Skip to content

A Ruby DSL for writing Linux Netfilter/iptables firewall rules

License

Notifications You must be signed in to change notification settings

rodrei/netfilter.rb

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Netfilter.rb

netfilter.rb is a Ruby Library/DSL for writing Linux Netfilter/iptables firewall rules.

It’s currently in alpha status - a proof of concept that I’m writing rspecs for to start developing (and using) it properly.

Example use

require 'lib/netfilter.rb'
include Netfilter
include Netfilter::Protocols

filter.input.policy = :drop
filter.input.accept :in => :lo
filter.input.accept :state => :established
filter.input.accept :dport => udp(500,4500)
filter.input.accept :protocol => [:esp, 4, :ah]

trusted = filter.new_chain("trusted")
open("trusted-ips.txt").readlines.each do |ip|

trusted.accept :src => ip

end
filter.input.jump :dport => tcp(22, 25, 110, 6667..6669), :chain => trusted

filter.input.with_scope :src => '66.77.88.99' do
  accept :dport => tcp(80)
  log :prefix => 'audited: '
  reject
end

filter.input.drop :dport => [tcp(139,445), udp(135..137)]
filter.input.log :prefix => 'INPUT: ', :limit => '3/s', :burst => 6

render_netfilter

More Info

Author

John Leach ([email protected])

Copyright

Copyright © 2010 John Leach

License

GPL 3.0

Github

github.com/johnl/netfilter.rb/tree/master

About

A Ruby DSL for writing Linux Netfilter/iptables firewall rules

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published