Class: IControl::Networking::PacketFilter

Inherits:
Base
  • Object
show all
Defined in:
lib/icontrol/networking/packet_filter.rb,
lib/icontrol/networking.rb

Overview

The PacketFilter interface enables you to work with the definitions and attributes of packet filter rules. The goal of the packet filter is to provide a flexible and integrated perimeter security mechanism to explicitly block as well as accept traffic using complex expressions similar to those used by libpcap (e.g. tcpdump).

Defined Under Namespace

Classes: PacketFilterStatisticEntry, PacketFilterStatisticEntrySequence, PacketFilterStatistics

Instance Method Summary collapse

Dynamic Method Handling

This class handles dynamic methods through the method_missing method in the class IControl::Base

Instance Method Details

#actionFilterAction

Gets the actions of what to do if the ingress traffic matches the filter rules.

Returns:

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.



55
56
57
 
# File 'lib/icontrol/networking/packet_filter.rb', line 55

def action
  super
end

#all_statisticsPacketFilterStatistics

Gets the statistics for all the packet filter rules.

Returns:

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.



66
67
68
 
# File 'lib/icontrol/networking/packet_filter.rb', line 66

def all_statistics
  super
end

#create(opts) ⇒ Object

Creates this packet filter rules.

Parameters:

  • opts (Hash)

Options Hash (opts):

  • :sort_orders (long)

    The sort-order part of the rule is an integer value used to assign a relative “weight” to the rule. The sort-order may be any number between 0 and 999, but no two rules may have the same value. The specific value of the sort-order is not important, only its position relative to the other rules’ sort-orders. Rule evaluation order is determined by starting with the lowest numbered rule and moving up through to the highest.

  • :actions (IControl::Networking::FilterAction)

    The list of action of what to do with the traffic should it match each rule.

  • :expressions (String)

    The expressions that make up the rules, used to match the ingress traffic. The legal expressions for the filters are determined by the version of the pcap library linked into the rule compiler. If empty, the associated filters match all packets.

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.



23
24
25
26
 
# File 'lib/icontrol/networking/packet_filter.rb', line 23

def create(opts)
  opts = check_params(opts,[:sort_orders,:actions,:expressions])
  super(opts)
end

#delete_all_packet_filtersObject

Deletes all packet filter.

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.



34
35
36
 
# File 'lib/icontrol/networking/packet_filter.rb', line 34

def delete_all_packet_filters
  super
end

#delete_packet_filterObject

Deletes this packet filter rules.

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.



44
45
46
 
# File 'lib/icontrol/networking/packet_filter.rb', line 44

def delete_packet_filter
  super
end

#expressionString

Gets the expressions used to match ingress traffic. Each expression is defined by the pcap library, which is used to implement tcpdump, and is compiled into a Berkeley Packet Filter program. The man page for tcpdump describes the format and valid syntax of the filter rule expression.

Returns:

  • (String)

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.



80
81
82
 
# File 'lib/icontrol/networking/packet_filter.rb', line 80

def expression
  super
end

#listString

Gets a list of all packet filter rules.

Returns:

  • (String)

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.



91
92
93
 
# File 'lib/icontrol/networking/packet_filter.rb', line 91

def list
  super
end

#log_stateEnabledState

Gets the states that specify whether an entry will be created in the system log each time the rule is matched.

Returns:

  • (EnabledState)

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.



103
104
105
 
# File 'lib/icontrol/networking/packet_filter.rb', line 103

def log_state
  super
end

#rate_classString

Gets the rate classes that will be used to rate limit the traffic. If the rule has an associated Rate Class name, then any traffic allowed by the rule will also be rate limited according to the behavior of this rate class. It is meaningless to associate a rate class with a rule that has a discard or reject action. Likewise, the rate class will only take effect when the traffic actually leaves the system. If the traffic does not leave the system, the rate class has no effect.

Returns:

  • (String)

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.



119
120
121
 
# File 'lib/icontrol/networking/packet_filter.rb', line 119

def rate_class
  super
end

#reset_statisticsObject

Resets the statistics for this pools.

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.



170
171
172
 
# File 'lib/icontrol/networking/packet_filter.rb', line 170

def reset_statistics
  super
end

#set_action(opts) ⇒ Object

Sets the actions of what to do if the ingress traffic matches the filter rules.

Parameters:

  • opts (Hash)

Options Hash (opts):

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.



182
183
184
185
 
# File 'lib/icontrol/networking/packet_filter.rb', line 182

def set_action(opts)
  opts = check_params(opts,[:actions])
  super(opts)
end

#set_expression(opts) ⇒ Object

Sets the expressions used to match ingress traffic. Each expression is defined by the pcap library, which is used to implement tcpdump, and is compiled into a Berkeley Packet Filter program. The man page for tcpdump describes the format and valid syntax of the filter rule expression.

Parameters:

  • opts (Hash)

Options Hash (opts):

  • :expressions (String)

    The expressions used to match ingress traffic.

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.



198
199
200
201
 
# File 'lib/icontrol/networking/packet_filter.rb', line 198

def set_expression(opts)
  opts = check_params(opts,[:expressions])
  super(opts)
end

#set_log_state(opts) ⇒ Object

Sets the states that specify whether an entry will be created in the system log each time the rule is matched.

Parameters:

  • opts (Hash)

Options Hash (opts):

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.



212
213
214
215
 
# File 'lib/icontrol/networking/packet_filter.rb', line 212

def set_log_state(opts)
  opts = check_params(opts,[:states])
  super(opts)
end

#set_rate_class(opts) ⇒ Object

Sets the rate classes that will be used to rate limit the traffic. If the rule has an associated Rate Class name, then any traffic allowed by the rule will also be rate limited according to the behavior of this rate class. It is meaningless to associate a rate class with a rule that has a discard or reject action. Likewise, the rate class will only take effect when the traffic actually leaves the system. If the traffic does not leave the system, the rate class has no effect.

Parameters:

  • opts (Hash)

Options Hash (opts):

  • :rate_classes (String)

    The rate classes used to rate limit the traffic.

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.



230
231
232
233
 
# File 'lib/icontrol/networking/packet_filter.rb', line 230

def set_rate_class(opts)
  opts = check_params(opts,[:rate_classes])
  super(opts)
end

#set_sort_order(opts) ⇒ Object

Sets the sort orders of this filter rules.

Parameters:

  • opts (Hash)

Options Hash (opts):

  • :orders (long)

    The sort order values of the associated filter rules. Legal values for sort-order are all integers between 0 and 999, inclusive. No two rules may have the same sort-order value.

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.



243
244
245
246
 
# File 'lib/icontrol/networking/packet_filter.rb', line 243

def set_sort_order(opts)
  opts = check_params(opts,[:orders])
  super(opts)
end

#set_vlan(opts) ⇒ Object

Sets the optional ingress VLANs to match on.

Parameters:

  • opts (Hash)

Options Hash (opts):

  • :vlan_names (String)

    The ingress VLANs to match on. If present, each entry must be a specific VLAN name currently in existence. If omitted, the rule matches all VLANs .

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.



256
257
258
259
 
# File 'lib/icontrol/networking/packet_filter.rb', line 256

def set_vlan(opts)
  opts = check_params(opts,[:vlan_names])
  super(opts)
end

#sort_orderlong

Gets the sort orders of this filter rules.

Returns:

  • (long)

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.



130
131
132
 
# File 'lib/icontrol/networking/packet_filter.rb', line 130

def sort_order
  super
end

#statisticsPacketFilterStatistics

Gets the statistics for this packet filter.

Returns:

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.



141
142
143
 
# File 'lib/icontrol/networking/packet_filter.rb', line 141

def statistics
  super
end

#versionString

Gets the version information for this interface.

Returns:

  • (String) 


149
150
151
 
# File 'lib/icontrol/networking/packet_filter.rb', line 149

def version
  super
end

#vlanString

Gets the optional ingress VLANs to match on.

Returns:

  • (String)

Raises:

  • (IControl::IControl::Common::AccessDenied)

    raised if the client credentials are not valid.

  • (IControl::IControl::Common::InvalidArgument)

    raised if one of the arguments is invalid.

  • (IControl::IControl::Common::OperationFailed)

    raised if an operation error occurs.



160
161
162
 
# File 'lib/icontrol/networking/packet_filter.rb', line 160

def vlan
  super
end