NAME

VUser::Firewall::iptables - vuser extension for modifying iptables

DESCRIPTION

Writes a script containing given iptables rules. This script is not run unless the firewall|reload action is given or Extension Firewall:auto reload is set.

CONFIGURATION

 [vuser]
 extensions = Firewall::iptables
 
 [Extension Firewall::iptables]
 # Update multiple hosts in parellel
 fork = yes
 
 # The default chain to work on.
 default chain = FIREWALL
 
 [Extension Firewall::iptables-firewall1]
 # Skip this firewall
 skip = no
 
 # The path to the script to write.
 file = /etc/rc.d/rc.firewall
 
 # IP (or hostname) of the firewall to update. Comment out to modify
 # a local firewall.
 host = 192.168.1.1

 # SSH user to connect as. This user must also have permissions to write
 # the firewall script ('file' above) on the firewall
 user = root
 
 # The user's private ssh key. The public key must be added to the user's
 # .ssh/authorized_keys file.
 ssh key = /path/to/private_id.dsa

 # Restart command. The user specified above must have permission to run
 # this command. 
 restart = /etc/rc.d/rc.firewall
 

AUTHOR

Randy Smith <perlstalker@vuser.org>

LICENSE

 This file is part of vuser.
 
 vuser is free software; you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
 the Free Software Foundation; either version 2 of the License, or
 (at your option) any later version.
 
 vuser is distributed in the hope that it will be useful,
 but WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 GNU General Public License for more details.
 
 You should have received a copy of the GNU General Public License
 along with vuser; if not, write to the Free Software
 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA