Simple Access Control Lists.
Access control lists are composed of “allow” and “deny” halves to control access. Use “all” or “*” to match any address. To match a specific address use any address or address mask that IPAddr can understand.
Example:
list = %w[
deny all
allow 192.168.1.1
allow ::ffff:192.168.1.2
allow 192.168.1.3
]
# From Socket#peeraddr, see also ACL#allow_socket?
addr = ["AF_INET", 10, "lc630", "192.168.1.3"]
acl = ACL.new
p acl.allow_addr?(addr) # => true
acl = ACL.new(list, ACL::DENY_ALLOW)
p acl.allow_addr?(addr) # => true
Namespace
- CLASS ACL::ACLEntry
- CLASS ACL::ACLList
Methods
- A
- I
- N
Constants
| VERSION | = | ["2.0.0"] |
The current version of ACL |
||
| DENY_ALLOW | = | 0 |
Default to deny |
||
| ALLOW_DENY | = | 1 |
Default to allow |
||
Class Public methods
new(list=nil, order = DENY_ALLOW)
Link
Creates a new ACL from list with an
evaluation order of DENY_ALLOW or ALLOW_DENY.
An ACL list is an Array of “allow” or
“deny” and an address or address mask or “all” or “*” to match any address:
%w[
deny all
allow 192.0.2.2
allow 192.0.2.128/26
]Instance Public methods
allow_addr?(addr)
Link
Allow connections from addrinfo addr? It must be formatted
like Socket#peeraddr:
["AF_INET", 10, "lc630", "192.0.2.1"]# File lib/drb/acl.rb, line 196 def allow_addr?(addr) case @order when DENY_ALLOW return true if @allow.match(addr) return false if @deny.match(addr) return true when ALLOW_DENY return false if @deny.match(addr) return true if @allow.match(addr) return false else false end end
install_list(list)
Link