/ghost_doc_sockets.rb', line 344 def blacklist(*addresses); end |
#blacklist!(*addresses) ⇒ Object #blacklist!(list, *addresses) ⇒ Object Also known as: add_black!, deny!, block!
339 |
# File 'lib/ipaccess/ghost_doc/ghost_doc_sockets.rb', line 339 def blacklist!(*addresses); end |
#blacklist_reasonable(reason, *addresses) ⇒ Object
This method works like blacklist but allows to set reason.
393 |
# File 'lib/ipaccess/ghost_doc/ghost_doc_sockets.rb', line 393 def blacklist_reasonable(reason, *addresses); end |
#blacklist_reasonable!(reason, *addresses) ⇒ Object
This method works like blacklist! but allows to set reason.
389 |
# File 'lib/ipaccess/ghost_doc/ghost_doc_sockets.rb', line 389 def blacklist_reasonable!(reason, *addresses); end |
#unblacklist(*addresses) ⇒ Object #unblacklist(list, *addresses) ⇒ Object Also known as: unblock, del_black
364 |
# File 'lib/ipaccess/ghost_doc/ghost_doc_sockets.rb', line 364 def unblacklist(*addresses); end |
#unblacklist!(*addresses) ⇒ Object #unblacklist!(list, *addresses) ⇒ Object Also known as: unblock!, del_black!
359 |
# File 'lib/ipaccess/ghost_doc/ghost_doc_sockets.rb', line 359 def unblacklist!(*addresses); end |
#unwhitelist(*addresses) ⇒ Object #unwhitelist(list, *addresses) ⇒ Object Also known as: del_white
354 |
# File 'lib/ipaccess/ghost_doc/ghost_doc_sockets.rb', line 354 def unwhitelist(*addresses); end |
#unwhitelist!(*addresses) ⇒ Object #unwhitelist!(list, *addresses) ⇒ Object Also known as: del_white!
349 |
# File 'lib/ipaccess/ghost_doc/ghost_doc_sockets.rb', line 349 def unwhitelist!(*addresses); end |
#whitelist(*addresses) ⇒ Object #whitelist(list, *addresses) ⇒ Object
334 |
# File 'lib/ipaccess/ghost_doc/ghost_doc_sockets.rb', line 334 def whitelist(*addresses); end |
#whitelist!(*addresses) ⇒ Object #whitelist!(list, *addresses) ⇒ Object
329 |
# File 'lib/ipaccess/ghost_doc/ghost_doc_sockets.rb', line 329 def whitelist!(*addresses); end |
#whitelist_reasonable(reason, *addresses) ⇒ Object
This method works like whitelist but allows to set reason.
385 |
# File 'lib/ipaccess/ghost_doc/ghost_doc_sockets.rb', line 385 def whitelist_reasonable(reason, *addresses); end |
#whitelist_reasonable!(reason, *addresses) ⇒ Object
This method works like whitelist! but allows to set reason.
381 |
# File 'lib/ipaccess/ghost_doc/ghost_doc_sockets.rb', line 381 def whitelist_reasonable!(reason, *addresses); end |