This repository is private.
All pages are served over SSL and all pushing and pulling is done over SSH.
No one may fork, clone, or view it unless they are added as a member.
Every repository with this icon (
) is private.
Every repository with this icon (
) is private.
This repository is public.
Anyone may fork, clone, or view it.
Every repository with this icon () is public.
Every repository with this icon (
) is public.
| name | age | message | |
|---|---|---|---|
 |
README.rdoc | Fri May 01 08:56:36 -0700 2009 | |
 |
lib/ | Fri May 15 13:53:34 -0700 2009 | |
| |
moonshine/ | Tue Apr 28 08:14:24 -0700 2009 | |
| |
spec/ | Fri May 01 08:56:26 -0700 2009 |
README.rdoc
Moonshine_Iptables
A plugin for Moonshine
This plugin installs and configues iptables for your server. Just include the plugin and recipe, deploy, and you’ll have a nice secure system. By default, the firewall will:
- Allow inbound ESTABLISHED and RELATED traffic - Allow inbound icmp, smtp, ssh, http, https - Allow inbound connections to unprivileged ports in the 8000-10000 range - Allow outbound connections to anywhere - Block everything else
Instructions
- script/plugin install git://github.com/railsmachine/moonshine_iptables.git
- To customize rules, use the configure method, passing the
entire ruleset.
configure (:iptables => { :rules => [ '-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT', '-A INPUT -p icmp -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT', # <-- Custom: Allowing DNS '-A INPUT -p tcp -m tcp --dport 25 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT', '-A INPUT -s 127.0.0.1 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 8000:10000 -j ACCEPT', '-A INPUT -p udp -m udp --dport 8000:10000 -j ACCEPT' ]}} - Include the plugin and recipe in your Moonshine manifest.
plugin :iptables recipe :iptables
