Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

Flush #10

Merged
merged 3 commits into from

3 participants

@johnf
Owner

Add flush report to ript directly. We leave the rake task in place for use by tests

@auxesis
Owner

:+1:

@auxesis
Owner

Thanks for the patches @johnf - looks good. Let's :ship:

@auxesis auxesis merged commit 538422a into bulletproofnetworks:master
@laminat0r
Owner

rocking. you guys are awesome

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
This page is out of date. Refresh to see the latest.
View
7 Gemfile.lock
@@ -1,7 +1,7 @@
PATH
remote: .
specs:
- ript (0.8.4)
+ ript (0.8.5)
GEM
remote: http://rubygems.org/
@@ -27,8 +27,7 @@ GEM
json (>= 1.4.6)
term-ansicolor (>= 1.0.6)
diff-lcs (1.1.3)
- ffi (1.0.7)
- rake (>= 0.8.7)
+ ffi (1.0.11)
fpm (0.4.5)
arr-pm (~> 0.0.7)
backports (= 2.3.0)
@@ -38,7 +37,7 @@ GEM
gherkin (2.9.3)
json (>= 1.4.6)
json (1.6.6)
- rake (0.8.7)
+ rake (10.1.0)
rspec (2.5.0)
rspec-core (~> 2.5.0)
rspec-expectations (~> 2.5.0)
View
30 bin/ript
@@ -127,6 +127,36 @@ if ARGV[0] == 'rules'
exit
end
+ if ARGV[1] == 'flush' then
+ output = <<-EOF
+ iptables --flush --table filter
+ iptables --delete-chain --table filter
+ iptables --table filter --policy INPUT ACCEPT
+ iptables --table filter --policy FORWARD ACCEPT
+ iptables --table filter --policy OUTPUT ACCEPT
+
+ # Clean NAT
+ iptables --flush --table nat
+ iptables --delete-chain --table nat
+ iptables --table nat --policy PREROUTING ACCEPT
+ iptables --table nat --policy POSTROUTING ACCEPT
+ iptables --table nat --policy OUTPUT ACCEPT
+
+ # Clean mangle
+ iptables --flush --table mangle
+ iptables --delete-chain --table mangle
+ iptables --table mangle --policy PREROUTING ACCEPT
+ iptables --table mangle --policy POSTROUTING ACCEPT
+ iptables --table mangle --policy INPUT ACCEPT
+ iptables --table mangle --policy FORWARD ACCEPT
+ iptables --table mangle --policy OUTPUT ACCEPT
+ EOF
+ tempfile = Tempfile.open("ript-apply-#{Time.now.to_i}") {|f| f << output}
+ puts "#{output}"
+ system("sh -e #{tempfile.path}")
+ exit
+ end
+
if ARGV[1] == 'save' then
system('/sbin/iptables-save')
exit
View
29 features/cli.feature
@@ -113,3 +113,32 @@ Feature: Ript cli utility
:OUTPUT ACCEPT \[\d+:\d+\]
COMMIT
"""
+
+ @sudo @timeout-10
+ Scenario: Flush rules
+ Given I have no iptables rules loaded
+ When I run `ript rules flush`
+ Then the output from "ript rules flush" should match:
+ """
+ iptables --flush --table filter
+ iptables --delete-chain --table filter
+ iptables --table filter --policy INPUT ACCEPT
+ iptables --table filter --policy FORWARD ACCEPT
+ iptables --table filter --policy OUTPUT ACCEPT
+
+ # Clean NAT
+ iptables --flush --table nat
+ iptables --delete-chain --table nat
+ iptables --table nat --policy PREROUTING ACCEPT
+ iptables --table nat --policy POSTROUTING ACCEPT
+ iptables --table nat --policy OUTPUT ACCEPT
+
+ # Clean mangle
+ iptables --flush --table mangle
+ iptables --delete-chain --table mangle
+ iptables --table mangle --policy PREROUTING ACCEPT
+ iptables --table mangle --policy POSTROUTING ACCEPT
+ iptables --table mangle --policy INPUT ACCEPT
+ iptables --table mangle --policy FORWARD ACCEPT
+ iptables --table mangle --policy OUTPUT ACCEPT
+ """
View
1  features/step_definitions/example_steps.rb
@@ -18,6 +18,7 @@
next if line.size == 0
next if line =~ /--(new-chain|jump) partition-/
next if line =~ /--(new-chain|jump) ript_bootstrap-/
+ next if line =~ /^\(in \/.*\)$/ # Exclude rake output from clean_slate
line.should match(%r{(^\# #{@chain_name})|(#{@chain_names.join('|')})}) if line !~ /LOG/
end
Something went wrong with that request. Please try again.