Permalink
Browse files

First commit of Open Source release

  • Loading branch information...
0 parents commit 08913b752f5a54e0e49874c281504357e35ce8bd @johnf johnf committed Sep 12, 2012
Showing with 3,385 additions and 0 deletions.
  1. +6 −0 .gitignore
  2. +1 −0 .rbenv-version
  3. +16 −0 AUTHORS.md
  4. +93 −0 CHANGELOG.md
  5. +4 −0 Gemfile
  6. +62 −0 Gemfile.lock
  7. +19 −0 LICENCE
  8. +516 −0 README.md
  9. +135 −0 Rakefile
  10. +18 −0 bin/rbenv-sudo
  11. +207 −0 bin/ript
  12. +48 −0 dist/init.d
  13. +16 −0 examples/accept-multiple-from-and-to.rb
  14. +13 −0 examples/accept-with-a-list-of-ports.rb
  15. +14 −0 examples/accept-with-specific-port-and-interface.rb
  16. +11 −0 examples/accept-without-specific-from.rb
  17. +12 −0 examples/accept.rb
  18. +4 −0 examples/basic.rb
  19. +2 −0 examples/dash-in-partition-name.rb
  20. +11 −0 examples/drop.rb
  21. +2 −0 examples/duplicate-partition-names/foobar1.rb
  22. +2 −0 examples/duplicate-partition-names/foobar2.rb
  23. +12 −0 examples/errors-undefined-method-with-no-match.rb
  24. +12 −0 examples/errors-undefined-method.rb
  25. +16 −0 examples/forward-dnat-with-different-destination-port.rb
  26. +11 −0 examples/forward-dnat-with-explicit-from-and-port-mappings.rb
  27. +11 −0 examples/forward-dnat-with-explicit-from-and-ports.rb
  28. +11 −0 examples/forward-dnat-with-explicit-from.rb
  29. +15 −0 examples/forward-dnat-with-explicit-protocols.rb
  30. +13 −0 examples/forward-dnat-with-multiple-froms.rb
  31. +10 −0 examples/forward-dnat-with-multiple-ports.rb
  32. +15 −0 examples/forward-dnat-with-multiple-sources.rb
  33. +16 −0 examples/forward-dnat.rb
  34. +16 −0 examples/forward-snat-with-explicit-from.rb
  35. +13 −0 examples/forward-snat-with-multiple-sources.rb
  36. +9 −0 examples/forward-snat.rb
  37. +12 −0 examples/log-and-accept.rb
  38. +11 −0 examples/log-and-drop.rb
  39. +10 −0 examples/log-dnat.rb
  40. +13 −0 examples/log-snat.rb
  41. +11 −0 examples/log.rb
  42. +15 −0 examples/missing-address-definition-in-destination.rb
  43. +15 −0 examples/missing-address-definition-in-from.rb
  44. +14 −0 examples/multiple-partitions-in-this-file.rb
  45. +11 −0 examples/multiple-partitions/bar.rb
  46. +17 −0 examples/multiple-partitions/foo.rb
  47. +2 −0 examples/partition-name-exactly-20-characters.rb
  48. +2 −0 examples/partition-name-longer-than-20-characters.rb
  49. +10 −0 examples/postclean.rb
  50. +10 −0 examples/preclean.rb
  51. +9 −0 examples/raw-with-chain-deletion.rb
  52. +9 −0 examples/raw-with-flush.rb
  53. +50 −0 examples/raw.rb
  54. +11 −0 examples/reject.rb
  55. +2 −0 examples/space-in-partition-name.rb
  56. +115 −0 features/cli.feature
  57. +107 −0 features/dsl/errors.feature
  58. +187 −0 features/dsl/filter.feature
  59. +114 −0 features/dsl/logging.feature
  60. +271 −0 features/dsl/nat.feature
  61. +28 −0 features/dsl/raw.feature
  62. +58 −0 features/setup.feature
  63. +15 −0 features/step_definitions/cli_steps.rb
  64. +44 −0 features/step_definitions/example_steps.rb
  65. +25 −0 features/support/env.rb
  66. +20 −0 lib/ript/bootstrap.rb
  67. +14 −0 lib/ript/dsl.rb
  68. +7 −0 lib/ript/dsl/primitives.rb
  69. +78 −0 lib/ript/dsl/primitives/common.rb
  70. +145 −0 lib/ript/dsl/primitives/filter.rb
  71. +206 −0 lib/ript/dsl/primitives/nat.rb
  72. +45 −0 lib/ript/dsl/primitives/raw.rb
  73. +2 −0 lib/ript/exceptions.rb
  74. +162 −0 lib/ript/partition.rb
  75. +10 −0 lib/ript/patches.rb
  76. +70 −0 lib/ript/rule.rb
  77. +3 −0 lib/ript/version.rb
  78. +33 −0 ript.gemspec
@@ -0,0 +1,6 @@
+tmp/
+pkg/
+*.swp
+*~
+vendor
+.bundle
@@ -0,0 +1 @@
+1.9.2-p290
@@ -0,0 +1,16 @@
+Ript was designed and built by:
+
+Lindsay Holmwood (@auxesis)
+Steve Fisher (@laminat0r)
+
+Patches have been merged from:
+
+Arthur Barton (@arthurbarton)
+John Ferlito (@johnf)
+Jesse Reynolds (@jessereynolds)
+
+Inspiration given by:
+
+Matt Moor (@mattm0)
+
+Ript is copyright Bulletproof Networks 2011-2012, all rights reserved.
@@ -0,0 +1,93 @@
+## Changelog
+
+# 0.8.4 - 2012/08/121
+ - Bug: DNAT rules from one port to another were adding a filter rule for the
+ source instead of destination port (@johnf)
+
+# 0.8.3 - 2012/07/19
+ - Bug: Default the protocol for filter rules to TCP, so filter rules are generated correctly (@auxesis)
+
+# 0.8.2 - 2012/07/19
+ - Bug: Fix a regression where we don't generate rules without an explicit from. (@auxesis)
+
+# 0.8.1 - 2012/07/17
+ - Bug: Generate the iptables clean commands in Ruby, to eliminate bogus clean command generation (@auxesis)
+ - Chore: Refactor test internals to re-use common iptables cleaning routines (@auxesis)
+
+# 0.8.0 - 2012/07/17
+ - Feature: Allow multiple froms to be specified in a DNAT rewrite (@auxesis)
+ - Feature: Provide a default label named "all", that represents the IPv4 zero-address 0.0.0.0/0 (@auxesis)
+
+# 0.7.1 - 2012/07/16
+ - Bug: Ensure the list of chains to clean up is unique, so we don't delete the same chains multiple times (@auxesis)
+
+# 0.7.0 - 2012/07/09
+ - Feature: Show a custom message if exceptions appear to be generated by Ript (@auxesis)
+ - Feature: Add support for specifying protocols in rewrites (@auxesis)
+ - Chore: Move example rules to examples/. Point tests at the new directory (@auxesis)
+
+# 0.6.1 - 2012/06/06
+ - Feature: Make init script executable (@johnf)
+
+# 0.6.0 - 2012/06/06
+ - Feature: add "rules save", outputs rules in a format suitable for iptables-restore (@johnf)
+ - Feature: Add an init script to dist/ that performs iptables-restore at boot (@johnf)
+
+# 0.5.0 - 2012/05/31
+ - Feature: rename "customer" to "partition", to make terminology more friendly for use on standalone hosts (thanks @jessereynolds)
+
+# 0.4.3 - 2012/05/27
+ - Bug: Fix clean subcommand so it ignores important chains (before-a, etc) (@johnf)
+
+# 0.4.2 - 2012/05/24
+ - Bug: Use the destination address in the FORWARD chain when building the implicit accept on DNAT, so traffic actually gets accepted (@auxesis)
+
+# 0.4.1 - 2012/05/23
+ - Bug: Emit --protocol when generating ACCEPT rules, so the --dport argument works (@auxesis)
+
+# 0.4.0 - 2012/05/23
+ - Feature: Automatically create ACCEPT rules on the FORWARD chain, so NAT works in environments where DROP is the default policy(@auxesis)
+ - Feature: Reject multiple partition definitions in the same file, to maintain clean definitions(@auxesis)
+ - Feature: Make the DSL documentation awesome(@auxesis)
+
+# 0.3.6 - 2012/05/03
+ - Bug: Tests were broken and weren't matching empty output correctly (@johnf)
+ - Bug: raw tables were being applied repeatedly (@johnf)
+
+# 0.3.5 - 2012/05/03
+ - Bug: Bring back generate functionality (@johnf)
+
+# 0.3.4 - 2012/05/03
+ - Chore: Remove timestamps from chain names (@johnf)
+ - Feature: Add partition-X chain (@johnf)
+ - Feature: Add cleanup functionality (@johnf)
+ - Chore: Update CLI arguments (@johnf)
+
+# 0.3.3 - 2012/05/02
+ - Bug: Split SNAT/DNAT partition rule generation into separate chains, so rules apply correctly (@johnf)
+ - Feature: Check that ript is being run as root (@arthurbarton)
+
+# 0.3.2 - 2012/04/25
+ - Feature: Add validation for duplicate partition names (@auxesis)
+ - Feature: Add validation for bad characters in partition names (@auxesis)
+ - Feature: Add validation for partition names longer than 12 characters (@auxesis)
+
+# 0.3.1 - 2012/04/24
+ - Feature: Add support for specifying multiple to addresses in a single accept/drop/reject definition (@auxesis)
+
+# 0.3.0 - 2012/04/23
+ - Feature: Attempt to suggest alternative method names when a user uses one that doesn't exist (@auxesis)
+ - Feature: Extend accept, reject, drop, log blocks in the DSL to handle interfaces, protocols, and ports (@auxesis)
+ - Feature: Allow ript to run against an arbitrary path or file to the relative path (@auxesis)
+ - Feature: Add logging support throughout the DSL (@auxesis)
+ - Chore: Rename 'address' to 'label' in the DSL, as that's what they are (@auxesis)
+ - Chore: Rename 'forward' to 'rewrite' in the DSL, to reduce terminology collisions (@auxesis)
+ - Chore: Add a test harness script for running ript + tests in an rbenv environment as root (@auxesis)
+
+# 0.2.0 - 2012/04/10
+ - Add support for SNAT rules (@auxesis)
+ - Split tests into more managable files (@auxesis)
+
+# 0.1.0 - 2012/03/26
+ - Add installation + development documentation. (@auxesis)
+ - Build a gem release. (@auxesis)
@@ -0,0 +1,4 @@
+#!/usr/bin/env ruby
+
+source :rubygems
+gemspec
@@ -0,0 +1,62 @@
+PATH
+ remote: .
+ specs:
+ ript (0.8.4)
+
+GEM
+ remote: http://rubygems.org/
+ specs:
+ arr-pm (0.0.7)
+ cabin (> 0)
+ aruba (0.3.5)
+ childprocess (>= 0.1.7)
+ cucumber (>= 0.10.0)
+ rspec (>= 2.5.0)
+ backports (2.3.0)
+ builder (3.0.0)
+ cabin (0.4.4)
+ json
+ childprocess (0.1.8)
+ ffi (~> 1.0.6)
+ clamp (0.3.1)
+ colorize (0.5.8)
+ cucumber (1.1.9)
+ builder (>= 2.1.2)
+ diff-lcs (>= 1.1.2)
+ gherkin (~> 2.9.0)
+ json (>= 1.4.6)
+ term-ansicolor (>= 1.0.6)
+ diff-lcs (1.1.3)
+ ffi (1.0.7)
+ rake (>= 0.8.7)
+ fpm (0.4.5)
+ arr-pm (~> 0.0.7)
+ backports (= 2.3.0)
+ cabin (~> 0.4.3)
+ clamp
+ json
+ gherkin (2.9.3)
+ json (>= 1.4.6)
+ json (1.6.6)
+ rake (0.8.7)
+ rspec (2.5.0)
+ rspec-core (~> 2.5.0)
+ rspec-expectations (~> 2.5.0)
+ rspec-mocks (~> 2.5.0)
+ rspec-core (2.5.1)
+ rspec-expectations (2.5.0)
+ diff-lcs (~> 1.1.2)
+ rspec-mocks (2.5.0)
+ term-ansicolor (1.0.7)
+
+PLATFORMS
+ ruby
+
+DEPENDENCIES
+ aruba
+ colorize
+ cucumber (>= 1.1.9)
+ fpm (>= 0.4.5)
+ rake
+ ript!
+ rspec
19 LICENCE
@@ -0,0 +1,19 @@
+Copyright 2011-2012 Bulletproof Networks. All rights reserved.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
+of the Software, and to permit persons to whom the Software is furnished to do
+so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
Oops, something went wrong.

0 comments on commit 08913b7

Please sign in to comment.