ipmangle - Manage iptables rules with YAML files
usage: ipmangle --config=[file] [ test | commit | dump | out=[file] ] --config | takes a YAML file --dump | prints processed iptable rules to stdout --commit | commits rules --test | tests rules out=[file] | dumps iptables rules to file
The configuration file is a YAML data-structure interpreted by the IPTables::Mangle module.
filter: forward: { default: drop } foo: rules: - src: 9.9.9.9 - src: 10.10.10.10 action: drop input: # by default, do not allow any connections unless authorized # in the rules below default: drop # by default, if no "action" is given to a rule below, accept it default_rule_action: accept rules: # Accept all traffic on loopback interface - in-interface: lo # Don't disconnect existing connections during a rule change. - { match: state, state: 'ESTABLISHED,RELATED' } # Allow for pings (no more than 10 a second) - { protocol: icmp, icmp-type: 8, match: limit, limit: 10/sec } # Allow these IPs, no matter what - src: 123.123.123.123 # example of blocking an IP - { action: drop, src: 8.8.8.8 } # example of allowing ip to connect to port 25 (smtp) (one-line) - { protocol: tcp, dport: 25, src: 4.2.2.2 } # jump to rules defined in "foo" above - action: foo # if there are no more rules, reject the connection with icmp, don't just let it hang - action: reject action_options: reject-with: icmp-admin-prohibited
Bizowie <http://bizowie.com>
Copyright (C) 2013 Bizowie
This library is free software. You can redistribute it and/or modify it under the same terms as Perl itself.
To install IPTables::Mangle, copy and paste the appropriate command in to your terminal.
cpanm
cpanm IPTables::Mangle
CPAN shell
perl -MCPAN -e shell install IPTables::Mangle
For more information on module installation, please visit the detailed CPAN module installation guide.