Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
64 changes: 64 additions & 0 deletions lib/puppet/functions/iptables/format_action.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,64 @@
# This is an autogenerated function, ported from the original legacy version.
# It /should work/ as is, but will not have all the benefits of the modern
# function API. You should see the function docs to learn how to add function
# signatures for type safety and to document this function using puppet-strings.
#
# https://puppet.com/docs/puppet/latest/custom_functions_ruby.html
#
# ---- original file header ----

# ---- original file header ----
#
# @summary
# Given an action, ie. ACCEPT/REJECT or a chain name, returns the partial iptables
#rule to facilitate taking the appropriate action.
#
#Examples:
#
# # returns "-j ACCEPT'
# format_action('ACCEPT')
# format_action(nil)
#
# # returns '-j LOG'
# format_action('LOG')
#
# # Parse Error
# format_action('')
# format_action('SOME CHAIN')
#
#
Puppet::Functions.create_function(:'iptables::format_action') do
# @param args
# The original array of arguments. Port this to individually managed params
# to get the full benefit of the modern function API.
#
# @return [Data type]
# Describe what the function returns here
#
dispatch :default_impl do
# Call the method named 'default_impl' when this is matched
# Port this to match individual params for better type safety
repeated_param 'Any', :args
end


def default_impl(*args)

action = 'ACCEPT'
action = args[0] unless args[0] == nil or args[0] == 'UNSET'

if action == :undef or action == ''
raise Puppet::ParseError, \
"action not specified"
end

# do some basic validation of the action
if action =~ /\s/
raise Puppet::ParseError, \
"action cannot contain whitespace - \"#{action}\""
end

return "-j #{action}"

end
end
64 changes: 64 additions & 0 deletions lib/puppet/functions/iptables/format_chain.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,64 @@
# This is an autogenerated function, ported from the original legacy version.
# It /should work/ as is, but will not have all the benefits of the modern
# function API. You should see the function docs to learn how to add function
# signatures for type safety and to document this function using puppet-strings.
#
# https://puppet.com/docs/puppet/latest/custom_functions_ruby.html
#
# ---- original file header ----

# ---- original file header ----
#
# @summary
# format_chain( name )
#
#Given an chain name, generates the partial iptables rule to faciliate appending
#a rule to given chain.
#
#Examples:
#
# # returns '-A INPUT'
# format_chain('INPUT')
#
# # returns '-A LOGNDUMP'
# format_chain('LOGNDUMP')
#
# # throws ParseError
# format_chain('SOME CHAIN')
#
#
Puppet::Functions.create_function(:'iptables::format_chain') do
# @param args
# The original array of arguments. Port this to individually managed params
# to get the full benefit of the modern function API.
#
# @return [Data type]
# Describe what the function returns here
#
dispatch :default_impl do
# Call the method named 'default_impl' when this is matched
# Port this to match individual params for better type safety
repeated_param 'Any', :args
end


def default_impl(*args)

chain = 'INPUT'
chain = args[0] unless args[0] == nil

if chain == :undef or chain == ''
raise Puppet::ParseError, \
"chain name cannot be empty"
end

# Do some validation here
if chain =~ /\s/
raise Puppet::ParseError, \
"chain name cannot contain whitespace - \"#{chain}\""
end

return "-A #{chain}"

end
end
67 changes: 67 additions & 0 deletions lib/puppet/functions/iptables/format_interface.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,67 @@
# This is an autogenerated function, ported from the original legacy version.
# It /should work/ as is, but will not have all the benefits of the modern
# function API. You should see the function docs to learn how to add function
# signatures for type safety and to document this function using puppet-strings.
#
# https://puppet.com/docs/puppet/latest/custom_functions_ruby.html
#
# ---- original file header ----

# ---- original file header ----
#
# @summary
#
#
Puppet::Functions.create_function(:'iptables::format_interface') do
# @param args
# The original array of arguments. Port this to individually managed params
# to get the full benefit of the modern function API.
#
# @return [Data type]
# Describe what the function returns here
#
dispatch :default_impl do
# Call the method named 'default_impl' when this is matched
# Port this to match individual params for better type safety
repeated_param 'Any', :args
end


def default_impl(*args)


# setup some objects to hold our regexes
out_rx = /^out(going)?$/i
in_rx = /^in(coming)?$/i
int_rx = /^[a-z0-9\.\-_]+\+?$/i

return '' if args == nil or args[0] == :undef
return '' if args[0] == nil

# make sure we were at least passed a string or nil
raise Puppet::ParseError, "non-string interface passed - #{args[0]}" \
unless args[0].kind_of?(String)

interface = ''
interface = String(args[0]).dup


# handle cases where we weren't passed an interface
return interface if interface == ''

direction = 'in'
direction = args[1] unless args[1] == nil

raise Puppet::ParseError, "invalid direction specified - #{direction}" \
unless direction =~ /(#{out_rx}|#{in_rx})/i

# lets assume all interfaces will only have alphanumerics, plus
# '.' and '_'
raise Puppet::ParseError, "bad interface name passed - #{interface}" \
unless interface =~ int_rx

return "-o #{interface}" if direction =~ out_rx
return "-i #{interface}"

end
end
122 changes: 122 additions & 0 deletions lib/puppet/functions/iptables/format_log.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,122 @@
# This is an autogenerated function, ported from the original legacy version.
# It /should work/ as is, but will not have all the benefits of the modern
# function API. You should see the function docs to learn how to add function
# signatures for type safety and to document this function using puppet-strings.
#
# https://puppet.com/docs/puppet/latest/custom_functions_ruby.html
#
# ---- original file header ----

# ---- original file header ----
#
# @summary
# format_log( options ):
#
#
#
Puppet::Functions.create_function(:'iptables::format_log') do
# @param args
# The original array of arguments. Port this to individually managed params
# to get the full benefit of the modern function API.
#
# @return [Data type]
# Describe what the function returns here
#
dispatch :default_impl do
# Call the method named 'default_impl' when this is matched
# Port this to match individual params for better type safety
repeated_param 'Any', :args
end


def default_impl(*args)

syslog_priorities = {
'emerg' => '0',
'panic' => '0',
'alert' => '1',
'crit' => '2',
'err' => '3',
'error' => '3',
'warn' => '4',
'warning' => '4',
'notice' => '5',
'info' => '6',
'debug' => '7',
}

raise Puppet::ParseError, "input must be an anonymous array" \
unless args.is_a?(Array)

return '' unless args[0] != nil

raise Puppet::ParseError, "input must be hash table" \
unless args[0].is_a?(Hash)

opts = args[0] unless args[0] == nil

log_opts = Array.new

#
## log_level option
#
loglevel = []
loglevel = opts['log_level'].split('.') unless opts['log_level'] == nil

if loglevel.size == 1
# we were just passed the log level, if it's a text version, convert it to
# numeric
loglevel[0] = syslog_priorities[loglevel[0]] \
if syslog_priorities.has_key?(loglevel[0])

# make sure it's a valid syslog priority
raise Puppet::ParseError, "invalid log level passed - #{loglevel[0]}" \
unless syslog_priorities.has_value?(String(loglevel[0]))

log_opts.push("--log-level #{loglevel[0]}")
elsif loglevel.size == 0
# no log_level info was passed, we can move on
else
raise Puppet::ParseError, \
"invalid log level passed - #{opts['log_level']}"
end

#
## log_prefix options
#
logprefix = ''
logprefix = opts['log_prefix'] unless opts['log_prefix'] == nil

if logprefix.size == 0
# do nothing
elsif logprefix.size > 0
# push the first 29 characters, giving a warning if we trimmed some
log_opts.push("--log-prefix \"" + logprefix.scan(/^.{1,29}/)[0] + "\"")
function_warning(["log prefix \"#{logprefix}\" exceeds 29 characters." \
+ " Truncating chars beyond 29"]) if logprefix.size > 29
end

#
## log_tcp_options option
#
log_opts.push('--log-tcp-options') if opts['log_tcp_options']

#
## log_ip_options option
#
log_opts.push('--log-ip-options') if opts['log_ip_options']

#
## log_uid option
#
log_opts.push('--log-uid') if opts['log_uid']

#
## log_tcp_sequence
#
log_opts.push('--log-tcp-sequence') if opts['log_tcp_sequence']

return log_opts.join(' ')

end
end
Loading