summaryrefslogtreecommitdiff
path: root/lib/leap_cli/commands
diff options
context:
space:
mode:
authorelijah <elijah@riseup.net>2015-08-07 14:16:33 -0700
committerelijah <elijah@riseup.net>2015-08-07 14:16:33 -0700
commitbeab1f0ac7212d3c7006238fdd108d66b86323bc (patch)
tree91e9e93960534a771fa311e37b660eda6ea980b6 /lib/leap_cli/commands
parentbf1365d5148710667c99132da4745d06a89f6026 (diff)
added `leap compile firewall`
Diffstat (limited to 'lib/leap_cli/commands')
-rw-r--r--lib/leap_cli/commands/compile.rb44
1 files changed, 44 insertions, 0 deletions
diff --git a/lib/leap_cli/commands/compile.rb b/lib/leap_cli/commands/compile.rb
index 9cbe4b9..a14c267 100644
--- a/lib/leap_cli/commands/compile.rb
+++ b/lib/leap_cli/commands/compile.rb
@@ -43,6 +43,15 @@ module LeapCli
end
end
+ c.desc "Generate a list of firewall rules. These rules are already "+
+ "implemented on each node, but you might want the list of all "+
+ "rules in case you also have a restrictive network firewall."
+ c.command :firewall do |zone|
+ zone.action do |global_options, options, args|
+ compile_firewall
+ end
+ end
+
c.default_command :all
end
@@ -336,5 +345,40 @@ $ORIGIN %{domain}.
]
+ ##
+ ## FIREWALL
+ ##
+
+ def compile_firewall
+ manager.nodes.each_node(&:evaluate)
+
+ rules = [["ALLOW TO", "PORTS", "ALLOW FROM"]]
+ manager.nodes[:environment => '!local'].values.each do |node|
+ next unless node['firewall']
+ node.firewall.each do |name, rule|
+ if rule.is_a? Hash
+ rules << add_rule(rule)
+ elsif rule.is_a? Array
+ rule.each do |r|
+ rules << add_rule(r)
+ end
+ end
+ end
+ end
+
+ max_to = rules.inject(0) {|max, r| [max, r[0].length].max}
+ max_port = rules.inject(0) {|max, r| [max, r[1].length].max}
+ max_from = rules.inject(0) {|max, r| [max, r[2].length].max}
+ rules.each do |rule|
+ puts "%-#{max_to}s %-#{max_port}s %-#{max_from}s" % rule
+ end
+ end
+
+ private
+
+ def add_rule(rule)
+ [rule["to"], [rule["port"]].compact.join(','), rule["from"]]
+ end
+
end
end \ No newline at end of file