New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
fwrule - npm Package Compare versions
Comparing version 1.4.1 to 2.0.0
@@ -16,11 +16,13 @@ # Overview | ||
| In the case of two rules that affect the same VM and port, the rule that | ||
| goes counter to the default policy takes precedence. This means: | ||
| In the case of two rules that affect the same VM and port and have the same | ||
| priority level (0 when one isn't specified), the rule that goes counter to | ||
| the default policy takes precedence by default. This means: | ||
| * If you have an incoming BLOCK and an incoming ALLOW rule for the | ||
| same VM and port, the ALLOW will override. | ||
| same VM and port of the same priority, the ALLOW will override. | ||
| Give the BLOCK a higher priority to have it applied first. | ||
| * If you have an outgoing BLOCK and an outgoing ALLOW rule for the | ||
| same VM and port, the BLOCK will override. | ||
| same VM and port of the same priority, the BLOCK will override. | ||
| Give the ALLOW a higher priority to have it applied first. | ||
| # Rule payload | ||
@@ -55,38 +57,28 @@ | ||
| FROM <from targets> TO <to targets> <action> <protocol> <ports or types> | ||
| The parameters are the following: | ||
| <p style="text-align: center"> | ||
| <img alt="Rules are of the form: FROM target_list TO target_list action protocol ports/types" src="./media/img/rule.svg" /> | ||
| </p> | ||
| Affected sources and destinations can be defined as a list of targets in the | ||
| following syntax: | ||
| <p style="text-align: center"> | ||
| <img alt="Target List Keywords: ALL VMS, ANY, or a list of targets separated by OR" src="./media/img/target-list.svg" /> | ||
| </p> | ||
| **from targets** and **to targets** can be any of the following types | ||
| (see the Target Types section below): | ||
| * vm <uuid> | ||
| * ip <IPv4 or IPv6 address> | ||
| * subnet <subnet CIDR> | ||
| * tag <tag name> | ||
| * tag <tag name>=<tag value> | ||
| * a target list of up to 32 of the above | ||
| * all vms | ||
| * any | ||
| <p style="text-align: center"> | ||
| <img alt="Target Keywords: VM, IP, SUBNET, TAG" src="./media/img/target.svg" /> | ||
| </p> | ||
| **action** can be one of (see the Actions section below): | ||
| Protocols can be targeted using: | ||
| * ALLOW | ||
| * BLOCK | ||
| <p style="text-align: center"> | ||
| <img alt="Protocol Keywords: TCP, UDP, ICMP, ICMP6, AH, ESP" src="./media/img/protocol.svg" /> | ||
| </p> | ||
| **protocol** can be one of (see the Protocols section below): | ||
| * tcp | ||
| * udp | ||
| * icmp | ||
| * icmp6 | ||
| **ports** or **types** can be one of (see the Ports section below): | ||
| * port <port number> (if protocol is tcp or udp) | ||
| * ports <port numbers and ranges> (if protocol is tcp or udp) | ||
| * type <ICMP type> (if protocol is icmp) | ||
| * type <ICMP type> code <ICMP code> (if protocol is icmp) | ||
| The limits for the parameters are: | ||
@@ -103,3 +95,3 @@ | ||
| vm <uuid> | ||
| vm <uuid> | ||
@@ -116,3 +108,3 @@ Targets the VM with that UUID. | ||
| ip <IP address> | ||
| ip <IP address> | ||
@@ -129,3 +121,3 @@ Targets the specified IPv4 or IPv6 address. | ||
| subnet <subnet CIDR> | ||
| subnet <subnet CIDR> | ||
@@ -148,5 +140,5 @@ Targets the specified IPv4 or IPv6 subnet range. | ||
| tag <name> | ||
| tag <name> = <value> | ||
| tag "<name with spaces>" = "<value with spaces>" | ||
| tag <name> | ||
| tag <name> = <value> | ||
| tag "<name with spaces>" = "<value with spaces>" | ||
@@ -197,3 +189,3 @@ Targets all VMs with the specified tag, or all VMs with the specified tag | ||
| ( <target> OR <target> OR ... ) | ||
| ( <target> OR <target> OR ... ) | ||
@@ -236,5 +228,7 @@ The vm, ip, subnet and tag target types can be combined into a list surrounded | ||
| icmp6 | ||
| ah | ||
| esp | ||
| The protocol can be one of tcp, udp or icmp(6). The protocol dictates whether | ||
| ports or types can be used (see the Ports section below). | ||
| The protocol can be one of tcp, udp, icmp(6), ah or esp. The protocol dictates | ||
| whether ports or types can be used (see the Ports section below). | ||
@@ -244,9 +238,5 @@ | ||
| port <port number> | ||
| ( port <port number> AND port <port number> ... ) | ||
| ports <port number or range> | ||
| ports <port number or range>, <port number or range>, ... | ||
| type <icmp type> | ||
| type <icmp type> code <icmp code> | ||
| ( type <icmp type> AND type <icmp type> code <icmp code> AND ... ) | ||
| <p style="text-align: center"> | ||
| <img alt="All, specific, or ranges of ports can be allowed and blocked" src="./media/img/port-list.svg" /> | ||
| </p> | ||
@@ -259,5 +249,2 @@ For TCP and UDP, this specifies the port numbers that the rule applies to. | ||
| For ICMP, this specifies the ICMP type and optional code that the rule | ||
| applies to. Types and codes must be between 0 and 255, inclusive. | ||
| **Examples:** | ||
@@ -274,2 +261,14 @@ | ||
| # ICMP Types | ||
| <p style="text-align: center"> | ||
| <img alt="All ICMP types can be specified, or a list of specific ones" src="./media/img/type-list.svg" /> | ||
| </p> | ||
| For ICMP, this specifies the ICMP type and optional code that the rule | ||
| applies to. Types and codes must be between 0 and 255, inclusive. | ||
| **Examples:** | ||
| FROM any TO all vms ALLOW icmp TYPE 8 CODE 0 | ||
@@ -287,2 +286,24 @@ | ||
| # Priority | ||
| priority <level> | ||
| Specifying a priority for a rule allows defining its relation with other rules. | ||
| By default, a rule has a priority level of 0, the lowest priority. Rules with a | ||
| higher priority will be used before ones with a lower priority. The highest | ||
| level that can be specified is 100. | ||
| **Examples:** | ||
| FROM any TO tag mta ALLOW tcp PORT 25 | ||
| FROM subnet 10.20.30.0/24 TO tag mta BLOCK tcp PORT 25 PRIORITY 1 | ||
| Allows traffic from anyone but 10.20.30.0/24 to access an MTA. | ||
| FROM all vms TO any BLOCK tcp PORT all | ||
| FROM all vms TO any ALLOW tcp PORT 22 PRIORITY 1 | ||
| Blocks all outbound traffic, overriding the default outbound policy, | ||
| except for SSH. | ||
| # Examples | ||
@@ -306,3 +327,10 @@ | ||
| FROM any TO all vms ALLOW ah | ||
| FROM any TO all vms ALLOW esp | ||
| FROM any TO all vms ALLOW udp (PORT 500 and PORT 4500) | ||
| Allows [IPsec](https://en.wikipedia.org/wiki/IPsec) traffic from any host to | ||
| all VMs. | ||
| # Error Messages | ||
@@ -309,0 +337,0 @@ |
@@ -23,3 +23,3 @@ /* | ||
| * | ||
| * Copyright 2017, Joyent, Inc. All rights reserved. | ||
| * Copyright (c) 2018, Joyent, Inc. All rights reserved. | ||
| * | ||
@@ -43,4 +43,2 @@ * | ||
| var uuidRE = /^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$/; | ||
| /** | ||
@@ -53,6 +51,11 @@ * The fwrule language is versioned so that use of new features can be | ||
| * 3 - Support for IPv6 targets, the ICMPv6 protocol, and the TYPE ALL keyword | ||
| * 4 - Support for priority levels, longer protocol targets list, and the AH and | ||
| * ESP protocols (for IPsec) | ||
| */ | ||
| var CURR_VERSION = 3; | ||
| var CURR_VERSION = 4; | ||
| var NON_DIGIT_RE = /[^0-9]/; | ||
| // --- Internal helper functions | ||
@@ -111,5 +114,11 @@ | ||
| parser.yy.validatePriorityLevel = function validatePriorityLevel(num) { | ||
| if (NON_DIGIT_RE.test(num) || Number(num) < 0 || Number(num) > 100) { | ||
| throw new validators.InvalidParamError('rule', | ||
| 'Priority level "%s" is invalid', num); | ||
| } | ||
| }; | ||
| parser.yy.validatePortNumber = function validatePortNumber(num) { | ||
| if (isNaN(num) || Number(num) < 1 || Number(num) > 65535) { | ||
| if (NON_DIGIT_RE.test(num) || Number(num) < 1 || Number(num) > 65535) { | ||
| throw new validators.InvalidParamError('rule', | ||
@@ -148,3 +157,3 @@ 'Port number "%s" is invalid', num); | ||
| parser.yy.validateICMPcode = function validateICMPcode(num) { | ||
| if (isNaN(num) || Number(num) < 0 || Number(num) > 255) { | ||
| if (NON_DIGIT_RE.test(num) || Number(num) < 0 || Number(num) > 255) { | ||
| throw new validators.InvalidParamError('rule', | ||
@@ -157,3 +166,3 @@ 'ICMP code "%s" is invalid', num); | ||
| parser.yy.validateICMPtype = function validateICMPtype(num) { | ||
| if (isNaN(num) || Number(num) < 0 || Number(num) > 255) { | ||
| if (NON_DIGIT_RE.test(num) || Number(num) < 0 || Number(num) > 255) { | ||
| throw new validators.InvalidParamError('rule', | ||
@@ -166,3 +175,3 @@ 'ICMP type "%s" is invalid', num); | ||
| parser.yy.validateUUID = function validateUUID(text) { | ||
| if (!uuidRE.test(text)) { | ||
| if (!validators.validateUUID(text)) { | ||
| throw new validators.InvalidParamError('rule', | ||
@@ -246,5 +255,5 @@ 'UUID "%s" is invalid', text); | ||
| parse: parse, | ||
| PROTOCOLS: ['tcp', 'udp', 'icmp', 'icmp6'], | ||
| PROTOCOLS: ['tcp', 'udp', 'icmp', 'icmp6', 'ah', 'esp'], | ||
| TARGET_TYPES: rule.TARGET_TYPES, | ||
| validators: validators | ||
| }; |
@@ -23,3 +23,3 @@ /* | ||
| * | ||
| * Copyright 2017, Joyent, Inc. All rights reserved. | ||
| * Copyright (c) 2018, Joyent, Inc. All rights reserved. | ||
| * | ||
@@ -35,5 +35,5 @@ * | ||
| yy: {}, | ||
| symbols_: {"error":2,"start":3,"FROM":4,"target_list":5,"TO":6,"action":7,"protocol":8,"EOF":9,"any":10,"all":11,"(":12,"target_or_list":13,")":14,"target":15,"OR":16,"ipv4":17,"ipv4_subnet":18,"ipv6":19,"ipv6_subnet":20,"tag":21,"vm":22,"ALL":23,"VMS":24,"ANY":25,"IP":26,"IPV4ADDR":27,"SUBNET":28,"CIDRSUFFIX":29,"IPV6ADDR":30,"VM":31,"uuid":32,"WORD":33,"TAG":34,"tag_string":35,"=":36,"STRING":37,"BLOCK":38,"ALLOW":39,"TCP":40,"port_list":41,"ports":42,"UDP":43,"ICMP":44,"type_list":45,"ICMP6":46,"port_and_list":47,"port":48,"port_all":49,"AND":50,"PORT":51,"portnumber":52,"PORTS":53,"portnumbers":54,"portrange":55,"-":56,",":57,"type_and_list":58,"type":59,"type_all":60,"TYPE":61,"icmptype":62,"CODE":63,"icmpcode":64,"$accept":0,"$end":1}, | ||
| terminals_: {2:"error",4:"FROM",6:"TO",9:"EOF",12:"(",14:")",16:"OR",23:"ALL",24:"VMS",25:"ANY",26:"IP",27:"IPV4ADDR",28:"SUBNET",29:"CIDRSUFFIX",30:"IPV6ADDR",31:"VM",33:"WORD",34:"TAG",36:"=",37:"STRING",38:"BLOCK",39:"ALLOW",40:"TCP",43:"UDP",44:"ICMP",46:"ICMP6",50:"AND",51:"PORT",53:"PORTS",56:"-",57:",",61:"TYPE",63:"CODE"}, | ||
| productions_: [0,[3,7],[5,1],[5,1],[5,3],[5,1],[13,1],[13,3],[15,1],[15,1],[15,1],[15,1],[15,1],[15,1],[11,2],[11,4],[10,1],[10,3],[17,2],[18,3],[19,2],[20,3],[22,2],[32,1],[21,2],[21,4],[35,1],[35,1],[7,1],[7,1],[8,2],[8,2],[8,2],[8,2],[8,2],[8,2],[41,3],[41,1],[41,3],[41,1],[47,1],[47,3],[48,2],[42,2],[49,2],[52,1],[55,1],[55,3],[54,1],[54,3],[45,3],[45,1],[45,3],[45,1],[58,1],[58,3],[59,4],[59,2],[60,2],[62,1],[64,1]], | ||
| symbols_: {"error":2,"start":3,"FROM":4,"target_list":5,"TO":6,"action":7,"protocol":8,"EOF":9,"PRIORITY":10,"priolevel":11,"WORD":12,"any":13,"all":14,"(":15,"target_or_list":16,")":17,"target":18,"OR":19,"ipv4":20,"ipv4_subnet":21,"ipv6":22,"ipv6_subnet":23,"tag":24,"vm":25,"ALL":26,"VMS":27,"ANY":28,"IP":29,"IPV4ADDR":30,"SUBNET":31,"CIDRSUFFIX":32,"IPV6ADDR":33,"VM":34,"uuid":35,"TAG":36,"tag_string":37,"=":38,"STRING":39,"BLOCK":40,"ALLOW":41,"TCP":42,"port_list":43,"ports":44,"UDP":45,"ICMP":46,"type_list":47,"ICMP6":48,"AH":49,"ESP":50,"port_and_list":51,"port":52,"port_all":53,"AND":54,"PORT":55,"portnumber":56,"PORTS":57,"portnumbers":58,"portrange":59,"-":60,",":61,"type_and_list":62,"type":63,"type_all":64,"TYPE":65,"icmptype":66,"CODE":67,"icmpcode":68,"$accept":0,"$end":1}, | ||
| terminals_: {2:"error",4:"FROM",6:"TO",9:"EOF",10:"PRIORITY",12:"WORD",15:"(",17:")",19:"OR",26:"ALL",27:"VMS",28:"ANY",29:"IP",30:"IPV4ADDR",31:"SUBNET",32:"CIDRSUFFIX",33:"IPV6ADDR",34:"VM",36:"TAG",38:"=",39:"STRING",40:"BLOCK",41:"ALLOW",42:"TCP",45:"UDP",46:"ICMP",48:"ICMP6",49:"AH",50:"ESP",54:"AND",55:"PORT",57:"PORTS",60:"-",61:",",65:"TYPE",67:"CODE"}, | ||
| productions_: [0,[3,7],[3,9],[11,1],[5,1],[5,1],[5,3],[5,1],[16,1],[16,3],[18,1],[18,1],[18,1],[18,1],[18,1],[18,1],[14,2],[14,4],[13,1],[13,3],[20,2],[21,3],[22,2],[23,3],[25,2],[35,1],[24,2],[24,4],[37,1],[37,1],[7,1],[7,1],[8,2],[8,2],[8,2],[8,2],[8,2],[8,2],[8,1],[8,1],[43,3],[43,1],[43,3],[43,1],[51,1],[51,3],[52,2],[44,2],[53,2],[56,1],[59,1],[59,3],[58,1],[58,3],[47,3],[47,1],[47,3],[47,1],[62,1],[62,3],[63,4],[63,2],[64,2],[66,1],[68,1]], | ||
| performAction: function anonymous(yytext,yyleng,yylineno,yy,yystate,$$,_$) { | ||
@@ -45,49 +45,51 @@ | ||
| break; | ||
| case 4:this.$ = $$[$0-1]; | ||
| case 2: yy.validateOKVersion(4, 'priority levels'); | ||
| return { 'from': $$[$0-7], 'to': $$[$0-5], 'action': $$[$0-4], 'protocol': $$[$0-3], 'priority': $$[$0-1] }; | ||
| break; | ||
| case 7: this.$ = $$[$0-2].concat($$[$0]); | ||
| case 3: yy.validatePriorityLevel($$[$0]); | ||
| this.$ = Number($$[$0]) | ||
| break; | ||
| case 14: this.$ = [ ['wildcard', 'vmall'] ]; | ||
| case 6:this.$ = $$[$0-1]; | ||
| break; | ||
| case 15: this.$ = [ ['wildcard', 'vmall'] ]; | ||
| case 9: this.$ = $$[$0-2].concat($$[$0]); | ||
| break; | ||
| case 16: this.$ = [ ['wildcard', 'any'] ]; | ||
| case 16: this.$ = [ ['wildcard', 'vmall'] ]; | ||
| break; | ||
| case 17: this.$ = [ ['wildcard', 'any'] ]; | ||
| case 17: this.$ = [ ['wildcard', 'vmall'] ]; | ||
| break; | ||
| case 18: yy.validateIPv4address($$[$0]); | ||
| case 18: this.$ = [ ['wildcard', 'any'] ]; | ||
| break; | ||
| case 19: this.$ = [ ['wildcard', 'any'] ]; | ||
| break; | ||
| case 20: yy.validateIPv4address($$[$0]); | ||
| this.$ = [ ['ip', $$[$0]] ]; | ||
| break; | ||
| case 19: yy.validateSubnet($$[$0-1] + $$[$0]); | ||
| case 21: yy.validateSubnet($$[$0-1] + $$[$0]); | ||
| this.$ = [ ['subnet', $$[$0-1] + $$[$0]] ]; | ||
| break; | ||
| case 20: yy.validateOKVersion(3, 'IPv6'); | ||
| case 22: yy.validateOKVersion(3, 'IPv6'); | ||
| yy.validateIPv6address($$[$0]); | ||
| this.$ = [ ['ip', $$[$0]] ]; | ||
| break; | ||
| case 21: yy.validateOKVersion(3, 'IPv6'); | ||
| case 23: yy.validateOKVersion(3, 'IPv6'); | ||
| yy.validateSubnet($$[$0-1] + $$[$0]); | ||
| this.$ = [ ['subnet', $$[$0-1] + $$[$0]] ]; | ||
| break; | ||
| case 22: this.$ = [ ['vm', $$[$0]] ]; | ||
| case 24: this.$ = [ ['vm', $$[$0]] ]; | ||
| break; | ||
| case 23: yy.validateUUID($$[$0]); | ||
| case 25: yy.validateUUID($$[$0]); | ||
| this.$ = $$[$0]; | ||
| break; | ||
| case 24: this.$ = [ ['tag', $$[$0]] ]; | ||
| case 26: this.$ = [ ['tag', $$[$0]] ]; | ||
| break; | ||
| case 25: this.$ = [ ['tag', [ $$[$0-2], $$[$0] ] ] ]; | ||
| case 27: this.$ = [ ['tag', [ $$[$0-2], $$[$0] ] ] ]; | ||
| break; | ||
| case 26: this.$ = yytext; | ||
| case 28: this.$ = yytext; | ||
| break; | ||
| case 27: this.$ = $$[$0]; | ||
| case 29: this.$ = $$[$0]; | ||
| break; | ||
| case 28: this.$ = $$[$0].toLowerCase() | ||
| case 30: this.$ = $$[$0].toLowerCase() | ||
| break; | ||
| case 29: this.$ = $$[$0].toLowerCase() | ||
| case 31: this.$ = $$[$0].toLowerCase() | ||
| break; | ||
| case 30: this.$ = { 'name': $$[$0-1].toLowerCase(), 'targets': $$[$0] } | ||
| break; | ||
| case 31: this.$ = { 'name': $$[$0-1].toLowerCase(), 'targets': $$[$0] } | ||
| break; | ||
| case 32: this.$ = { 'name': $$[$0-1].toLowerCase(), 'targets': $$[$0] } | ||
@@ -99,24 +101,34 @@ break; | ||
| break; | ||
| case 35: yy.validateOKVersion(3, 'IPv6'); | ||
| case 35: this.$ = { 'name': $$[$0-1].toLowerCase(), 'targets': $$[$0] } | ||
| break; | ||
| case 36: this.$ = { 'name': $$[$0-1].toLowerCase(), 'targets': $$[$0] } | ||
| break; | ||
| case 37: yy.validateOKVersion(3, 'IPv6'); | ||
| this.$ = { 'name': $$[$0-1].toLowerCase(), 'targets': $$[$0] }; | ||
| break; | ||
| case 36: this.$ = $$[$0-1]; | ||
| case 38: yy.validateOKVersion(4, 'AH'); | ||
| this.$ = { 'name': $$[$0].toLowerCase(), 'targets': [ 'all' ] }; | ||
| break; | ||
| case 38: this.$ = $$[$0-1]; | ||
| case 39: yy.validateOKVersion(4, 'ESP'); | ||
| this.$ = { 'name': $$[$0].toLowerCase(), 'targets': [ 'all' ] }; | ||
| break; | ||
| case 41: this.$ = $$[$0-2].concat(Number($$[$0])); | ||
| case 40: this.$ = $$[$0-1]; | ||
| break; | ||
| case 42: this.$ = [ $$[$0] ]; | ||
| case 42: this.$ = $$[$0-1]; | ||
| break; | ||
| case 43: yy.validateOKVersion(2, 'port ranges'); | ||
| case 45: this.$ = $$[$0-2].concat(Number($$[$0])); | ||
| break; | ||
| case 46: this.$ = [ $$[$0] ]; | ||
| break; | ||
| case 47: yy.validateOKVersion(2, 'port ranges'); | ||
| this.$ = $$[$0]; | ||
| break; | ||
| case 44: this.$ = [ 'all' ]; | ||
| case 48: this.$ = [ 'all' ]; | ||
| break; | ||
| case 45: yy.validatePortNumber($$[$0]); | ||
| case 49: yy.validatePortNumber($$[$0]); | ||
| this.$ = Number($$[$0]); | ||
| break; | ||
| case 46: this.$ = [ yy.createMaybePortRange($$[$0]) ]; | ||
| case 50: this.$ = [ yy.createMaybePortRange($$[$0]) ]; | ||
| break; | ||
| case 47: yy.validatePortNumber($$[$0-2]); | ||
| case 51: yy.validatePortNumber($$[$0-2]); | ||
| yy.validatePortNumber($$[$0]); | ||
@@ -126,21 +138,21 @@ yy.validateRangeOrder($$[$0-2], $$[$0]); | ||
| break; | ||
| case 49: this.$ = $$[$0-2].concat($$[$0]); | ||
| case 53: this.$ = $$[$0-2].concat($$[$0]); | ||
| break; | ||
| case 50: this.$ = $$[$0-1]; | ||
| case 54: this.$ = $$[$0-1]; | ||
| break; | ||
| case 52: this.$ = $$[$0-1]; | ||
| case 56: this.$ = $$[$0-1]; | ||
| break; | ||
| case 55: this.$ = $$[$0-2].concat($$[$0]); | ||
| case 59: this.$ = $$[$0-2].concat($$[$0]); | ||
| break; | ||
| case 56: this.$ = [ $$[$0-2] + ':' + $$[$0] ]; | ||
| case 60: this.$ = [ $$[$0-2] + ':' + $$[$0] ]; | ||
| break; | ||
| case 57: this.$ = [ $$[$0] ]; | ||
| case 61: this.$ = [ $$[$0] ]; | ||
| break; | ||
| case 58: yy.validateOKVersion(3, 'all ICMP types'); | ||
| case 62: yy.validateOKVersion(3, 'all ICMP types'); | ||
| this.$ = [ 'all' ]; | ||
| break; | ||
| case 59: yy.validateICMPtype($$[$0]); | ||
| case 63: yy.validateICMPtype($$[$0]); | ||
| this.$ = Number($$[$0]); | ||
| break; | ||
| case 60: yy.validateICMPcode($$[$0]); | ||
| case 64: yy.validateICMPcode($$[$0]); | ||
| this.$ = Number($$[$0]); | ||
@@ -150,4 +162,4 @@ break; | ||
| }, | ||
| table: [{3:1,4:[1,2]},{1:[3]},{5:3,10:4,11:5,12:[1,6],15:7,17:10,18:11,19:12,20:13,21:14,22:15,23:[1,9],25:[1,8],26:[1,16],28:[1,17],31:[1,19],34:[1,18]},{6:[1,20]},{6:[2,2],38:[2,2],39:[2,2]},{6:[2,3],38:[2,3],39:[2,3]},{13:21,15:24,17:10,18:11,19:12,20:13,21:14,22:15,23:[1,23],25:[1,22],26:[1,16],28:[1,17],31:[1,19],34:[1,18]},{6:[2,5],38:[2,5],39:[2,5]},{6:[2,16],38:[2,16],39:[2,16]},{24:[1,25]},{6:[2,8],14:[2,8],16:[2,8],38:[2,8],39:[2,8]},{6:[2,9],14:[2,9],16:[2,9],38:[2,9],39:[2,9]},{6:[2,10],14:[2,10],16:[2,10],38:[2,10],39:[2,10]},{6:[2,11],14:[2,11],16:[2,11],38:[2,11],39:[2,11]},{6:[2,12],14:[2,12],16:[2,12],38:[2,12],39:[2,12]},{6:[2,13],14:[2,13],16:[2,13],38:[2,13],39:[2,13]},{27:[1,26],30:[1,27]},{27:[1,28],30:[1,29]},{33:[1,32],35:30,37:[1,31]},{32:33,33:[1,34]},{5:35,10:4,11:5,12:[1,6],15:7,17:10,18:11,19:12,20:13,21:14,22:15,23:[1,9],25:[1,8],26:[1,16],28:[1,17],31:[1,19],34:[1,18]},{14:[1,36],16:[1,37]},{14:[1,38]},{24:[1,39]},{14:[2,6],16:[2,6]},{6:[2,14],38:[2,14],39:[2,14]},{6:[2,18],14:[2,18],16:[2,18],38:[2,18],39:[2,18]},{6:[2,20],14:[2,20],16:[2,20],38:[2,20],39:[2,20]},{29:[1,40]},{29:[1,41]},{6:[2,24],14:[2,24],16:[2,24],36:[1,42],38:[2,24],39:[2,24]},{6:[2,26],14:[2,26],16:[2,26],36:[2,26],38:[2,26],39:[2,26]},{6:[2,27],14:[2,27],16:[2,27],36:[2,27],38:[2,27],39:[2,27]},{6:[2,22],14:[2,22],16:[2,22],38:[2,22],39:[2,22]},{6:[2,23],14:[2,23],16:[2,23],38:[2,23],39:[2,23]},{7:43,38:[1,44],39:[1,45]},{6:[2,4],38:[2,4],39:[2,4]},{15:46,17:10,18:11,19:12,20:13,21:14,22:15,26:[1,16],28:[1,17],31:[1,19],34:[1,18]},{6:[2,17],38:[2,17],39:[2,17]},{14:[1,47]},{6:[2,19],14:[2,19],16:[2,19],38:[2,19],39:[2,19]},{6:[2,21],14:[2,21],16:[2,21],38:[2,21],39:[2,21]},{33:[1,32],35:48,37:[1,31]},{8:49,40:[1,50],43:[1,51],44:[1,52],46:[1,53]},{40:[2,28],43:[2,28],44:[2,28],46:[2,28]},{40:[2,29],43:[2,29],44:[2,29],46:[2,29]},{14:[2,7],16:[2,7]},{6:[2,15],38:[2,15],39:[2,15]},{6:[2,25],14:[2,25],16:[2,25],38:[2,25],39:[2,25]},{9:[1,54]},{12:[1,57],41:55,42:56,48:58,49:59,51:[1,61],53:[1,60]},{12:[1,57],41:62,42:63,48:58,49:59,51:[1,61],53:[1,60]},{12:[1,65],45:64,59:66,60:67,61:[1,68]},{12:[1,65],45:69,59:66,60:67,61:[1,68]},{1:[2,1]},{9:[2,30]},{9:[2,31]},{47:70,48:72,49:71,51:[1,61]},{9:[2,37]},{9:[2,39]},{33:[1,75],54:73,55:74},{23:[1,77],33:[1,78],52:76},{9:[2,32]},{9:[2,33]},{9:[2,34]},{58:79,59:81,60:80,61:[1,68]},{9:[2,51]},{9:[2,53]},{23:[1,83],33:[1,84],62:82},{9:[2,35]},{14:[1,85],50:[1,86]},{14:[1,87]},{14:[2,40],50:[2,40]},{9:[2,43],57:[1,88]},{9:[2,48],57:[2,48]},{9:[2,46],56:[1,89],57:[2,46]},{9:[2,42],14:[2,42],50:[2,42]},{9:[2,44],14:[2,44]},{9:[2,45],14:[2,45],50:[2,45]},{14:[1,90],50:[1,91]},{14:[1,92]},{14:[2,54],50:[2,54]},{9:[2,57],14:[2,57],50:[2,57],63:[1,93]},{9:[2,58],14:[2,58]},{9:[2,59],14:[2,59],50:[2,59],63:[2,59]},{9:[2,36]},{48:94,51:[1,95]},{9:[2,38]},{33:[1,75],55:96},{33:[1,97]},{9:[2,50]},{59:98,61:[1,99]},{9:[2,52]},{33:[1,101],64:100},{14:[2,41],50:[2,41]},{33:[1,78],52:76},{9:[2,49],57:[2,49]},{9:[2,47],57:[2,47]},{14:[2,55],50:[2,55]},{33:[1,84],62:82},{9:[2,56],14:[2,56],50:[2,56]},{9:[2,60],14:[2,60],50:[2,60]}], | ||
| defaultActions: {54:[2,1],55:[2,30],56:[2,31],58:[2,37],59:[2,39],62:[2,32],63:[2,33],64:[2,34],66:[2,51],67:[2,53],69:[2,35],85:[2,36],87:[2,38],90:[2,50],92:[2,52]}, | ||
| table: [{3:1,4:[1,2]},{1:[3]},{5:3,13:4,14:5,15:[1,6],18:7,20:10,21:11,22:12,23:13,24:14,25:15,26:[1,9],28:[1,8],29:[1,16],31:[1,17],34:[1,19],36:[1,18]},{6:[1,20]},{6:[2,4],40:[2,4],41:[2,4]},{6:[2,5],40:[2,5],41:[2,5]},{16:21,18:24,20:10,21:11,22:12,23:13,24:14,25:15,26:[1,23],28:[1,22],29:[1,16],31:[1,17],34:[1,19],36:[1,18]},{6:[2,7],40:[2,7],41:[2,7]},{6:[2,18],40:[2,18],41:[2,18]},{27:[1,25]},{6:[2,10],17:[2,10],19:[2,10],40:[2,10],41:[2,10]},{6:[2,11],17:[2,11],19:[2,11],40:[2,11],41:[2,11]},{6:[2,12],17:[2,12],19:[2,12],40:[2,12],41:[2,12]},{6:[2,13],17:[2,13],19:[2,13],40:[2,13],41:[2,13]},{6:[2,14],17:[2,14],19:[2,14],40:[2,14],41:[2,14]},{6:[2,15],17:[2,15],19:[2,15],40:[2,15],41:[2,15]},{30:[1,26],33:[1,27]},{30:[1,28],33:[1,29]},{12:[1,32],37:30,39:[1,31]},{12:[1,34],35:33},{5:35,13:4,14:5,15:[1,6],18:7,20:10,21:11,22:12,23:13,24:14,25:15,26:[1,9],28:[1,8],29:[1,16],31:[1,17],34:[1,19],36:[1,18]},{17:[1,36],19:[1,37]},{17:[1,38]},{27:[1,39]},{17:[2,8],19:[2,8]},{6:[2,16],40:[2,16],41:[2,16]},{6:[2,20],17:[2,20],19:[2,20],40:[2,20],41:[2,20]},{6:[2,22],17:[2,22],19:[2,22],40:[2,22],41:[2,22]},{32:[1,40]},{32:[1,41]},{6:[2,26],17:[2,26],19:[2,26],38:[1,42],40:[2,26],41:[2,26]},{6:[2,28],17:[2,28],19:[2,28],38:[2,28],40:[2,28],41:[2,28]},{6:[2,29],17:[2,29],19:[2,29],38:[2,29],40:[2,29],41:[2,29]},{6:[2,24],17:[2,24],19:[2,24],40:[2,24],41:[2,24]},{6:[2,25],17:[2,25],19:[2,25],40:[2,25],41:[2,25]},{7:43,40:[1,44],41:[1,45]},{6:[2,6],40:[2,6],41:[2,6]},{18:46,20:10,21:11,22:12,23:13,24:14,25:15,29:[1,16],31:[1,17],34:[1,19],36:[1,18]},{6:[2,19],40:[2,19],41:[2,19]},{17:[1,47]},{6:[2,21],17:[2,21],19:[2,21],40:[2,21],41:[2,21]},{6:[2,23],17:[2,23],19:[2,23],40:[2,23],41:[2,23]},{12:[1,32],37:48,39:[1,31]},{8:49,42:[1,50],45:[1,51],46:[1,52],48:[1,53],49:[1,54],50:[1,55]},{42:[2,30],45:[2,30],46:[2,30],48:[2,30],49:[2,30],50:[2,30]},{42:[2,31],45:[2,31],46:[2,31],48:[2,31],49:[2,31],50:[2,31]},{17:[2,9],19:[2,9]},{6:[2,17],40:[2,17],41:[2,17]},{6:[2,27],17:[2,27],19:[2,27],40:[2,27],41:[2,27]},{9:[1,56],10:[1,57]},{15:[1,60],43:58,44:59,52:61,53:62,55:[1,64],57:[1,63]},{15:[1,60],43:65,44:66,52:61,53:62,55:[1,64],57:[1,63]},{15:[1,68],47:67,63:69,64:70,65:[1,71]},{15:[1,68],47:72,63:69,64:70,65:[1,71]},{9:[2,38],10:[2,38]},{9:[2,39],10:[2,39]},{1:[2,1]},{11:73,12:[1,74]},{9:[2,32],10:[2,32]},{9:[2,33],10:[2,33]},{51:75,52:77,53:76,55:[1,64]},{9:[2,41],10:[2,41]},{9:[2,43],10:[2,43]},{12:[1,80],58:78,59:79},{12:[1,83],26:[1,82],56:81},{9:[2,34],10:[2,34]},{9:[2,35],10:[2,35]},{9:[2,36],10:[2,36]},{62:84,63:86,64:85,65:[1,71]},{9:[2,55],10:[2,55]},{9:[2,57],10:[2,57]},{12:[1,89],26:[1,88],66:87},{9:[2,37],10:[2,37]},{9:[1,90]},{9:[2,3]},{17:[1,91],54:[1,92]},{17:[1,93]},{17:[2,44],54:[2,44]},{9:[2,47],10:[2,47],61:[1,94]},{9:[2,52],10:[2,52],61:[2,52]},{9:[2,50],10:[2,50],60:[1,95],61:[2,50]},{9:[2,46],10:[2,46],17:[2,46],54:[2,46]},{9:[2,48],10:[2,48],17:[2,48]},{9:[2,49],10:[2,49],17:[2,49],54:[2,49]},{17:[1,96],54:[1,97]},{17:[1,98]},{17:[2,58],54:[2,58]},{9:[2,61],10:[2,61],17:[2,61],54:[2,61],67:[1,99]},{9:[2,62],10:[2,62],17:[2,62]},{9:[2,63],10:[2,63],17:[2,63],54:[2,63],67:[2,63]},{1:[2,2]},{9:[2,40],10:[2,40]},{52:100,55:[1,101]},{9:[2,42],10:[2,42]},{12:[1,80],59:102},{12:[1,103]},{9:[2,54],10:[2,54]},{63:104,65:[1,105]},{9:[2,56],10:[2,56]},{12:[1,107],68:106},{17:[2,45],54:[2,45]},{12:[1,83],56:81},{9:[2,53],10:[2,53],61:[2,53]},{9:[2,51],10:[2,51],61:[2,51]},{17:[2,59],54:[2,59]},{12:[1,89],66:87},{9:[2,60],10:[2,60],17:[2,60],54:[2,60]},{9:[2,64],10:[2,64],17:[2,64],54:[2,64]}], | ||
| defaultActions: {56:[2,1],74:[2,3],90:[2,2]}, | ||
| parseError: function parseError(str, hash) { | ||
@@ -446,102 +458,114 @@ throw new Error(str); | ||
| break; | ||
| case 6:return 26; | ||
| case 6:return 29; | ||
| break; | ||
| case 7:return 26; | ||
| case 7:return 29; | ||
| break; | ||
| case 8:return 28; | ||
| case 8:return 31; | ||
| break; | ||
| case 9:return 28; | ||
| case 9:return 31; | ||
| break; | ||
| case 10:return 25; | ||
| case 10:return 28; | ||
| break; | ||
| case 11:return 25; | ||
| case 11:return 28; | ||
| break; | ||
| case 12:return 23; | ||
| case 12:return 26; | ||
| break; | ||
| case 13:return 23; | ||
| case 13:return 26; | ||
| break; | ||
| case 14:return 34; | ||
| case 14:return 36; | ||
| break; | ||
| case 15:return 34; | ||
| case 15:return 36; | ||
| break; | ||
| case 16:return 31; | ||
| case 16:return 34; | ||
| break; | ||
| case 17:return 31; | ||
| case 17:return 34; | ||
| break; | ||
| case 18:return 24; | ||
| case 18:return 27; | ||
| break; | ||
| case 19:return 24; | ||
| case 19:return 27; | ||
| break; | ||
| case 20:return 56; | ||
| case 20:return 60; | ||
| break; | ||
| case 21:return 57; | ||
| case 21:return 61; | ||
| break; | ||
| case 22:return 36; | ||
| case 22:return 38; | ||
| break; | ||
| case 23:return 12; | ||
| case 23:return 15; | ||
| break; | ||
| case 24:return 14; | ||
| case 24:return 17; | ||
| break; | ||
| case 25:return 16; | ||
| case 25:return 19; | ||
| break; | ||
| case 26:return 16; | ||
| case 26:return 19; | ||
| break; | ||
| case 27:return 50; | ||
| case 27:return 54; | ||
| break; | ||
| case 28:return 50; | ||
| case 28:return 54; | ||
| break; | ||
| case 29:return 38; | ||
| case 29:return 40; | ||
| break; | ||
| case 30:return 38; | ||
| case 30:return 40; | ||
| break; | ||
| case 31:return 39; | ||
| case 31:return 41; | ||
| break; | ||
| case 32:return 39; | ||
| case 32:return 41; | ||
| break; | ||
| case 33:return 51; | ||
| case 33:return 55; | ||
| break; | ||
| case 34:return 51; | ||
| case 34:return 55; | ||
| break; | ||
| case 35:return 53; | ||
| case 35:return 57; | ||
| break; | ||
| case 36:return 53; | ||
| case 36:return 57; | ||
| break; | ||
| case 37:return 40; | ||
| case 37:return 42; | ||
| break; | ||
| case 38:return 40; | ||
| case 38:return 42; | ||
| break; | ||
| case 39:return 43; | ||
| case 39:return 45; | ||
| break; | ||
| case 40:return 43; | ||
| case 40:return 45; | ||
| break; | ||
| case 41:return 44; | ||
| case 41:return 46; | ||
| break; | ||
| case 42:return 44; | ||
| case 42:return 46; | ||
| break; | ||
| case 43:return 46; | ||
| case 43:return 48; | ||
| break; | ||
| case 44:return 46; | ||
| case 44:return 48; | ||
| break; | ||
| case 45:return 61; | ||
| case 45:return 49; | ||
| break; | ||
| case 46:return 61; | ||
| case 46:return 49; | ||
| break; | ||
| case 47:return 63; | ||
| case 47:return 50; | ||
| break; | ||
| case 48:return 63; | ||
| case 48:return 50; | ||
| break; | ||
| case 49:yy_.yytext = yy.tagUnescape(yy_.yytext.substr(1,yy_.yyleng-2)); return 37; | ||
| case 49:return 65; | ||
| break; | ||
| case 50:return 27; | ||
| case 50:return 65; | ||
| break; | ||
| case 51:return 30; | ||
| case 51:return 67; | ||
| break; | ||
| case 52:return 29; | ||
| case 52:return 67; | ||
| break; | ||
| case 53:return 33 | ||
| case 53:return 10; | ||
| break; | ||
| case 54:return 10; | ||
| break; | ||
| case 55:yy_.yytext = yy.tagUnescape(yy_.yytext.substr(1,yy_.yyleng-2)); return 39; | ||
| break; | ||
| case 56:return 30; | ||
| break; | ||
| case 57:return 33; | ||
| break; | ||
| case 58:return 32; | ||
| break; | ||
| case 59:return 12 | ||
| break; | ||
| } | ||
| }, | ||
| rules: [/^(?:\s+)/,/^(?:$)/,/^(?:FROM\b)/,/^(?:from\b)/,/^(?:TO\b)/,/^(?:to\b)/,/^(?:IP\b)/,/^(?:ip\b)/,/^(?:SUBNET\b)/,/^(?:subnet\b)/,/^(?:ANY\b)/,/^(?:any\b)/,/^(?:ALL\b)/,/^(?:all\b)/,/^(?:TAG\b)/,/^(?:tag\b)/,/^(?:VM\b)/,/^(?:vm\b)/,/^(?:VMS\b)/,/^(?:vms\b)/,/^(?:-)/,/^(?:,)/,/^(?:=)/,/^(?:\()/,/^(?:\))/,/^(?:OR\b)/,/^(?:or\b)/,/^(?:AND\b)/,/^(?:and\b)/,/^(?:BLOCK\b)/,/^(?:block\b)/,/^(?:ALLOW\b)/,/^(?:allow\b)/,/^(?:PORT\b)/,/^(?:port\b)/,/^(?:PORTS\b)/,/^(?:ports\b)/,/^(?:TCP\b)/,/^(?:tcp\b)/,/^(?:UDP\b)/,/^(?:udp\b)/,/^(?:ICMP\b)/,/^(?:icmp\b)/,/^(?:ICMP6\b)/,/^(?:icmp6\b)/,/^(?:TYPE\b)/,/^(?:type\b)/,/^(?:CODE\b)/,/^(?:code\b)/,/^(?:"(?:\\["bfnrt/()\\]|\\u[a-fA-F0-9]{4}|[^"\\])*")/,/^(?:(([0-9]){1,3})\.(([0-9]){1,3})\.(([0-9]){1,3})\.(([0-9]){1,3}))/,/^(?:([0-9a-f])*:([0-9a-f])*:[:0-9a-f]*)/,/^(?:\/([0-9]){1,3})/,/^(?:[-a-zA-Z0-9_]+)/], | ||
| conditions: {"INITIAL":{"rules":[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53],"inclusive":true}} | ||
| rules: [/^(?:\s+)/,/^(?:$)/,/^(?:FROM\b)/,/^(?:from\b)/,/^(?:TO\b)/,/^(?:to\b)/,/^(?:IP\b)/,/^(?:ip\b)/,/^(?:SUBNET\b)/,/^(?:subnet\b)/,/^(?:ANY\b)/,/^(?:any\b)/,/^(?:ALL\b)/,/^(?:all\b)/,/^(?:TAG\b)/,/^(?:tag\b)/,/^(?:VM\b)/,/^(?:vm\b)/,/^(?:VMS\b)/,/^(?:vms\b)/,/^(?:-)/,/^(?:,)/,/^(?:=)/,/^(?:\()/,/^(?:\))/,/^(?:OR\b)/,/^(?:or\b)/,/^(?:AND\b)/,/^(?:and\b)/,/^(?:BLOCK\b)/,/^(?:block\b)/,/^(?:ALLOW\b)/,/^(?:allow\b)/,/^(?:PORT\b)/,/^(?:port\b)/,/^(?:PORTS\b)/,/^(?:ports\b)/,/^(?:TCP\b)/,/^(?:tcp\b)/,/^(?:UDP\b)/,/^(?:udp\b)/,/^(?:ICMP\b)/,/^(?:icmp\b)/,/^(?:ICMP6\b)/,/^(?:icmp6\b)/,/^(?:AH\b)/,/^(?:ah\b)/,/^(?:ESP\b)/,/^(?:esp\b)/,/^(?:TYPE\b)/,/^(?:type\b)/,/^(?:CODE\b)/,/^(?:code\b)/,/^(?:PRIORITY\b)/,/^(?:priority\b)/,/^(?:"(?:\\["bfnrt/()\\]|\\u[a-fA-F0-9]{4}|[^"\\])*")/,/^(?:(([0-9]){1,3})\.(([0-9]){1,3})\.(([0-9]){1,3})\.(([0-9]){1,3}))/,/^(?:([0-9a-f])*:([0-9a-f])*:[:0-9a-f]*)/,/^(?:\/([0-9]){1,3})/,/^(?:[-a-zA-Z0-9_]+)/], | ||
| conditions: {"INITIAL":{"rules":[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59],"inclusive":true}} | ||
| }; | ||
@@ -548,0 +572,0 @@ return lexer; |
@@ -23,3 +23,3 @@ /* | ||
| * | ||
| * Copyright (c) 2016, Joyent, Inc. All rights reserved. | ||
| * Copyright (c) 2018, Joyent, Inc. All rights reserved. | ||
| * | ||
@@ -33,3 +33,3 @@ * | ||
| var mod_net = require('net'); | ||
| var mod_uuid = require('node-uuid'); | ||
| var mod_uuid = require('uuid'); | ||
| var sprintf = require('extsprintf').sprintf; | ||
@@ -60,4 +60,8 @@ var util = require('util'); | ||
| var MAX_TARGETS_PER_SIDE = 24; | ||
| // Maximum number of ports: | ||
| var MAX_PORTS = 8; | ||
| // Maximum number of protocol targets: | ||
| var MAX_PROTOCOL_TARGETS = 24; | ||
| // Minimum version for using a larger list of protocol targets: | ||
| var MINVER_LGPROTOTARG = 4; | ||
| // The old maximum number of protocol targets: | ||
| var OLD_MAX_PORTS = 8; | ||
| var STRING_PROPS = ['created_by', 'description']; | ||
@@ -399,4 +403,4 @@ var TARGET_TYPES = ['wildcard', 'ip', 'subnet', 'tag', 'vm']; | ||
| if (hasOwnProperty(data, 'global') | ||
| && hasOwnProperty(data, 'owner_uuid') && data.global) { | ||
| if (hasOwnProperty(data, 'global') && | ||
| hasOwnProperty(data, 'owner_uuid') && data.global) { | ||
| errs.push(new validators.InvalidParamError('global', | ||
@@ -406,4 +410,4 @@ 'cannot specify both global and owner_uuid')); | ||
| if (!hasOwnProperty(data, 'global') | ||
| && !hasOwnProperty(data, 'owner_uuid')) { | ||
| if (!hasOwnProperty(data, 'global') && | ||
| !hasOwnProperty(data, 'owner_uuid')) { | ||
| errs.push(new validators.InvalidParamError('owner_uuid', | ||
@@ -428,8 +432,17 @@ 'owner_uuid required')); | ||
| this.action = parsed.action; | ||
| this.priority = parsed.priority || 0; | ||
| this.protocol = parsed.protocol.name; | ||
| if (icmpr.test(this.protocol)) { | ||
| switch (this.protocol) { | ||
| case 'icmp': | ||
| case 'icmp6': | ||
| this.types = icmpTypeSort(parsed.protocol.targets); | ||
| this.protoTargets = this.types; | ||
| } else { | ||
| break; | ||
| case 'ah': | ||
| case 'esp': | ||
| this.protoTargets = parsed.protocol.targets; | ||
| break; | ||
| case 'tcp': | ||
| case 'udp': | ||
| this.ports = parsed.protocol.targets.sort(function (a, b) { | ||
@@ -441,8 +454,17 @@ var first = hasOwnProperty(a, 'start') ? a.start : a; | ||
| this.protoTargets = this.ports; | ||
| break; | ||
| default: | ||
| throw new validators.InvalidParamError('rule', | ||
| 'unknown protocol "%s"', this.protocol); | ||
| } | ||
| if (this.protoTargets.length > MAX_PORTS) { | ||
| if (opts.maxVersion < MINVER_LGPROTOTARG) { | ||
| if (this.protoTargets.length > OLD_MAX_PORTS) { | ||
| throw new validators.InvalidParamError('rule', | ||
| 'maximum of %d %s allowed', OLD_MAX_PORTS, | ||
| icmpr.test(this.protocol) ? 'types' : 'ports'); | ||
| } | ||
| } else if (this.protoTargets.length > MAX_PROTOCOL_TARGETS) { | ||
| throw new validators.InvalidParamError('rule', | ||
| 'maximum of %d %s allowed', | ||
| MAX_TARGETS_PER_SIDE, | ||
| 'maximum of %d %s allowed', MAX_PROTOCOL_TARGETS, | ||
| icmpr.test(this.protocol) ? 'types' : 'ports'); | ||
@@ -580,2 +602,3 @@ } | ||
| from: this.from, | ||
| priority: this.priority, | ||
| protocol: this.protocol, | ||
@@ -591,6 +614,16 @@ to: this.to, | ||
| if (icmpr.test(this.protocol)) { | ||
| switch (this.protocol) { | ||
| case 'icmp': | ||
| case 'icmp6': | ||
| raw.types = this.types; | ||
| } else { | ||
| break; | ||
| case 'ah': | ||
| case 'esp': | ||
| break; | ||
| case 'tcp': | ||
| case 'udp': | ||
| raw.ports = this.ports; | ||
| break; | ||
| default: | ||
| throw new Error('unknown protocol: ' + this.protocol); | ||
| } | ||
@@ -647,2 +680,3 @@ | ||
| var protoTxt; | ||
| var prioTxt = ''; | ||
| var targets = { | ||
@@ -672,4 +706,6 @@ from: [], | ||
| // Protocol-specific text: different for ICMP rather than TCP/UDP | ||
| if (icmpr.test(this.protocol)) { | ||
| protoTxt = util.format('%sTYPE %s%s', | ||
| switch (this.protocol) { | ||
| case 'icmp': | ||
| case 'icmp6': | ||
| protoTxt = util.format(' %sTYPE %s%s', | ||
| this.types.length > 1 ? '(' : '', | ||
@@ -683,6 +719,12 @@ this.types.map(function (type) { | ||
| ); | ||
| } else { | ||
| break; | ||
| case 'ah': | ||
| case 'esp': | ||
| protoTxt = ''; | ||
| break; | ||
| case 'tcp': | ||
| case 'udp': | ||
| ports = this.ports.map(function (port) { | ||
| if (hasOwnProperty(port, 'start') | ||
| && hasOwnProperty(port, 'end')) { | ||
| if (hasOwnProperty(port, 'start') && | ||
| hasOwnProperty(port, 'end')) { | ||
| /* | ||
@@ -700,5 +742,5 @@ * We only output PORTS when we have a range, since we don't | ||
| if (containsRange) { | ||
| protoTxt = util.format('PORTS %s', ports.join(', ')); | ||
| protoTxt = util.format(' PORTS %s', ports.join(', ')); | ||
| } else { | ||
| protoTxt = util.format('%sPORT %s%s', | ||
| protoTxt = util.format(' %sPORT %s%s', | ||
| ports.length > 1 ? '(' : '', | ||
@@ -709,5 +751,12 @@ ports.join(' AND PORT '), | ||
| } | ||
| break; | ||
| default: | ||
| throw new Error('unknown protocol: ' + this.protocol); | ||
| } | ||
| return util.format('FROM %s%s%s TO %s%s%s %s %s', | ||
| if (this.priority > 0) { | ||
| prioTxt += ' PRIORITY ' + this.priority.toString(); | ||
| } | ||
| return util.format('FROM %s%s%s TO %s%s%s %s %s%s%s', | ||
| targets.from.length > 1 ? '(' : '', | ||
@@ -721,3 +770,4 @@ targets.from.join(' OR '), | ||
| this.protocol.toLowerCase(), | ||
| protoTxt | ||
| protoTxt, | ||
| prioTxt | ||
| ); | ||
@@ -724,0 +774,0 @@ }; |
@@ -23,3 +23,3 @@ /* | ||
| * | ||
| * Copyright (c) 2016, Joyent, Inc. All rights reserved. | ||
| * Copyright (c) 2018, Joyent, Inc. All rights reserved. | ||
| * | ||
@@ -45,3 +45,2 @@ */ | ||
| var icmpr = /^icmp6?$/; | ||
| var portRE = /^[0-9]{1,5}$/; | ||
@@ -135,4 +134,4 @@ var UUID_REGEX = | ||
| /** | ||
| * Returns true if protocol is one of tcp, udp, icmp (mixing of upper | ||
| * and lower-case allowed) | ||
| * Returns true if protocol is one of the protocols recognized by the | ||
| * fwrule language. (Mixing of upper and lower-case is allowed.) | ||
| */ | ||
@@ -144,4 +143,13 @@ function validateProtocol(protocol) { | ||
| var protoLC = protocol.toLowerCase(); | ||
| return ((protoLC === 'tcp') || (protoLC === 'udp') || icmpr.test(protoLC)); | ||
| switch (protocol.toLowerCase()) { | ||
| case 'ah': | ||
| case 'esp': | ||
| case 'icmp': | ||
| case 'icmp6': | ||
| case 'tcp': | ||
| case 'udp': | ||
| return true; | ||
| default: | ||
| return false; | ||
| } | ||
| } | ||
@@ -148,0 +156,0 @@ |
| { | ||
| "name": "fwrule", | ||
| "description": "Parser for Joyent firewall rules", | ||
| "version": "1.4.1", | ||
| "version": "2.0.0", | ||
| "author": "Joyent (joyent.com)", | ||
@@ -13,3 +13,3 @@ "keywords": [ "smartos", "triton" ], | ||
| "ip6addr": "0.2.2", | ||
| "node-uuid": "1.2.0", | ||
| "uuid": "3.0.0", | ||
| "extsprintf": "1.0.1", | ||
@@ -20,5 +20,6 @@ "verror": "1.3.4" | ||
| "eslint": "2.13.1", | ||
| "eslint-plugin-joyent": "1.0.1", | ||
| "eslint-plugin-joyent": "1.3.0", | ||
| "faucet": "0.0.1", | ||
| "istanbul": "^0.4.0", | ||
| "railroad-diagrams": "1.0.0", | ||
| "jison": "0.4.2", | ||
@@ -33,2 +34,3 @@ "tape": "^4.2.2", | ||
| "scripts": { | ||
| "prepublish": "make docs parser", | ||
| "test": "make test" | ||
@@ -35,0 +37,0 @@ }, |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
New alerts
Unidentified License
License(Experimental) Something that seems like a license was found, but its contents could not be matched with a known license.
Found 1 instance in 1 package
Fixed alerts
Unidentified License
License(Experimental) Something that seems like a license was found, but its contents could not be matched with a known license.
Found 2 instances in 1 package
Improved metrics
- Number of package files
- increased by158.33%
31
- Number of low license alerts
- decreased by-20%
4
- Lines of code
- increased by6.26%
1681
Worsened metrics
- Total package byte prevSize
- decreased by-15.39%
117133
- Dev dependency count
- increased by14.29%
8
Dependency changes
+ Addeduuid@3.0.0
+ Addeduuid@3.0.0(transitive)
- Removednode-uuid@1.2.0
- Removednode-uuid@1.2.0(transitive)