Permalink
Browse files

Merge branch 'master' of github.com:bulletproofnetworks/ript

  • Loading branch information...
auxesis committed Oct 17, 2013
2 parents eec0334 + 538422a commit eb579440f60952875336024a046c2c29471ac83b
Showing with 63 additions and 4 deletions.
  1. +3 −4 Gemfile.lock
  2. +30 −0 bin/ript
  3. +29 −0 features/cli.feature
  4. +1 −0 features/step_definitions/example_steps.rb
View
@@ -1,7 +1,7 @@
PATH
remote: .
specs:
- ript (0.8.4)
+ ript (0.8.5)
GEM
remote: http://rubygems.org/
@@ -27,8 +27,7 @@ GEM
json (>= 1.4.6)
term-ansicolor (>= 1.0.6)
diff-lcs (1.1.3)
- ffi (1.0.7)
- rake (>= 0.8.7)
+ ffi (1.0.11)
fpm (0.4.5)
arr-pm (~> 0.0.7)
backports (= 2.3.0)
@@ -38,7 +37,7 @@ GEM
gherkin (2.9.3)
json (>= 1.4.6)
json (1.6.6)
- rake (0.8.7)
+ rake (10.1.0)
rspec (2.5.0)
rspec-core (~> 2.5.0)
rspec-expectations (~> 2.5.0)
View
@@ -127,6 +127,36 @@ if ARGV[0] == 'rules'
exit
end
+ if ARGV[1] == 'flush' then
+ output = <<-EOF
+ iptables --flush --table filter
+ iptables --delete-chain --table filter
+ iptables --table filter --policy INPUT ACCEPT
+ iptables --table filter --policy FORWARD ACCEPT
+ iptables --table filter --policy OUTPUT ACCEPT
+
+ # Clean NAT
+ iptables --flush --table nat
+ iptables --delete-chain --table nat
+ iptables --table nat --policy PREROUTING ACCEPT
+ iptables --table nat --policy POSTROUTING ACCEPT
+ iptables --table nat --policy OUTPUT ACCEPT
+
+ # Clean mangle
+ iptables --flush --table mangle
+ iptables --delete-chain --table mangle
+ iptables --table mangle --policy PREROUTING ACCEPT
+ iptables --table mangle --policy POSTROUTING ACCEPT
+ iptables --table mangle --policy INPUT ACCEPT
+ iptables --table mangle --policy FORWARD ACCEPT
+ iptables --table mangle --policy OUTPUT ACCEPT
+ EOF
+ tempfile = Tempfile.open("ript-apply-#{Time.now.to_i}") {|f| f << output}
+ puts "#{output}"
+ system("sh -e #{tempfile.path}")
+ exit
+ end
+
if ARGV[1] == 'save' then
system('/sbin/iptables-save')
exit
View
@@ -113,3 +113,32 @@ Feature: Ript cli utility
:OUTPUT ACCEPT \[\d+:\d+\]
COMMIT
"""
+
+ @sudo @timeout-10
+ Scenario: Flush rules
+ Given I have no iptables rules loaded
+ When I run `ript rules flush`
+ Then the output from "ript rules flush" should match:
+ """
+ iptables --flush --table filter
+ iptables --delete-chain --table filter
+ iptables --table filter --policy INPUT ACCEPT
+ iptables --table filter --policy FORWARD ACCEPT
+ iptables --table filter --policy OUTPUT ACCEPT
+
+ # Clean NAT
+ iptables --flush --table nat
+ iptables --delete-chain --table nat
+ iptables --table nat --policy PREROUTING ACCEPT
+ iptables --table nat --policy POSTROUTING ACCEPT
+ iptables --table nat --policy OUTPUT ACCEPT
+
+ # Clean mangle
+ iptables --flush --table mangle
+ iptables --delete-chain --table mangle
+ iptables --table mangle --policy PREROUTING ACCEPT
+ iptables --table mangle --policy POSTROUTING ACCEPT
+ iptables --table mangle --policy INPUT ACCEPT
+ iptables --table mangle --policy FORWARD ACCEPT
+ iptables --table mangle --policy OUTPUT ACCEPT
+ """
@@ -18,6 +18,7 @@
next if line.size == 0
next if line =~ /--(new-chain|jump) partition-/
next if line =~ /--(new-chain|jump) ript_bootstrap-/
+ next if line =~ /^\(in \/.*\)$/ # Exclude rake output from clean_slate
line.should match(%r{(^\# #{@chain_name})|(#{@chain_names.join('|')})}) if line !~ /LOG/
end

0 comments on commit eb57944

Please sign in to comment.