Maintenance of Ruby 2.0.0 ended on February 24, 2016. Read more
Simple Access Control Lists.
Access control lists are composed of “allow” and “deny” halves to control access. Use “all” or “*” to match any address. To match a specific address use any address or address mask that IPAddr can understand.
Example:
list = %w[ deny all allow 192.168.1.1 allow ::ffff:192.168.1.2 allow 192.168.1.3 ] # From Socket#peeraddr, see also ACL#allow_socket? addr = ["AF_INET", 10, "lc630", "192.168.1.3"] acl = ACL.new p acl.allow_addr?(addr) # => true acl = ACL.new(list, ACL::DENY_ALLOW) p acl.allow_addr?(addr) # => true
Default to allow
Default to deny
The current version of ACL
Creates a new ACL from list
with an
evaluation order
of DENY_ALLOW or ALLOW_DENY.
An ACL list
is an Array of “allow” or
“deny” and an address or address mask or “all” or “*” to match any address:
%w[
deny all
allow 192.0.2.2
allow 192.0.2.128/26
]
# File drb/acl.rb, line 172 def initialize(list=nil, order = DENY_ALLOW) @order = order @deny = ACLList.new @allow = ACLList.new install_list(list) if list end
Allow connections from addrinfo addr
? It must be formatted
like Socket#peeraddr:
["AF_INET", 10, "lc630", "192.0.2.1"]
# File drb/acl.rb, line 196 def allow_addr?(addr) case @order when DENY_ALLOW return true if @allow.match(addr) return false if @deny.match(addr) return true when ALLOW_DENY return false if @deny.match(addr) return true if @allow.match(addr) return false else false end end
Allow connections from Socket soc
?
# File drb/acl.rb, line 184 def allow_socket?(soc) allow_addr?(soc.peeraddr) end
Adds list
of ACL entries to this ACL.
# File drb/acl.rb, line 216 def install_list(list) i = 0 while i < list.size permission, domain = list.slice(i,2) case permission.downcase when 'allow' @allow.add(domain) when 'deny' @deny.add(domain) else raise "Invalid ACL entry #{list.to_s}" end i += 2 end end