Class: IControl::Networking::PacketFilter

Inherits:
Base
  • Object
show all
Defined in:
lib/icontrol/networking/packet_filter.rb,
lib/icontrol/networking.rb

Overview

The PacketFilter interface enables you to work with the definitions and attributes of packet filter rules. The goal of the packet filter is to provide a flexible and integrated perimeter security mechanism to explicitly block as well as accept traffic using complex expressions similar to those used by libpcap (e.g. tcpdump).

Defined Under Namespace

Classes: PacketFilterStatisticEntry, PacketFilterStatisticEntrySequence, PacketFilterStatistics

Instance Method Summary (collapse)

Dynamic Method Handling

This class handles dynamic methods through the method_missing method in the class IControl::Base

Instance Method Details

- (FilterAction) action

Gets the actions of what to do if the ingress traffic matches the filter rules.

Returns:

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.



55
56
57
 
# File 'lib/icontrol/networking/packet_filter.rb', line 55

def action
  super
end

- (PacketFilterStatistics) all_statistics

Gets the statistics for all the packet filter rules.

Returns:

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.



66
67
68
 
# File 'lib/icontrol/networking/packet_filter.rb', line 66

def all_statistics
  super
end

- (Object) create(opts)

Creates this packet filter rules.

Parameters:

  • opts (Hash)

Options Hash (opts):

  • :sort_orders (long)

    The sort-order part of the rule is an integer value used to assign a relative "weight" to the rule. The sort-order may be any number between 0 and 999, but no two rules may have the same value. The specific value of the sort-order is not important, only its position relative to the other rules' sort-orders. Rule evaluation order is determined by starting with the lowest numbered rule and moving up through to the highest.

  • :actions (IControl::Networking::FilterAction)

    The list of action of what to do with the traffic should it match each rule.

  • :expressions (String)

    The expressions that make up the rules, used to match the ingress traffic. The legal expressions for the filters are determined by the version of the pcap library linked into the rule compiler. If empty, the associated filters match all packets.

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.



23
24
25
26
 
# File 'lib/icontrol/networking/packet_filter.rb', line 23

def create(opts)
  check_params(opts,[:sort_orders,:actions,:expressions])
  super
end

- (Object) delete_all_packet_filters

Deletes all packet filter.

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.



34
35
36
 
# File 'lib/icontrol/networking/packet_filter.rb', line 34

def delete_all_packet_filters
  super
end

- (Object) delete_packet_filter

Deletes this packet filter rules.

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.



44
45
46
 
# File 'lib/icontrol/networking/packet_filter.rb', line 44

def delete_packet_filter
  super
end

- (String) expression

Gets the expressions used to match ingress traffic. Each expression is defined by the pcap library, which is used to implement tcpdump, and is compiled into a Berkeley Packet Filter program. The man page for tcpdump describes the format and valid syntax of the filter rule expression.

Returns:

  • (String)

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.



80
81
82
 
# File 'lib/icontrol/networking/packet_filter.rb', line 80

def expression
  super
end

- (String) list

Gets a list of all packet filter rules.

Returns:

  • (String)

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.



91
92
93
 
# File 'lib/icontrol/networking/packet_filter.rb', line 91

def list
  super
end

- (EnabledState) log_state

Gets the states that specify whether an entry will be created in the system log each time the rule is matched.

Returns:

  • (EnabledState)

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.



103
104
105
 
# File 'lib/icontrol/networking/packet_filter.rb', line 103

def log_state
  super
end

- (String) rate_class

Gets the rate classes that will be used to rate limit the traffic. If the rule has an associated Rate Class name, then any traffic allowed by the rule will also be rate limited according to the behavior of this rate class. It is meaningless to associate a rate class with a rule that has a discard or reject action. Likewise, the rate class will only take effect when the traffic actually leaves the system. If the traffic does not leave the system, the rate class has no effect.

Returns:

  • (String)

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.



119
120
121
 
# File 'lib/icontrol/networking/packet_filter.rb', line 119

def rate_class
  super
end

- (Object) reset_statistics

Resets the statistics for this pools.

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.



170
171
172
 
# File 'lib/icontrol/networking/packet_filter.rb', line 170

def reset_statistics
  super
end

- (Object) set_action(opts)

Sets the actions of what to do if the ingress traffic matches the filter rules.

Parameters:

  • opts (Hash)

Options Hash (opts):

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.



182
183
184
185
 
# File 'lib/icontrol/networking/packet_filter.rb', line 182

def set_action(opts)
  check_params(opts,[:actions])
  super
end

- (Object) set_expression(opts)

Sets the expressions used to match ingress traffic. Each expression is defined by the pcap library, which is used to implement tcpdump, and is compiled into a Berkeley Packet Filter program. The man page for tcpdump describes the format and valid syntax of the filter rule expression.

Parameters:

  • opts (Hash)

Options Hash (opts):

  • :expressions (String)

    The expressions used to match ingress traffic.

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.



198
199
200
201
 
# File 'lib/icontrol/networking/packet_filter.rb', line 198

def set_expression(opts)
  check_params(opts,[:expressions])
  super
end

- (Object) set_log_state(opts)

Sets the states that specify whether an entry will be created in the system log each time the rule is matched.

Parameters:

  • opts (Hash)

Options Hash (opts):

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.



212
213
214
215
 
# File 'lib/icontrol/networking/packet_filter.rb', line 212

def set_log_state(opts)
  check_params(opts,[:states])
  super
end

- (Object) set_rate_class(opts)

Sets the rate classes that will be used to rate limit the traffic. If the rule has an associated Rate Class name, then any traffic allowed by the rule will also be rate limited according to the behavior of this rate class. It is meaningless to associate a rate class with a rule that has a discard or reject action. Likewise, the rate class will only take effect when the traffic actually leaves the system. If the traffic does not leave the system, the rate class has no effect.

Parameters:

  • opts (Hash)

Options Hash (opts):

  • :rate_classes (String)

    The rate classes used to rate limit the traffic.

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.



230
231
232
233
 
# File 'lib/icontrol/networking/packet_filter.rb', line 230

def set_rate_class(opts)
  check_params(opts,[:rate_classes])
  super
end

- (Object) set_sort_order(opts)

Sets the sort orders of this filter rules.

Parameters:

  • opts (Hash)

Options Hash (opts):

  • :orders (long)

    The sort order values of the associated filter rules. Legal values for sort-order are all integers between 0 and 999, inclusive. No two rules may have the same sort-order value.

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.



243
244
245
246
 
# File 'lib/icontrol/networking/packet_filter.rb', line 243

def set_sort_order(opts)
  check_params(opts,[:orders])
  super
end

- (Object) set_vlan(opts)

Sets the optional ingress VLANs to match on.

Parameters:

  • opts (Hash)

Options Hash (opts):

  • :vlan_names (String)

    The ingress VLANs to match on. If present, each entry must be a specific VLAN name currently in existence. If omitted, the rule matches all VLANs .

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.



256
257
258
259
 
# File 'lib/icontrol/networking/packet_filter.rb', line 256

def set_vlan(opts)
  check_params(opts,[:vlan_names])
  super
end

- (long) sort_order

Gets the sort orders of this filter rules.

Returns:

  • (long)

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.



130
131
132
 
# File 'lib/icontrol/networking/packet_filter.rb', line 130

def sort_order
  super
end

- (PacketFilterStatistics) statistics

Gets the statistics for this packet filter.

Returns:

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.



141
142
143
 
# File 'lib/icontrol/networking/packet_filter.rb', line 141

def statistics
  super
end

- (String) version

Gets the version information for this interface.

Returns:

  • (String) 


149
150
151
 
# File 'lib/icontrol/networking/packet_filter.rb', line 149

def version
  super
end

- (String) vlan

Gets the optional ingress VLANs to match on.

Returns:

  • (String)

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.



160
161
162
 
# File 'lib/icontrol/networking/packet_filter.rb', line 160

def vlan
  super
end