Support for the Ruby 2.4 series has ended. See here for reference.
Simple Access Control Lists.
Access control lists are composed of “allow” and “deny” halves to control access. Use “all” or “*” to match any address. To match a specific address use any address or address mask that IPAddr can understand.
Example:
list = %w[ deny all allow 192.168.1.1 allow ::ffff:192.168.1.2 allow 192.168.1.3 ] # From Socket#peeraddr, see also ACL#allow_socket? addr = ["AF_INET", 10, "lc630", "192.168.1.3"] acl = ACL.new p acl.allow_addr?(addr) # => true acl = ACL.new(list, ACL::DENY_ALLOW) p acl.allow_addr?(addr) # => true
Default to allow
Default to deny
The current version of ACL
Creates a new ACL
from list
with an evaluation order
of DENY_ALLOW
or ALLOW_DENY
.
An ACL
list
is an Array of “allow” or “deny” and an address or address mask or “all” or “*” to match any address:
%w[
deny all
allow 192.0.2.2
allow 192.0.2.128/26
]
# File drb/acl.rb, line 173 def initialize(list=nil, order = DENY_ALLOW) @order = order @deny = ACLList.new @allow = ACLList.new install_list(list) if list end
Allow connections from addrinfo addr
? It must be formatted like Socket#peeraddr:
["AF_INET", 10, "lc630", "192.0.2.1"]
# File drb/acl.rb, line 197 def allow_addr?(addr) case @order when DENY_ALLOW return true if @allow.match(addr) return false if @deny.match(addr) return true when ALLOW_DENY return false if @deny.match(addr) return true if @allow.match(addr) return false else false end end
Allow connections from Socket soc
?
# File drb/acl.rb, line 185 def allow_socket?(soc) allow_addr?(soc.peeraddr) end