Class: Mt::Wall::Model::Rule

Inherits:

Data

• Object
• Data
• Mt::Wall::Model::Rule

Defined in:

lib/mt/wall/model/rule.rb

Overview

An access grant between two objects/groups (Layer A — abstract, device-agnostic). Compiles to one or more ‘/ip firewall filter` rules using `src-address-list` / `dst-address-list` (and protocol/dst-port when a service is given).

DUAL-STACK: because endpoints may hold a mix of IPv4 and IPv6 addresses, ONE abstract grant compiles to a v4 filter rule for the endpoints’ v4 members AND a v6 filter rule for their v6 members. A family with no overlap simply yields no rule for THAT family. But a grant that yields NO rule in EITHER family (e.g. a v4-only source paired with a v6-only destination) FAILS FAST with ConfigurationError in the Compiler — it never silently produces nothing. Family selection happens entirely in the Compiler; the grant itself never names a family.

RULE IDENTITY: the concrete rule this grant compiles to is tagged with a deterministic, CONTENT-ONLY ‘mt-wall:<stable-hash>` identity in its RouterOS `comment` (chain + normalized match + action + src/dst list references; position EXCLUDED — see Model::FilterRule and the Compiler). Diff/Plan match desired vs. current rules by that tag, NOT by the device-assigned `.id`; ordering is handled separately by the Plan (:move + Operation#position). `comment` below is the OPERATOR’s human-readable note, kept distinct from (and merged alongside) the machine identity tag at compile time.

RULE-LEVEL ATTRIBUTES (NOT match conditions): ‘log` / `log_prefix` and `disabled` are excluded from the content-only identity tag, exactly as on Model::FilterRule — toggling them is an in-place :update, not a churn.

Instance Attribute Summary

• #action ⇒ Object readonly

  Returns the value of attribute action.

• #comment ⇒ Object readonly

  Returns the value of attribute comment.

• #destination ⇒ Object readonly

  Returns the value of attribute destination.

• #disabled ⇒ Object readonly

  Returns the value of attribute disabled.

• #log ⇒ Object readonly

  Returns the value of attribute log.

• #log_prefix ⇒ Object readonly

  Returns the value of attribute log_prefix.

• #service ⇒ Object readonly

  Returns the value of attribute service.

• #source ⇒ Object readonly

  Returns the value of attribute source.

Instance Method Summary

• #action(value) ⇒ Object readonly

  :accept or :drop.

• #disabled(value) ⇒ Object readonly

  keep the grant but inactive (disabled=yes).

• #initialize(source:, destination:, action:, service: nil, comment: nil, log: false, log_prefix: nil, disabled: false) ⇒ Rule constructor

  A new instance of Rule.

• #log(value) ⇒ Object readonly

  log matched packets (RouterOS log=yes).

Constructor Details

#initialize(source:, destination:, action:, service: nil, comment: nil, log: false, log_prefix: nil, disabled: false) ⇒ Rule

Returns a new instance of Rule.

# File 'lib/mt/wall/model/rule.rb', line 43

def initialize(source:, destination:, action:, service: nil, comment: nil,
               log: false, log_prefix: nil, disabled: false)
  super
end

Instance Attribute Details

#action ⇒ Object (readonly)

Returns the value of attribute action

Returns:

• (Object) —

  the current value of action

# File 'lib/mt/wall/model/rule.rb', line 42

def action
  @action
end

#comment ⇒ Object (readonly)

Returns the value of attribute comment

Returns:

• (Object) —

  the current value of comment

# File 'lib/mt/wall/model/rule.rb', line 42

Rule = Data.define(:source, :destination, :service, :action, :comment, :log, :log_prefix, :disabled) do
  def initialize(source:, destination:, action:, service: nil, comment: nil,
                 log: false, log_prefix: nil, disabled: false)
    super
  end
end

#destination ⇒ Object (readonly)

Returns the value of attribute destination

Returns:

• (Object) —

  the current value of destination

# File 'lib/mt/wall/model/rule.rb', line 42

Rule = Data.define(:source, :destination, :service, :action, :comment, :log, :log_prefix, :disabled) do
  def initialize(source:, destination:, action:, service: nil, comment: nil,
                 log: false, log_prefix: nil, disabled: false)
    super
  end
end

#disabled ⇒ Object (readonly)

Returns the value of attribute disabled

Returns:

• (Object) —

  the current value of disabled

# File 'lib/mt/wall/model/rule.rb', line 42

def disabled
  @disabled
end

#log ⇒ Object (readonly)

Returns the value of attribute log

Returns:

• (Object) —

  the current value of log

# File 'lib/mt/wall/model/rule.rb', line 42

def log
  @log
end

#log_prefix ⇒ Object (readonly)

Returns the value of attribute log_prefix

Returns:

• (Object) —

  the current value of log_prefix

# File 'lib/mt/wall/model/rule.rb', line 42

Rule = Data.define(:source, :destination, :service, :action, :comment, :log, :log_prefix, :disabled) do
  def initialize(source:, destination:, action:, service: nil, comment: nil,
                 log: false, log_prefix: nil, disabled: false)
    super
  end
end

#service ⇒ Object (readonly)

Returns the value of attribute service

Returns:

• (Object) —

  the current value of service

# File 'lib/mt/wall/model/rule.rb', line 42

Rule = Data.define(:source, :destination, :service, :action, :comment, :log, :log_prefix, :disabled) do
  def initialize(source:, destination:, action:, service: nil, comment: nil,
                 log: false, log_prefix: nil, disabled: false)
    super
  end
end

#source ⇒ Object (readonly)

Returns the value of attribute source

Returns:

• (Object) —

  the current value of source

# File 'lib/mt/wall/model/rule.rb', line 42

Rule = Data.define(:source, :destination, :service, :action, :comment, :log, :log_prefix, :disabled) do
  def initialize(source:, destination:, action:, service: nil, comment: nil,
                 log: false, log_prefix: nil, disabled: false)
    super
  end
end

Instance Method Details

#action=(value) ⇒ Object (readonly)

:accept or :drop

# File 'lib/mt/wall/model/rule.rb', line 42

Rule = Data.define(:source, :destination, :service, :action, :comment, :log, :log_prefix, :disabled) do
  def initialize(source:, destination:, action:, service: nil, comment: nil,
                 log: false, log_prefix: nil, disabled: false)
    super
  end
end

#disabled=(value) ⇒ Object (readonly)

keep the grant but inactive (disabled=yes)

# File 'lib/mt/wall/model/rule.rb', line 42

Rule = Data.define(:source, :destination, :service, :action, :comment, :log, :log_prefix, :disabled) do
  def initialize(source:, destination:, action:, service: nil, comment: nil,
                 log: false, log_prefix: nil, disabled: false)
    super
  end
end

#log=(value) ⇒ Object (readonly)

log matched packets (RouterOS log=yes)

# File 'lib/mt/wall/model/rule.rb', line 42

Rule = Data.define(:source, :destination, :service, :action, :comment, :log, :log_prefix, :disabled) do
  def initialize(source:, destination:, action:, service: nil, comment: nil,
                 log: false, log_prefix: nil, disabled: false)
    super
  end
end