Module: Mt::Wall::DSL::PolicyScope

Included in:: DeviceBuilder, RootBuilder

Defined in:: lib/mt/wall/dsl/policy_scope.rb

Overview

The ‘policy` verb: the default action for a firewall chain (its trailing rule). Shared by RootBuilder (global defaults) and DeviceBuilder (per-device overrides), so the same syntax works in both scopes.

policy :forward, :drop
policy :forward, :drop, log: true, log_prefix: "fwd-drop"

‘log:`/`log_prefix:` log packets hitting the chain default; `disabled:` keeps the default-policy rule in git but inactive. These are rule attributes (excluded from the identity tag).

Includers MUST provide the storage hook:

#record_policy(Model::Policy)

Instance Method Summary collapse

#policy(chain, action, comment: nil, **flags) ⇒ void

Instance Method Details

#policy(chain, action, comment: nil, **flags) ⇒ `void`

This method returns an undefined value.

Parameters:

chain (Symbol) —

:input, :forward or :output
action (Symbol) —

:accept or :drop

# File 'lib/mt/wall/dsl/policy_scope.rb', line 23

def policy(chain, action, comment: nil, **flags)
  record_policy(Model::Policy.new(chain: Validators.validate_chain!(chain),
                                  action: Validators.validate_policy_action!(action),
                                  comment: comment, **Validators.rule_flags(**flags)))
end

Module: Mt::Wall::DSL::PolicyScope

Overview

Instance Method Summary collapse

Instance Method Details

#policy(chain, action, comment: nil, **flags) ⇒ void

#policy(chain, action, comment: nil, **flags) ⇒ `void`