Sha256: db5a66bee20285dfdeac3a1cf6409bdcfa6ee36cc589140ab86855651a1a0ee9
Contents?: true
Size: 1.44 KB
Versions: 2
Compression:
Stored size: 1.44 KB
Contents
# -*- coding: utf-8 -*-
module Dcmgr
module VNet
module Tasks
# Disables instances from spoofing another mac address
class DropMacSpoofing < Task
include Dcmgr::VNet::Netfilter
attr_accessor :mac
attr_accessor :enable_logging
attr_accessor :log_prefix
def initialize(mac,enable_logging,log_prefix)
super()
self.mac = mac
self.enable_logging = enable_logging
self.log_prefix = log_prefix
# Prevent spoofing to the outside world
self.rules << EbtablesRule.new(:filter,:forward,:arp,:outgoing,"--protocol arp --arp-mac-src ! #{self.mac} #{EbtablesRule.log_arp(self.log_prefix) if self.enable_logging} -j DROP")
# Prevent spoofing to the host
self.rules << EbtablesRule.new(:filter,:input,:arp,:outgoing,"--protocol arp --arp-mac-src ! #{self.mac} #{EbtablesRule.log_arp(self.log_prefix) if self.enable_logging} -j DROP")
# Prevent spoofing from the outside world
self.rules << EbtablesRule.new(:filter,:forward,:arp,:incoming,"--protocol arp --arp-mac-dst ! #{self.mac} #{EbtablesRule.log_arp(self.log_prefix) if self.enable_logging} -j DROP")
# Prevent spoofing from the host
self.rules << EbtablesRule.new(:filter,:output,:arp,:incoming,"--protocol arp --arp-mac-dst ! #{self.mac} #{EbtablesRule.log_arp(self.log_prefix) if self.enable_logging} -j DROP")
end
end
end
end
end
Version data entries
2 entries across 2 versions & 2 rubygems
| Version | Path |
|---|---|
| wakame-vdc-agents-11.12.0 | lib/dcmgr/vnet/tasks/drop_mac_spoofing.rb |
| wakame-vdc-dcmgr-11.12.0 | lib/dcmgr/vnet/tasks/drop_mac_spoofing.rb |