Module: Mt::Wall::Model

Defined in:

lib/mt/wall/model/rule.rb,
lib/mt/wall/model/group.rb,
lib/mt/wall/model/device.rb,
lib/mt/wall/model/policy.rb,
lib/mt/wall/model/service.rb,
lib/mt/wall/model/nat_rule.rb,
lib/mt/wall/model/filter_rule.rb,
lib/mt/wall/model/address_object.rb

Defined Under Namespace

Classes: AddressObject, Device, FilterRule, Group, NatRule, Policy, Rule, Service

Instance Attribute Summary

• #addresses ⇒ Object readonly

  IPv4/IPv6 addresses, CIDR subnets or IP ranges.

• #comment ⇒ Object readonly

  optional human-readable note.

• #destination ⇒ Object readonly

  name of the destination object/group.

• #filter_rules ⇒ Object readonly

  the box’s own input/output/forward rules.

• #host ⇒ Object readonly

  hostname / IP of the router.

• #log_prefix ⇒ Object readonly

  optional log-prefix label.

• #management ⇒ Object readonly

  explicit mgmt-protect specs { src:, service:, port: }.

• #members ⇒ Object readonly

  names of objects and/or groups.

• #name ⇒ Object readonly

  unique object name / address-list name.

• #nat_rules ⇒ Object readonly

  the box’s own srcnat/dstnat rules (IPv4-only, v1).

• #policies ⇒ Object readonly

  per-device chain-default overrides.

• #ports ⇒ Object readonly

  destination ports / ranges (empty = portless).

• #protocols ⇒ Object readonly

  one or more protocols (:tcp, :udp, …).

• #service ⇒ Object readonly

  name of a Service, or nil for any.

• #source ⇒ Object readonly

  name of the source object/group.

• #to_addresses ⇒ Object readonly

  IPv4 translation target address(es).

• #to_ports ⇒ Object readonly

  translation target port(s).

Instance Method Summary

• #action(value) ⇒ Object

  :accept, :drop or :reject.

• #chain(value) ⇒ Object

  :input, :output or :forward.

• #disabled(value) ⇒ Object

  keep the rule but inactive (disabled=yes).

• #family(value) ⇒ Object

  :ip4, :ip6 or nil (both families).

• #log(value) ⇒ Object

  log matched packets (RouterOS log=yes).

• #match(value) ⇒ Object

  native match conditions (see above).

• #options(value) ⇒ Object

  non-secret transport options (port, verify_tls, …).

• #transport(value) ⇒ Object

  transport adapter key (e.g. :rest_api, :rsc).

Instance Attribute Details

#addresses ⇒ Object (readonly)

IPv4/IPv6 addresses, CIDR subnets or IP ranges

# File 'lib/mt/wall/model/address_object.rb', line 28

AddressObject = Data.define(:name, :addresses, :comment) do
  def initialize(name:, addresses: [], comment: nil)
    super(name: name, addresses: Array(addresses), comment: comment)
  end
end

#comment ⇒ Object (readonly)

optional human-readable note

# File 'lib/mt/wall/model/rule.rb', line 42

Rule = Data.define(:source, :destination, :service, :action, :comment, :log, :log_prefix, :disabled) do
  def initialize(source:, destination:, action:, service: nil, comment: nil,
                 log: false, log_prefix: nil, disabled: false)
    super
  end
end

#destination ⇒ Object (readonly)

name of the destination object/group

# File 'lib/mt/wall/model/rule.rb', line 42

Rule = Data.define(:source, :destination, :service, :action, :comment, :log, :log_prefix, :disabled) do
  def initialize(source:, destination:, action:, service: nil, comment: nil,
                 log: false, log_prefix: nil, disabled: false)
    super
  end
end

#filter_rules ⇒ Object (readonly)

the box’s own input/output/forward rules

# File 'lib/mt/wall/model/device.rb', line 43

Device = Data.define(:name, :host, :transport, :policies, :filter_rules, :nat_rules,
                     :management, :options) do
  def initialize(name:, host:, transport: :rest_api, policies: [], filter_rules: [],
                 nat_rules: [], management: [], options: {})
    super(name: name, host: host, transport: transport,
          policies: Array(policies), filter_rules: Array(filter_rules),
          nat_rules: Array(nat_rules), management: Array(management), options: options)
  end
end

#host ⇒ Object (readonly)

hostname / IP of the router

# File 'lib/mt/wall/model/device.rb', line 43

Device = Data.define(:name, :host, :transport, :policies, :filter_rules, :nat_rules,
                     :management, :options) do
  def initialize(name:, host:, transport: :rest_api, policies: [], filter_rules: [],
                 nat_rules: [], management: [], options: {})
    super(name: name, host: host, transport: transport,
          policies: Array(policies), filter_rules: Array(filter_rules),
          nat_rules: Array(nat_rules), management: Array(management), options: options)
  end
end

#log_prefix ⇒ Object (readonly)

optional log-prefix label

# File 'lib/mt/wall/model/rule.rb', line 42

Rule = Data.define(:source, :destination, :service, :action, :comment, :log, :log_prefix, :disabled) do
  def initialize(source:, destination:, action:, service: nil, comment: nil,
                 log: false, log_prefix: nil, disabled: false)
    super
  end
end

#management ⇒ Object (readonly)

explicit mgmt-protect specs { src:, service:, port: }

# File 'lib/mt/wall/model/device.rb', line 43

Device = Data.define(:name, :host, :transport, :policies, :filter_rules, :nat_rules,
                     :management, :options) do
  def initialize(name:, host:, transport: :rest_api, policies: [], filter_rules: [],
                 nat_rules: [], management: [], options: {})
    super(name: name, host: host, transport: transport,
          policies: Array(policies), filter_rules: Array(filter_rules),
          nat_rules: Array(nat_rules), management: Array(management), options: options)
  end
end

#members ⇒ Object (readonly)

names of objects and/or groups

# File 'lib/mt/wall/model/group.rb', line 20

Group = Data.define(:name, :members, :comment) do # rubocop:disable Lint/DataDefineOverride
  def initialize(name:, members: [], comment: nil)
    super(name: name, members: Array(members), comment: comment)
  end
end

#name ⇒ Object (readonly)

unique object name / address-list name

# File 'lib/mt/wall/model/group.rb', line 20

Group = Data.define(:name, :members, :comment) do # rubocop:disable Lint/DataDefineOverride
  def initialize(name:, members: [], comment: nil)
    super(name: name, members: Array(members), comment: comment)
  end
end

#nat_rules ⇒ Object (readonly)

the box’s own srcnat/dstnat rules (IPv4-only, v1)

# File 'lib/mt/wall/model/device.rb', line 43

Device = Data.define(:name, :host, :transport, :policies, :filter_rules, :nat_rules,
                     :management, :options) do
  def initialize(name:, host:, transport: :rest_api, policies: [], filter_rules: [],
                 nat_rules: [], management: [], options: {})
    super(name: name, host: host, transport: transport,
          policies: Array(policies), filter_rules: Array(filter_rules),
          nat_rules: Array(nat_rules), management: Array(management), options: options)
  end
end

#policies ⇒ Object (readonly)

per-device chain-default overrides

# File 'lib/mt/wall/model/device.rb', line 43

Device = Data.define(:name, :host, :transport, :policies, :filter_rules, :nat_rules,
                     :management, :options) do
  def initialize(name:, host:, transport: :rest_api, policies: [], filter_rules: [],
                 nat_rules: [], management: [], options: {})
    super(name: name, host: host, transport: transport,
          policies: Array(policies), filter_rules: Array(filter_rules),
          nat_rules: Array(nat_rules), management: Array(management), options: options)
  end
end

#ports ⇒ Object (readonly)

destination ports / ranges (empty = portless)

# File 'lib/mt/wall/model/service.rb', line 25

Service = Data.define(:name, :protocols, :ports) do
  def initialize(name:, protocol: nil, protocols: nil, ports: [])
    list = protocols || protocol
    # A Range is a single port-spec value — wrap it so Array() does not
    # explode it into discrete integers (we want `dst-port=8000-8100`).
    port_list = ports.is_a?(Range) ? [ports] : Array(ports)
    super(name: name, protocols: Array(list), ports: port_list)
  end

  # Backward-compatible single-protocol reader: the first declared protocol.
  # @return [Symbol, nil]
  def protocol
    protocols.first
  end
end

#protocols ⇒ Object (readonly)

one or more protocols (:tcp, :udp, …)

# File 'lib/mt/wall/model/service.rb', line 25

Service = Data.define(:name, :protocols, :ports) do
  def initialize(name:, protocol: nil, protocols: nil, ports: [])
    list = protocols || protocol
    # A Range is a single port-spec value — wrap it so Array() does not
    # explode it into discrete integers (we want `dst-port=8000-8100`).
    port_list = ports.is_a?(Range) ? [ports] : Array(ports)
    super(name: name, protocols: Array(list), ports: port_list)
  end

  # Backward-compatible single-protocol reader: the first declared protocol.
  # @return [Symbol, nil]
  def protocol
    protocols.first
  end
end

#service ⇒ Object (readonly)

name of a Service, or nil for any

# File 'lib/mt/wall/model/rule.rb', line 42

Rule = Data.define(:source, :destination, :service, :action, :comment, :log, :log_prefix, :disabled) do
  def initialize(source:, destination:, action:, service: nil, comment: nil,
                 log: false, log_prefix: nil, disabled: false)
    super
  end
end

#source ⇒ Object (readonly)

name of the source object/group

# File 'lib/mt/wall/model/rule.rb', line 42

Rule = Data.define(:source, :destination, :service, :action, :comment, :log, :log_prefix, :disabled) do
  def initialize(source:, destination:, action:, service: nil, comment: nil,
                 log: false, log_prefix: nil, disabled: false)
    super
  end
end

#to_addresses ⇒ Object (readonly)

IPv4 translation target address(es)

# File 'lib/mt/wall/model/nat_rule.rb', line 41

NatRule = Data.define(:chain, :action, :match, :to_addresses, :to_ports, :comment) do
  def initialize(chain:, action:, match: {}, to_addresses: [], to_ports: nil, comment: nil)
    super(chain: chain, action: action, match: match,
          to_addresses: Array(to_addresses), to_ports: to_ports, comment: comment)
  end
end

#to_ports ⇒ Object (readonly)

translation target port(s)

# File 'lib/mt/wall/model/nat_rule.rb', line 41

NatRule = Data.define(:chain, :action, :match, :to_addresses, :to_ports, :comment) do
  def initialize(chain:, action:, match: {}, to_addresses: [], to_ports: nil, comment: nil)
    super(chain: chain, action: action, match: match,
          to_addresses: Array(to_addresses), to_ports: to_ports, comment: comment)
  end
end

Instance Method Details

#action=(value) ⇒ Object

:accept, :drop or :reject

# File 'lib/mt/wall/model/rule.rb', line 42

Rule = Data.define(:source, :destination, :service, :action, :comment, :log, :log_prefix, :disabled) do
  def initialize(source:, destination:, action:, service: nil, comment: nil,
                 log: false, log_prefix: nil, disabled: false)
    super
  end
end

#chain=(value) ⇒ Object

:input, :output or :forward

# File 'lib/mt/wall/model/policy.rb', line 20

Policy = Data.define(:chain, :action, :comment, :log, :log_prefix, :disabled) do
  def initialize(chain:, action:, comment: nil, log: false, log_prefix: nil, disabled: false)
    super
  end
end

#disabled=(value) ⇒ Object

keep the rule but inactive (disabled=yes)

# File 'lib/mt/wall/model/rule.rb', line 42

Rule = Data.define(:source, :destination, :service, :action, :comment, :log, :log_prefix, :disabled) do
  def initialize(source:, destination:, action:, service: nil, comment: nil,
                 log: false, log_prefix: nil, disabled: false)
    super
  end
end

#family=(value) ⇒ Object

:ip4, :ip6 or nil (both families)

# File 'lib/mt/wall/model/filter_rule.rb', line 58

FilterRule = Data.define(:chain, :action, :match, :family, :comment, :log, :log_prefix, :disabled) do
  def initialize(chain:, action:, match: {}, family: nil, comment: nil,
                 log: false, log_prefix: nil, disabled: false)
    super
  end
end

#log=(value) ⇒ Object

log matched packets (RouterOS log=yes)

# File 'lib/mt/wall/model/rule.rb', line 42

Rule = Data.define(:source, :destination, :service, :action, :comment, :log, :log_prefix, :disabled) do
  def initialize(source:, destination:, action:, service: nil, comment: nil,
                 log: false, log_prefix: nil, disabled: false)
    super
  end
end

#match=(value) ⇒ Object

native match conditions (see above)

# File 'lib/mt/wall/model/nat_rule.rb', line 41

NatRule = Data.define(:chain, :action, :match, :to_addresses, :to_ports, :comment) do
  def initialize(chain:, action:, match: {}, to_addresses: [], to_ports: nil, comment: nil)
    super(chain: chain, action: action, match: match,
          to_addresses: Array(to_addresses), to_ports: to_ports, comment: comment)
  end
end

#options=(value) ⇒ Object

non-secret transport options (port, verify_tls, …)

# File 'lib/mt/wall/model/device.rb', line 43

Device = Data.define(:name, :host, :transport, :policies, :filter_rules, :nat_rules,
                     :management, :options) do
  def initialize(name:, host:, transport: :rest_api, policies: [], filter_rules: [],
                 nat_rules: [], management: [], options: {})
    super(name: name, host: host, transport: transport,
          policies: Array(policies), filter_rules: Array(filter_rules),
          nat_rules: Array(nat_rules), management: Array(management), options: options)
  end
end

#transport=(value) ⇒ Object

transport adapter key (e.g. :rest_api, :rsc)

# File 'lib/mt/wall/model/device.rb', line 43

Device = Data.define(:name, :host, :transport, :policies, :filter_rules, :nat_rules,
                     :management, :options) do
  def initialize(name:, host:, transport: :rest_api, policies: [], filter_rules: [],
                 nat_rules: [], management: [], options: {})
    super(name: name, host: host, transport: transport,
          policies: Array(policies), filter_rules: Array(filter_rules),
          nat_rules: Array(nat_rules), management: Array(management), options: options)
  end
end