-
Notifications
You must be signed in to change notification settings - Fork 17
/
Copy pathxtables_version.rb
84 lines (76 loc) · 2.66 KB
/
xtables_version.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
#
# xtables_version.rb
#
# This fact provides version of the user-space utilities like "iptables",
# "ip6tables", "ebtables" and "arptables" when present. All these tools
# interact with modern Linux Kernel and its firewall called Netfilter (the
# kernel-space component) and work either in Layer 2 and/or Layer 3 OSI
# networking model ...
#
# Known utilities, their names and short description:
#
# iptables - "Administration tool for IPv4 packet filtering and NAT",
# ip6tables - "IPv6 packet filter administration",
# ebtables - "Ethernet bridge frame table administration",
# arptables - "ARP table administration";
#
if Facter.value(:kernel) == 'Linux'
# We grab the class to use for any future calls to static "exec" method ...
resolution = Facter::Util::Resolution
#
# Modern Linux distributions offer "iptables", "ip6tables", "ebtables" and
# "arptables" binaries from under the "/sbin" directory. Therefore we will
# simply use "/sbin/iptables" (similarly for "ebtables", etc ...) when asking
# for the software version ...
#
# We work-around an issue in Facter #10278 by forcing locale settings ...
ENV['LC_ALL'] = 'C'
# Both "iptables" and "ip6tables" will have the same version in 99% of cases ...
if File.exists?('/sbin/iptables')
Facter.add('iptables_version') do
confine :kernel => :linux
setcode do
version = resolution.exec('/sbin/iptables -V 2> /dev/null').strip
version.split(/\s+v?/)[1]
end
end
end
if File.exists?('/sbin/ip6tables')
Facter.add('ip6tables_version') do
confine :kernel => :linux
setcode do
version = resolution.exec('/sbin/ip6tables -V 2> /dev/null').strip
version.split(/\s+v?/)[1]
end
end
end
if File.exists?('/sbin/ebtables')
Facter.add('ebtables_version') do
confine :kernel => :linux
setcode do
version = resolution.exec('/sbin/ebtables -V 2> /dev/null').strip
version.split(/\s+v?/)[1]
end
end
end
#
# Worth noting is that "arptables" will complain for non-root users but
# even despite that we can still retrieve its version ...
#
# When it complains the output will resemble the following format:
#
# arptables v0.0.3.4: can't initialize arptables table `filter': Permission denied (you must be root)
# Perhaps arptables or your kernel needs to be upgraded.
#
if File.exists?('/sbin/arptables')
Facter.add('arptables_version') do
confine :kernel => :linux
setcode do
version = resolution.exec('/sbin/arptables -V 2>&1').split('\n')[0]
version.split(/\s+v?/)[1].sub(':', '')
end
end
end
end
# vim: set ts=2 sw=2 et :
# encoding: utf-8