railsmachine / moonshine_iptables
- Source
- Commits
- Network (0)
- Issues (0)
- Downloads (0)
- Wiki (1)
- Graphs
-
Branch:
master
| name | age | message | |
|---|---|---|---|
| |
README.rdoc | Thu Dec 17 13:17:15 -0800 2009 | |
| |
lib/ | Fri May 15 13:53:34 -0700 2009 | |
| |
moonshine/ | Tue Apr 28 08:14:24 -0700 2009 | |
| |
spec/ | Fri May 01 08:56:26 -0700 2009 |
README.rdoc
Moonshine_Iptables
A plugin for Moonshine
This plugin installs and configues iptables for your server. Just include the plugin and recipe, deploy, and you’ll have a nice secure system. By default, the firewall will:
- Allow inbound ESTABLISHED and RELATED traffic - Allow inbound icmp, smtp, ssh, http, https - Allow inbound connections to unprivileged ports in the 8000-10000 range - Allow outbound connections to anywhere - Block everything else
Instructions
- script/plugin install git://github.com/railsmachine/moonshine_iptables.git
- To customize rules, use the configure method, passing the
entire ruleset.
configure(:iptables => { :rules => [ '-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT', '-A INPUT -p icmp -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT', # <-- Custom: Allowing DNS '-A INPUT -p tcp -m tcp --dport 25 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT', '-A INPUT -s 127.0.0.1 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 8000:10000 -j ACCEPT', '-A INPUT -p udp -m udp --dport 8000:10000 -j ACCEPT' ]}) - Include the plugin and recipe in your Moonshine manifest.
plugin :iptables recipe :iptables
