1 | 'use strict'
|
2 |
|
3 | let cli = require('heroku-cli-util')
|
4 | let co = require('co')
|
5 |
|
6 | function * run (context, heroku) {
|
7 | let lib = require('../../lib/outbound-rules')(heroku)
|
8 | let space = context.flags.space
|
9 | if (!space) throw new Error('Space name required.')
|
10 | let ruleset = yield lib.getOutboundRules(space)
|
11 | ruleset.rules = ruleset.rules || []
|
12 | let ports = yield lib.parsePorts(context.flags.protocol, context.flags.port)
|
13 | ruleset.rules.push({
|
14 | target: context.flags.dest,
|
15 | from_port: ports[0],
|
16 | to_port: ports[1] || ports[0],
|
17 | protocol: context.flags.protocol})
|
18 | ruleset = yield lib.putOutboundRules(space, ruleset)
|
19 | cli.log(`Added rule to the Outbound Rules of ${cli.color.cyan.bold(space)}`)
|
20 | cli.warn('Modifying the Outbound Rules may break Add-ons for Apps in this Private Space')
|
21 | }
|
22 |
|
23 | module.exports = {
|
24 | topic: 'outbound-rules',
|
25 | command: 'add',
|
26 | description: 'Add outbound rules to a Private Space',
|
27 | help: `
|
28 | The destination flag uses CIDR notation.
|
29 |
|
30 | Example:
|
31 | $ heroku outbound-rules:add --space my-space --dest 192.168.2.0/24 --protocol tcp --port 80
|
32 | Added 192.168.0.1/24 to the outbound rules on my-space
|
33 |
|
34 | Example with port range:
|
35 | $ heroku outbound-rules:add --space my-space --dest 192.168.2.0/24 --protocol tcp --port 80-100
|
36 | Added 192.168.0.1/24 to the outbound rules on my-space
|
37 |
|
38 | Example opening up everything
|
39 | $ heroku outbound-rules:add --space my-space --dest 0.0.0.0/0 --protocol any --port any
|
40 | Added 0.0.0.0/0 to the outbound rules on my-space
|
41 |
|
42 | ICMP Rules
|
43 | The ICMP protocol has types, not ports, but the underlying systems treat them as the same. For this reason,
|
44 | when you want to allow ICMP traffic you will use the --port flag to specify the ICMP types you want to
|
45 | allow. ICMP types are numbered, 0-255.
|
46 | `,
|
47 | needsApp: false,
|
48 | needsAuth: true,
|
49 | args: [],
|
50 | flags: [
|
51 | {name: 'space', char: 's', hasValue: true, description: 'space to add rule to'},
|
52 | {name: 'confirm', hasValue: true, description: 'set to space name to bypass confirm prompt'},
|
53 | {name: 'dest', hasValue: true, description: 'target CIDR block dynos are allowed to communicate with'},
|
54 | {name: 'protocol', hasValue: true, description: 'the protocol dynos are allowed to use when communicating with hosts in destination CIDR block. Valid protocols are "tcp", "udp", "icmp", "0-255" and "any".'},
|
55 | {name: 'port', hasValue: true, description: 'the port dynos are allowed to use when communicating with hosts in destination CIDR block. Accepts a range in `<lowest port>-<highest port>` format. 0 is the minimum. The maximum port allowed is 65535, except for ICMP with a maximum of 255.'}
|
56 | ],
|
57 | run: cli.command(co.wrap(run))
|
58 | }
|