Simple Access Control List. ACL can test the socket for access.
list = %w( deny all allow 192.168.1.* allow 127.0.0.1 ) acl = ACL.new(list, ACL::DENY_ALLOW) ... ns = soc.accept unless acl.allow_socket?(ns) # forbidden end
Hosts is one of following
All hosts -- -- "all", "*"
A full/partial IP address -- "192.168.1.1", "192.168.1.*", "192.168.*.1", "*.*.1.1", "::ffff:192.168.*.*", "*:192.168.1.1"
A full/partial domain-name -- "host.*", "host", "*.domain.jp"
Object
ACL.new(list=nil, order=DENY_ALLOW)
Create ACL.
ACL#allow_scoket?(soc)
Test soc for access. Return true, if soc.peer_addr is allowd.
ACL#allow_addr?(addr)
Test addr for access. Return true, if addr is allowed.
ACL#install_list(list)
Install rules. First element of list is either 'deny' or 'allow', And next elemnt is HOST expression, and so forth. example
list = %w( deny all allow 192.168.1.* allow 127.0.0.1 )
ACL::DENY_ALLOW
The deny list are evaluated before the allow list. (The initial state is OK.)
ACL::ALLOW_DENY
The allow list are evaluated before the deny list. (The initial state is FORBIDDEN.)
Copyright (c) 2000 Masatoshi SEKI m_seki@mva.biglobe.ne.jp