Rex::Commands::Iptables - Iptable Management Commands
With this Module you can manage basic Iptables rules.
Version <= 1.0: All these functions will not be reported.
Only open_port and close_port are idempotent.
use Rex::Commands::Iptables; task "firewall", sub { iptables_clear; open_port 22; open_port [22, 80] => { dev => "eth0", }; close_port 22 => { dev => "eth0", }; close_port "all"; redirect_port 80 => 10080; redirect_port 80 => { dev => "eth0", to => 10080, }; default_state_rule; default_state_rule dev => "eth0"; is_nat_gateway; iptables t => "nat", A => "POSTROUTING", o => "eth0", j => "MASQUERADE"; # The 'iptables' function also accepts long options, # however, options with dashes need to be quoted iptables table => "nat", accept => "POSTROUTING", "out-interface" => "eth0", jump => "MASQUERADE"; # Version of IP can be specified in the first argument # of any function: -4 or -6 (defaults to -4) iptables_clear -6; open_port -6, [22, 80]; close_port -6, "all"; redirect_port -6, 80 => 10080; default_state_rule -6; iptables -6, "flush"; iptables -6, t => "filter", A => "INPUT", i => "eth0", m => "state", state => "RELATED,ESTABLISHED", j => "ACCEPT"; };
Open a port for inbound connections.
task "firewall", sub { open_port 22; open_port [22, 80]; open_port [22, 80], dev => "eth1"; }; task "firewall", sub { open_port 22, dev => "eth1", only_if => "test -f /etc/firewall.managed"; } ;
Close a port for inbound connections.
task "firewall", sub { close_port 22; close_port [22, 80]; close_port [22, 80], dev => "eth0", only_if => "test -f /etc/firewall.managed"; };
Redirect $in_port to another local port.
task "redirects", sub { redirect_port 80 => 10080; redirect_port 80 => { to => 10080, dev => "eth0", }; };
Write standard iptable comands.
Note that there is a short form for the iptables --flush option; when you pass the option of -F|"flush" as the only argument, the command iptables -F is run on the connected host. With the two argument form of flush shown in the examples below, the second argument is table you want to flush.
--flush
-F|"flush"
iptables -F
flush
task "firewall", sub { iptables t => "nat", A => "POSTROUTING", o => "eth0", j => "MASQUERADE"; iptables t => "filter", i => "eth0", m => "state", state => "RELATED,ESTABLISHED", j => "ACCEPT"; # automatically flushes all tables; equivalent to 'iptables -F' iptables "flush"; iptables -F; # flush only the "filter" table iptables flush => "filter"; iptables -F => "filter"; }; # Note: options with dashes "-" need to be quoted to escape them from Perl task "long_form_firewall", sub { iptables table => "nat", append => "POSTROUTING", "out-interface" => "eth0", jump => "MASQUERADE"; iptables table => "filter", "in-interface" => "eth0", match => "state", state => "RELATED,ESTABLISHED", jump => "ACCEPT"; };
This function creates a NAT gateway for the device the default route points to.
task "make-gateway", sub { is_nat_gateway; is_nat_gateway -6; };
Set the default state rules for the given device.
task "firewall", sub { default_state_rule(dev => "eth0"); };
List all iptables rules.
task "list-iptables", sub { print Dumper iptables_list; print Dumper iptables_list -6; };
Remove all iptables rules.
task "no-firewall", sub { iptables_clear; };
To install Rex, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Rex
CPAN shell
perl -MCPAN -e shell install Rex
For more information on module installation, please visit the detailed CPAN module installation guide.