File Coverage

lib/Rex/Resource/firewall/Provider/iptables.pm

Criterion	Covered	Total	%
statement	17	87	19.5
branch	0	74	0.0
condition	0	39	0.0
subroutine	6	10	60.0
pod	0	3	0.0
total	23	213	10.8

line	stmt	bran	cond	sub	pod	time	code
1							#
2							# (c) Jan Gehring
3							#
4
5							package Rex::Resource::firewall::Provider::iptables;
6
7	1			1		19	use v5.12.5;
	1					4
8	1			1		5	use warnings;
	1					2
	1					43
9
10							our $VERSION = '1.14.3'; # VERSION
11
12	1			1		6	use Rex::Commands::Iptables;
	1					3
	1					7
13	1			1		9	use Rex::Helper::Run;
	1					8
	1					67
14	1			1		5	use Data::Dumper;
	1					10
	1					73
15	1			1		10	use base qw(Rex::Resource::firewall::Provider::base);
	1					6
	1					1210
16
17							sub new {
18	0			0	0		my $that = shift;
19	0		0				my $proto = ref($that) \|\| $that;
20	0						my $self = $proto->SUPER::new(@_);
21
22	0						bless( $self, $proto );
23
24	0						return $self;
25							}
26
27							sub present {
28	0			0	0		my ( $self, $rule_config ) = @_;
29
30	0						my @iptables_rule = ();
31
32	0		0				$rule_config->{dport} \|\|= $rule_config->{port};
33	0		0				$rule_config->{proto} \|\|= 'tcp';
34	0		0				$rule_config->{chain} \|\|= 'INPUT';
35	0		0				$rule_config->{ip_version} \|\|= -4;
36
37	0	0	0				if ( $rule_config->{source}
			0
			0
38							&& $rule_config->{source} !~ m/\/(\d+)$/
39							&& $self->_version()->[0] >= 1
40							&& $self->_version()->[1] >= 4 )
41							{
42	0						$rule_config->{source} .= "/32";
43							}
44
45							push( @iptables_rule, t => $rule_config->{table} )
46	0	0					if ( defined $rule_config->{table} );
47							push( @iptables_rule, A => uc( $rule_config->{chain} ) )
48	0	0					if ( defined $rule_config->{chain} );
49							push( @iptables_rule, p => $rule_config->{proto} )
50	0	0					if ( defined $rule_config->{proto} );
51							push( @iptables_rule, m => $rule_config->{proto} )
52	0	0					if ( defined $rule_config->{proto} );
53							push( @iptables_rule, s => $rule_config->{source} )
54	0	0					if ( defined $rule_config->{source} );
55							push( @iptables_rule, d => $rule_config->{destination} )
56	0	0					if ( defined $rule_config->{destination} );
57							push( @iptables_rule, sport => $rule_config->{sport} )
58	0	0					if ( defined $rule_config->{sport} );
59							push( @iptables_rule, dport => $rule_config->{dport} )
60	0	0					if ( defined $rule_config->{dport} );
61							push( @iptables_rule, "tcp-flags" => $rule_config->{tcp_flags} )
62	0	0					if ( defined $rule_config->{tcp_flags} );
63							push( @iptables_rule, "i" => $rule_config->{iniface} )
64	0	0					if ( defined $rule_config->{iniface} );
65							push( @iptables_rule, "o" => $rule_config->{outiface} )
66	0	0					if ( defined $rule_config->{outiface} );
67							push( @iptables_rule, "reject-with" => $rule_config->{reject_with} )
68	0	0					if ( defined $rule_config->{reject_with} );
69							push( @iptables_rule, "log-level" => $rule_config->{log_level} )
70	0	0					if ( defined $rule_config->{log_level} );
71							push( @iptables_rule, "log-prefix" => $rule_config->{log_prefix} )
72	0	0					if ( defined $rule_config->{log_prefix} );
73							push( @iptables_rule, "state" => $rule_config->{state} )
74	0	0					if ( defined $rule_config->{state} );
75							push( @iptables_rule, j => uc( $rule_config->{action} ) )
76	0	0					if ( defined $rule_config->{action} );
77
78	0	0					if (
79							!Rex::Commands::Iptables::_rule_exists(
80							$rule_config->{ip_version},
81							@iptables_rule
82							)
83							)
84							{
85	0						iptables( $rule_config->{ip_version}, @iptables_rule );
86	0						return 1;
87							}
88
89	0						return 0;
90							}
91
92							sub absent {
93	0			0	0		my ( $self, $rule_config ) = @_;
94
95	0						my @iptables_rule = ();
96
97	0		0				$rule_config->{dport} \|\|= $rule_config->{port};
98	0		0				$rule_config->{proto} \|\|= 'tcp';
99	0		0				$rule_config->{chain} \|\|= 'INPUT';
100
101	0		0				$rule_config->{ip_version} \|\|= -4;
102
103	0	0	0				if ( $rule_config->{source}
			0
			0
104							&& $rule_config->{source} !~ m/\/(\d+)$/
105							&& $self->_version()->[0] >= 1
106							&& $self->_version()->[1] >= 4 )
107							{
108	0						$rule_config->{source} .= "/32";
109							}
110
111							push( @iptables_rule, t => $rule_config->{table} )
112	0	0					if ( defined $rule_config->{table} );
113							push( @iptables_rule, D => uc( $rule_config->{chain} ) )
114	0	0					if ( defined $rule_config->{chain} );
115							push( @iptables_rule, s => $rule_config->{source} )
116	0	0					if ( defined $rule_config->{source} );
117							push( @iptables_rule, p => $rule_config->{proto} )
118	0	0					if ( defined $rule_config->{proto} );
119							push( @iptables_rule, m => $rule_config->{proto} )
120	0	0					if ( defined $rule_config->{proto} );
121							push( @iptables_rule, d => $rule_config->{destination} )
122	0	0					if ( defined $rule_config->{destination} );
123							push( @iptables_rule, sport => $rule_config->{sport} )
124	0	0					if ( defined $rule_config->{sport} );
125							push( @iptables_rule, dport => $rule_config->{dport} )
126	0	0					if ( defined $rule_config->{dport} );
127							push( @iptables_rule, "tcp-flags" => $rule_config->{tcp_flags} )
128	0	0					if ( defined $rule_config->{tcp_flags} );
129							push( @iptables_rule, "i" => $rule_config->{iniface} )
130	0	0					if ( defined $rule_config->{iniface} );
131							push( @iptables_rule, "o" => $rule_config->{outiface} )
132	0	0					if ( defined $rule_config->{outiface} );
133							push( @iptables_rule, "reject-with" => $rule_config->{reject_with} )
134	0	0					if ( defined $rule_config->{reject_with} );
135							push( @iptables_rule, "log-level" => $rule_config->{log_level} )
136	0	0					if ( defined $rule_config->{log_level} );
137							push( @iptables_rule, "log-prefix" => $rule_config->{log_prefix} )
138	0	0					if ( defined $rule_config->{log_prefix} );
139							push( @iptables_rule, "state" => $rule_config->{state} )
140	0	0					if ( defined $rule_config->{state} );
141							push( @iptables_rule, j => uc( $rule_config->{action} ) )
142	0	0					if ( defined $rule_config->{action} );
143
144	0	0					if (
145							Rex::Commands::Iptables::_rule_exists(
146							$rule_config->{ip_version},
147							@iptables_rule
148							)
149							)
150							{
151	0						iptables( $rule_config->{ip_version}, @iptables_rule );
152	0						return 1;
153							}
154
155	0						return 0;
156							}
157
158							sub _version {
159	0			0			my ($self) = @_;
160	0	0					if ( exists $self->{__version__} ) { return $self->{__version__} }
	0
161
162	0						my $version = i_run "iptables --version", fail_ok => 1;
163	0						$version =~ s/^.*\sv(\d+\.\d+\.\d+)/$1/;
164
165	0						$self->{__version__} = [ split( /\./, $version ) ];
166
167							Rex::Logger::debug(
168	0						"Got iptables version: " . join( ", ", @{ $self->{__version__} } ) );
	0
169
170	0						return $self->{__version__};
171							}
172
173							1;