/ 
Rex-0.57.0
34 ++
 /  Rex::Commands::Iptables
  • 11 Jan 2015 18:00:03 GMT
  • Module version: 0.57.0
  • Source (raw)
  • Browse (raw)
  • Changes
  • Homepage
  • Clone repository
  • Issues (3)
  • Testers (364 / 19 / 0)
  • Kwalitee
  • License: apache_2_0
  • Activity
  • 24 month
  • Tools
  • MOBI | EPUB
  • Download (257.63Kb)
  • MetaCPAN Explorer
  • Rate this distribution
  • Subscribe to distribution
  • Permalinks
  • This version
  • Latest version
  • S.C.O
  • This version
  • Latest version
++ed by:
GARU KEEDI SALVA SZABGAB FUKAI

17 PAUSE user(s)
17 non-PAUSE user(s).

Jan Gehring
Endorse jfried on Coderwall

NAME

Rex::Commands::Iptables - Iptable Management Commands

DESCRIPTION

With this Module you can manage basic Iptables rules.

Version <= 1.0: All these functions will not be reported.

Only open_port and close_port are idempotent.

SYNOPSIS

 use Rex::Commands::Iptables;
 
 task "firewall", sub {
   iptables_clear;
 
   open_port 22;
   open_port [22, 80] => {
     dev => "eth0",
   };
 
   close_port 22 => {
     dev => "eth0",
   };
   close_port "all";
 
   redirect_port 80 => 10080;
   redirect_port 80 => {
     dev => "eth0",
     to  => 10080,
   };
 
   default_state_rule;
   default_state_rule dev => "eth0";
 
   is_nat_gateway;
 
   iptables t => "nat",
         A => "POSTROUTING",
         o => "eth0",
         j => "MASQUERADE";
 
 };

EXPORTED FUNCTIONS

open_port($port, $option)

Open a port for inbound connections.

 task "firewall", sub {
   open_port 22;
   open_port [22, 80];
   open_port [22, 80],
     dev => "eth1";
 };
 
 task "firewall", sub {
  open_port 22,
    dev    => "eth1",
    only_if => "test -f /etc/firewall.managed";
} ;
close_port($port, $option)

Close a port for inbound connections.

 task "firewall", sub {
   close_port 22;
   close_port [22, 80];
   close_port [22, 80],
     dev    => "eth0",
     only_if => "test -f /etc/firewall.managed";
 };
redirect_port($in_port, $option)

Redirect $in_port to an other local port.

 task "redirects", sub {
   redirect_port 80 => 10080;
   redirect_port 80 => {
     to  => 10080,
     dev => "eth0",
   };
 };
iptables(@params)

Write standard iptable comands.

 task "firewall", sub {
   iptables t => "nat", A => "POSTROUTING", o => "eth0", j => "MASQUERADE";
   iptables t => "filter", i => "eth0", m => "state", state => "RELATED,ESTABLISHED", j => "ACCEPT";
 
   iptables "flush";
   iptables -F;
   iptables flush => "filter";
   iptables -F => "filter";
 };
is_nat_gateway

This function creates a NAT gateway for the device the default route points to.

 task "make-gateway", sub {
   is_nat_gateway;
 };
default_state_rule(%option)

Set the default state rules for the given device.

 task "firewall", sub {
   default_state_rule(dev => "eth0");
 };
iptables_list

List all iptables rules.

 task "list-iptables", sub {
   print Dumper iptables_list;
 };
iptables_clear

Remove all iptables rules.

 task "no-firewall", sub {
   iptables_clear;
 };