-
Notifications
You must be signed in to change notification settings - Fork 9
Fixing multiple issues #22
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
Have this gem on Trusty and Xenial boxes which are running ruby 2.3.0 and 1.9.3 respectively. Once the protocol issue was corrected the iptables rule output was identical on both hosts. |
@@ -80,7 +79,6 @@ def build_rule(name, block, opts={}) | |||
to_address = @labels[to][:address] | |||
|
|||
attributes = { | |||
"table" => "filter", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What's the reasoning behind omitting the table attribute?
The original reason it was included was to be explicit about what rules are being generated, and thus future proof Ript. If the future behaviour of iptables changes, and the filter table is no longer the default table, then Ript will silently break.
Bonus: if you add this attribute back back, your PR will be way smaller because you won't have to modify all the tests.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
filter is not understood on xenial, jump on a xenial box and try do iptables with --filter fail
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are you sure?
root@ubuntu-512mb-sfo1-01:~# iptables --table filter --new-chain basic-a
root@ubuntu-512mb-sfo1-01:~# iptables --table filter -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain basic-a (0 references)
target prot opt source destination
root@ubuntu-512mb-sfo1-01:~# cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=16.04
DISTRIB_CODENAME=xenial
DISTRIB_DESCRIPTION="Ubuntu 16.04.1 LTS"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What kernel?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
root@ubuntu-512mb-sfo1-01:~# uname -a
Linux ubuntu-512mb-sfo1-01 4.4.0-47-generic #68-Ubuntu SMP Wed Oct 26 19:39:52 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you have the filter module loaded into your kernel?
root@ubuntu-512mb-sfo1-01:~# lsmod |grep filter
iptable_filter 16384 1
ip_tables 24576 1 iptable_filter
x_tables 36864 2 ip_tables,iptable_filter
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes sir, I think we have hit a weird bug in iptables somewhere Ill add the filter back in and post the results..
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🎉
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Adding it back we just realised what it was :| the template manifest had an invalid protocol in it so it was crapping out isiss != isis :(
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Will fix the test in the morning
@@ -7,8 +7,8 @@ Gem::Specification.new do |s| | |||
s.name = "ript" | |||
s.version = Ript::VERSION | |||
s.platform = Gem::Platform::RUBY | |||
s.authors = [ "Lindsay Holmwood" ] | |||
s.email = [ "lindsay@bulletproof.net" ] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would recommend updating AUTHORS.md
and explaining what foundation@bulletproof.net
is.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for adding the bit to AUTHORS.md
!
|
||
Inspiration given by: | ||
|
||
Matt Moor (@mattm0) | ||
|
||
Ript is copyright Bulletproof Networks 2011-2012, all rights reserved. | ||
Contact: | ||
foundation@bulletproof.net will send an email to the development team wihtibn Bulletproof Networks, any issues should be raised via Github. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
s/wihtibn/within/
s/Github/GitHub/
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM 👍
Not a show stopper but would recommend running this through a linter as there are a few stylistic things that wouldn't pass our style guide.
Minor things like the use of double quotes etc.
|
||
It is also recommended that you use [rbenv](http://rbenv.org/). | ||
|
||
``` bash | ||
rbenv install 1.9.3-p484 | ||
rbenv install 2.3.0 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if the ruby-version is set to 1.9.3-p125, why install 2.3.1?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@mfsgr I fix that now
after = self.dup.drop_while {|k, v| k != key } | ||
before << opts.to_a.flatten | ||
self.clear.merge!(Hash[before]).merge!(Hash[after]) | ||
def insert_before(key, kvpair) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nice 👍
Tests are passing again! |
As for the styling, I will do this on 0.8.9 |
Support for 0.8.8 and Ruby 2 Documentation updates Ensure protocol actually exists Change author to Bulletproof Fix tests Add some authors I need to fix the tests again Update filter.rb Fix tests Change ruby version Cleanup Update filter.rb Final release
@@ -8,9 +8,14 @@ Patches have been merged from: | |||
Arthur Barton (@arthurbarton) | |||
John Ferlito (@johnf) | |||
Jesse Reynolds (@jessereynolds) | |||
Michael Baker (@elmobp) | |||
Greg Cockburn (gergnz) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
missing @?
# 0.8.8 - 2016/12/02 | ||
- Bug: Support for an array of protocols (@elmobp) | ||
- Bug: Support Ruby 2.0+ (@elmobp) | ||
- Feature: Protocol validation using /etc/protocols, by adding this support in the validation ensures many ohter parts of the software performed correctly (@elmobp) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
s/ohter/other/
|
||
GEM | ||
remote: https://rubygems.org/ | ||
remote: http://rubygems.org/ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why did we go t F438 o http instead of https?
@@ -1,4 +1,4 @@ | |||
Copyright 2011-2012 Bulletproof Networks. All rights reserved. | |||
Copyright 2011-2012 Bulletproof Networks. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are we actually Bulletproof Networks?, We should probably use "Bulletproof Group Ltd"
@@ -121,26 +119,44 @@ def build_rule(name, block, opts={}) | |||
end | |||
|
|||
# If we have arguments, iterate through them | |||
if arguments.size > 0 | |||
if arguments.size > 0 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
white space at the end.
@@ -57,7 +57,7 @@ def rewrite(name, opts={}, &block) | |||
"jump" => "ACCEPT" } | |||
|
|||
@froms.map {|from| @labels[from][:address]}.each do |address| | |||
attributes.insert_before("destination", "source" => address) | |||
attributes.insert_before("destination", [ "source", address ]) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
extra space in array.
@@ -113,7 +113,7 @@ def rewrite(name, opts={}, &block) | |||
"dport" => destination_port, | |||
"jump" => "ACCEPT" } | |||
|
|||
attributes.insert_before("destination", "source" => from_address) unless from_address == "0.0.0.0/0" | |||
attributes.insert_before("destination", [ "source", from_address ]) unless from_address == "0.0.0.0/0" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
extra space in array.
@@ -136,7 +136,7 @@ def rewrite(name, opts={}, &block) | |||
"dport" => port, | |||
"jump" => "ACCEPT" } | |||
|
|||
attributes.insert_before("destination", "source" => from_address) unless from_address == "0.0.0.0/0" | |||
attributes.insert_before("destination", [ "source" , from_address ]) unless from_address == "0.0.0.0/0" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
extra space in array.
@@ -7,8 +7,8 @@ Gem::Specification.new do |s| | |||
s.name = "ript" | |||
s.version = Ript::VERSION | |||
s.platform = Gem::Platform::RUBY | |||
s.authors = [ "Lindsay Holmwood" ] | |||
s.email = [ "lindsay@bulletproof.net" ] | |||
s.authors = [ "Bulletproof Networks" ] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Bulletproof Group Ltd
Support for Ruby 2.0+ (Xenial!!)
Add support for array's in protocols
Check protocols to ensure they are valid
Adjust tests to suit
Bump to 0.8.8