GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages


Manual Reference Pages  -  REX::COMMANDS::IPTABLES (3)

.ds Aq ’

NAME

Rex::Commands::Iptables - Iptable Management Commands

CONTENTS

DESCRIPTION

With this Module you can manage basic Iptables rules.

Version <= 1.0: All these functions will not be reported.

Only open_port and close_port are idempotent.

SYNOPSIS



 use Rex::Commands::Iptables;

 task "firewall", sub {
   iptables_clear;

   open_port 22;
   open_port [22, 80] => {
     dev => "eth0",
   };

   close_port 22 => {
     dev => "eth0",
   };
   close_port "all";

   redirect_port 80 => 10080;
   redirect_port 80 => {
     dev => "eth0",
     to  => 10080,
   };

   default_state_rule;
   default_state_rule dev => "eth0";

   is_nat_gateway;

   iptables t => "nat",
         A => "POSTROUTING",
         o => "eth0",
         j => "MASQUERADE";

   # The iptables function also accepts long options,
   # however, options with dashes need to be quoted
   iptables table => "nat",
         accept          => "POSTROUTING",
         "out-interface" => "eth0",
         jump            => "MASQUERADE";

   # Version of IP can be specified in the first argument
   # of any function: -4 or -6 (defaults to -4)
   iptables_clear -6;

   open_port -6, [22, 80];
   close_port -6, "all";
   redirect_port -6, 80 => 10080;
   default_state_rule -6;

   iptables -6, "flush";
   iptables -6,
         t     => "filter",
         A     => "INPUT",
         i     => "eth0",
         m     => "state",
         state => "RELATED,ESTABLISHED",
         j     => "ACCEPT";
 };



EXPORTED FUNCTIONS

open_port($port, CW$option)

Open a port for inbound connections.



 task "firewall", sub {
   open_port 22;
   open_port [22, 80];
   open_port [22, 80],
     dev => "eth1";
 };

 task "firewall", sub {
  open_port 22,
    dev    => "eth1",
    only_if => "test -f /etc/firewall.managed";
} ;



close_port($port, CW$option)

Close a port for inbound connections.



 task "firewall", sub {
   close_port 22;
   close_port [22, 80];
   close_port [22, 80],
     dev    => "eth0",
     only_if => "test -f /etc/firewall.managed";
 };



redirect_port($in_port, CW$option)

Redirect $in_port to another local port.



 task "redirects", sub {
   redirect_port 80 => 10080;
   redirect_port 80 => {
     to  => 10080,
     dev => "eth0",
   };
 };



    iptables(@params)

Write standard iptable comands.

Note that there is a short form for the iptables --flush option; when you pass the option of -F|"flush" as the only argument, the command iptables -F is run on the connected host. With the two argument form of flush shown in the examples below, the second argument is table you want to flush.



 task "firewall", sub {
   iptables t => "nat", A => "POSTROUTING", o => "eth0", j => "MASQUERADE";
   iptables t => "filter", i => "eth0", m => "state", state => "RELATED,ESTABLISHED", j => "ACCEPT";

   # automatically flushes all tables; equivalent to iptables -F
   iptables "flush";
   iptables -F;

   # flush only the "filter" table
   iptables flush => "filter";
   iptables -F => "filter";
 };

 # Note: options with dashes "-" need to be quoted to escape them from Perl
 task "long_form_firewall", sub {
   iptables table => "nat",
        append          => "POSTROUTING",
        "out-interface" => "eth0",
        jump            => "MASQUERADE";
   iptables table => "filter",
        "in-interface" => "eth0",
        match          => "state",
        state          => "RELATED,ESTABLISHED",
        jump           => "ACCEPT";
 };



    is_nat_gateway

This function creates a NAT gateway for the device the default route points to.



 task "make-gateway", sub {
   is_nat_gateway;
   is_nat_gateway -6;
 };



    default_state_rule(%option)

Set the default state rules for the given device.



 task "firewall", sub {
   default_state_rule(dev => "eth0");
 };



    iptables_list

List all iptables rules.



 task "list-iptables", sub {
   print Dumper iptables_list;
   print Dumper iptables_list -6;
 };



    iptables_clear

Remove all iptables rules.



 task "no-firewall", sub {
   iptables_clear;
 };



Search for    or go to Top of page |  Section 3 |  Main Index


perl v5.20.3 REX::COMMANDS::IPTABLES (3) 2016-03-07

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.