module PacketThief::Impl::Netfilter::IPTablesRuleHandler

Manages IPTablesRules. It actually runs the rule, and it tracks the rule so it can be deleted later.

Attributes

active_rules[RW]

Public Instance Methods

revert() click to toggle source

Reverts all executed rules that this handler knows about.

# File lib/packetthief/impl/netfilter.rb, line 39
def revert
  return if @active_rules == nil or @active_rules.empty?

  @active_rules.each do |rule|
    args = ['/sbin/iptables', '-t', rule.table, '-D', rule.chain]
    args.concat rule.to_netfilter_command

    unless system(*args)
      raise "Command #{args.inspect} exited with error code #{$?.inspect}"
    end
  end

  @active_rules = []
end

run(rule) click to toggle source

Executes a rule and holds onto it for later removal.

# File lib/packetthief/impl/netfilter.rb, line 24
def run(rule)
  @active_rules ||= []

  args = ['/sbin/iptables', '-t', rule.table, '-A', rule.chain]

  args.concat rule.to_netfilter_command

  unless system(*args)
    raise "Command #{args.inspect} exited with error code #{$?.inspect}"
  end

  @active_rules << rule
end