Class: Melt::Rule

Inherits:
Object
  • Object
show all
Defined in:
lib/melt/rule.rb

Overview

Abstract firewall rule.

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(options = {}) ⇒ Rule

Instanciate a firewall Melt::Rule.

options is a Hash of the Melt::Rule class attributes

Rule.new({ action: :accept, dir: :in, proto: :tcp, to: { port: 80 } })

86
87
88
89
90
91
92
93
94
# File 'lib/melt/rule.rb', line 86

def initialize(options = {})
  options.each do |k, v|
    send("#{k}=", v)
  end

  @af = detect_af unless af

  raise 'if from_port or to_port is specified, the protocol must also be given' if (from_port || to_port) && proto.nil?
end

Instance Attribute Details

#actionSymbol

The action to perform when the rule apply (:accept or :block).

Returns:

  • (Symbol)

    Action


10
11
12
# File 'lib/melt/rule.rb', line 10

def action
  @action
end

#afSymbol

The address family of the rule (:inet6 or :inet)

Returns:

  • (Symbol)

    Address family


30
31
32
# File 'lib/melt/rule.rb', line 30

def af
  @af
end

#dirSymbol

The direction of the rule (:in or :out).

Returns:

  • (Symbol)

    Direction


20
21
22
# File 'lib/melt/rule.rb', line 20

def dir
  @dir
end

#fromHash

The packet source as a Hash for the rule to apply.

:host

address of the source host or network the rule apply to

:port

source port the rule apply to

Returns:


53
54
55
# File 'lib/melt/rule.rb', line 53

def from
  @from
end

#inString

The interface packets must arrive on for the rule to apply in a forwarding context.

Returns:

  • (String)

    Interface


40
41
42
# File 'lib/melt/rule.rb', line 40

def in
  @in
end

#nat_toIPAddress

The packet destination when peforming NAT.

Returns:

  • (IPAddress)

    IP Adress


66
67
68
# File 'lib/melt/rule.rb', line 66

def nat_to
  @nat_to
end

#no_quickBoolean

Prevent the rule from being a quick one.

Returns:

  • (Boolean)

    Quick flag


79
80
81
# File 'lib/melt/rule.rb', line 79

def no_quick
  @no_quick
end

#onString

The interface the rule applies to.

Returns:

  • (String)

    Interface


35
36
37
# File 'lib/melt/rule.rb', line 35

def on
  @on
end

#outString

The interface packets must be sent to for the rule to apply in a forwarding context.

Returns:

  • (String)

    Interface


45
46
47
# File 'lib/melt/rule.rb', line 45

def out
  @out
end

#protoSymbol

The protocol the Melt::Rule applies to (:tcp, :udp, etc).

Returns:

  • (Symbol)

    Protocol


25
26
27
# File 'lib/melt/rule.rb', line 25

def proto
  @proto
end

#rdr_toHash

The destination as a Hash for redirections.

:host

address of the destination host or network the rule apply to

:port

destination port the rule apply to

Returns:

  • (Hash)

    Destination


74
75
76
# File 'lib/melt/rule.rb', line 74

def rdr_to
  @rdr_to
end

#returnBoolean

Whether blocked packets must be returned to sender instead of being silently dropped.

Returns:

  • (Boolean)

    Return flag


15
16
17
# File 'lib/melt/rule.rb', line 15

def return
  @return
end

#toHash

The packet destination as a Hash for the rule to apply.

:host

address of the destination host or network the rule apply to

:port

destination port the rule apply to

Returns:

  • (Hash)

    Destination


61
62
63
# File 'lib/melt/rule.rb', line 61

def to
  @to
end

Class Method Details

.fwd_rule(rule) ⇒ Melt::Rule

Instanciate a forward Melt::Rule.

Parameters:

Returns:


101
102
103
104
105
106
107
108
# File 'lib/melt/rule.rb', line 101

def self.fwd_rule(rule)
  res = rule.dup
  res.on_to_in_out!
  res.to.merge!(res.rdr_to.reject { |_k, v| v.nil? })
  res.rdr_to = nil
  res.dir = :fwd
  res
end

Instance Method Details

#filter?Boolean

Return true if the rule is a filter rule.

Returns:

  • (Boolean)

131
132
133
# File 'lib/melt/rule.rb', line 131

def filter?
  !nat? && !rdr?
end

#from_hostObject

Returns the source host of the Melt::Rule.


161
162
163
# File 'lib/melt/rule.rb', line 161

def from_host
  from && from[:host]
end

#from_portObject

Returns the source port of the Melt::Rule.


166
167
168
# File 'lib/melt/rule.rb', line 166

def from_port
  from && from[:port]
end

#fwd?Boolean

Returns whether the rule performs forwarding.

Returns:

  • (Boolean)

156
157
158
# File 'lib/melt/rule.rb', line 156

def fwd?
  dir == :fwd
end

#implicit_ipv4?Boolean

Return true if the rule has an IPv4 source or destination.

Returns:

  • (Boolean)

116
117
118
# File 'lib/melt/rule.rb', line 116

def implicit_ipv4?
  from_ipv4? || to_ipv4? || rdr_to_ipv4? || rdr_to && af == :inet
end

#implicit_ipv6?Boolean

Return true if the rule has an IPv6 source or destination.

Returns:

  • (Boolean)

126
127
128
# File 'lib/melt/rule.rb', line 126

def implicit_ipv6?
  from_ipv6? || to_ipv6? || rdr_to_ipv6? || rdr_to && af == :inet6
end

#in?Boolean

Returns whether the rule applies to incomming packets.

Returns:

  • (Boolean)

136
137
138
# File 'lib/melt/rule.rb', line 136

def in?
  dir.nil? || dir == :in
end

#ipv4?Boolean

Return true if the rule is valid in an IPv4 context.

Returns:

  • (Boolean)

111
112
113
# File 'lib/melt/rule.rb', line 111

def ipv4?
  af.nil? || af == :inet
end

#ipv6?Boolean

Return true if the rule is valid in an IPv6 context.

Returns:

  • (Boolean)

121
122
123
# File 'lib/melt/rule.rb', line 121

def ipv6?
  af.nil? || af == :inet6
end

#nat?Boolean

Returns whether the rule performs Network Address Translation.

Returns:

  • (Boolean)

146
147
148
# File 'lib/melt/rule.rb', line 146

def nat?
  nat_to
end

#on_to_in_out!void

This method returns an undefined value.

Setsthe #in / #out to #on depending on #dir.


193
194
195
196
197
198
199
200
# File 'lib/melt/rule.rb', line 193

def on_to_in_out!
  if dir == :in
    self.in ||= on
  else
    self.out ||= on
  end
  self.on = nil
end

#out?Boolean

Returns whether the rule applies to outgoing packets.

Returns:

  • (Boolean)

141
142
143
# File 'lib/melt/rule.rb', line 141

def out?
  dir.nil? || dir == :out
end

#rdr?Boolean

Returns whether the rule is a redirection.

Returns:

  • (Boolean)

151
152
153
# File 'lib/melt/rule.rb', line 151

def rdr?
  rdr_to_host || rdr_to_port
end

#rdr_to_hostObject

Returns the redirect destination host of the Melt::Rule.


181
182
183
# File 'lib/melt/rule.rb', line 181

def rdr_to_host
  rdr_to && rdr_to[:host]
end

#rdr_to_portObject

Returns the redirect destination port of the Melt::Rule.


186
187
188
# File 'lib/melt/rule.rb', line 186

def rdr_to_port
  rdr_to && rdr_to[:port]
end

#to_hostObject

Returns the destination host of the Melt::Rule.


171
172
173
# File 'lib/melt/rule.rb', line 171

def to_host
  to && to[:host]
end

#to_portObject

Returns the destination port of the Melt::Rule.


176
177
178
# File 'lib/melt/rule.rb', line 176

def to_port
  to && to[:port]
end