Sha256: 153029a70a720e0025c95e59550ee8c01b14b4b71fc01d69bc1464ba96ccc6a8
Contents?: true
Size: 1.47 KB
Versions: 2
Compression:
Stored size: 1.47 KB
Contents
# -*- coding: utf-8 -*-
module Dcmgr
module VNet
module Tasks
# Disable instances from spoofing another ip address
class DropIpSpoofing < Task
include Dcmgr::VNet::Netfilter
attr_accessor :ip
attr_accessor :enable_logging
attr_accessor :log_prefix
def initialize(ip,enable_logging,log_prefix)
super()
self.ip = ip
self.enable_logging = enable_logging
self.log_prefix = log_prefix
# Prevent spoofing to the outside world
self.rules << EbtablesRule.new(:filter,:forward,:arp,:outgoing,"--protocol arp --arp-ip-src ! #{self.ip} #{EbtablesRule.log_arp(self.log_prefix) if self.enable_logging} -j DROP")
# Prevent spoofing to the host
self.rules << EbtablesRule.new(:filter,:input,:arp,:outgoing,"--protocol arp --arp-ip-src ! #{self.ip} #{EbtablesRule.log_arp(self.log_prefix) if self.enable_logging} -j DROP")
# Prevent the outside world from spoofing to the instance
self.rules << EbtablesRule.new(:filter,:forward,:arp,:incoming,"--protocol arp --arp-ip-dst ! #{self.ip} #{EbtablesRule.log_arp(self.log_prefix) if self.enable_logging} -j DROP")
# Prevent the host from spoofing to the instance
self.rules << EbtablesRule.new(:filter,:output,:arp,:incoming,"--protocol arp --arp-ip-dst ! #{self.ip} #{EbtablesRule.log_arp(self.log_prefix) if self.enable_logging} -j DROP")
end
end
end
end
end
Version data entries
2 entries across 2 versions & 2 rubygems
| Version | Path |
|---|---|
| wakame-vdc-agents-11.12.0 | lib/dcmgr/vnet/tasks/drop_ip_spoofing.rb |
| wakame-vdc-dcmgr-11.12.0 | lib/dcmgr/vnet/tasks/drop_ip_spoofing.rb |