diff options
author | elijah <elijah@riseup.net> | 2015-08-07 14:16:33 -0700 |
---|---|---|
committer | elijah <elijah@riseup.net> | 2015-08-07 14:16:33 -0700 |
commit | beab1f0ac7212d3c7006238fdd108d66b86323bc (patch) | |
tree | 91e9e93960534a771fa311e37b660eda6ea980b6 /lib/leap_cli/commands | |
parent | bf1365d5148710667c99132da4745d06a89f6026 (diff) |
added `leap compile firewall`
Diffstat (limited to 'lib/leap_cli/commands')
-rw-r--r-- | lib/leap_cli/commands/compile.rb | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/lib/leap_cli/commands/compile.rb b/lib/leap_cli/commands/compile.rb index 9cbe4b9..a14c267 100644 --- a/lib/leap_cli/commands/compile.rb +++ b/lib/leap_cli/commands/compile.rb @@ -43,6 +43,15 @@ module LeapCli end end + c.desc "Generate a list of firewall rules. These rules are already "+ + "implemented on each node, but you might want the list of all "+ + "rules in case you also have a restrictive network firewall." + c.command :firewall do |zone| + zone.action do |global_options, options, args| + compile_firewall + end + end + c.default_command :all end @@ -336,5 +345,40 @@ $ORIGIN %{domain}. ] + ## + ## FIREWALL + ## + + def compile_firewall + manager.nodes.each_node(&:evaluate) + + rules = [["ALLOW TO", "PORTS", "ALLOW FROM"]] + manager.nodes[:environment => '!local'].values.each do |node| + next unless node['firewall'] + node.firewall.each do |name, rule| + if rule.is_a? Hash + rules << add_rule(rule) + elsif rule.is_a? Array + rule.each do |r| + rules << add_rule(r) + end + end + end + end + + max_to = rules.inject(0) {|max, r| [max, r[0].length].max} + max_port = rules.inject(0) {|max, r| [max, r[1].length].max} + max_from = rules.inject(0) {|max, r| [max, r[2].length].max} + rules.each do |rule| + puts "%-#{max_to}s %-#{max_port}s %-#{max_from}s" % rule + end + end + + private + + def add_rule(rule) + [rule["to"], [rule["port"]].compact.join(','), rule["from"]] + end + end end
\ No newline at end of file |