@@ -1,20 +1,20 @@ = Moonshine_Iptables -== A plugin for Moonshine[http://github.com/railsmachine/moonshine] +=== A plugin for Moonshine[http://github.com/railsmachine/moonshine] -=== Instructions - -* <tt>script/plugin install git://github.com/railsmachine/moonshine_iptables.git</tt> -* Include the plugin and recipe in your Moonshine manifest. - plugin :iptables - recipe :iptables -* The default iptables rules: +This plugin installs and configues iptables for your server. Just include the +plugin and recipe, deploy, and you'll have a nice secure system. +By default, the firewall will: - Allow inbound ESTABLISHED and RELATED traffic - Allow inbound icmp, smtp, ssh, http, https - Allow inbound connections to unprivileged ports in the 8000-10000 range - Allow outbound connections to anywhere -* For custom rules, use the <tt>configure</tt> method before calling the - <tt>iptables</tt> recipe. You will need to pass the *entire* ruleset. + - Block everything else + +=== Instructions + +* <tt>script/plugin install git://github.com/railsmachine/moonshine_iptables.git</tt> +* To customize rules, use the <tt>configure</tt> method, passing the *entire* ruleset. configure (:iptables => { :rules => [ '-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT', @@ -28,3 +28,6 @@ '-A INPUT -p tcp -m tcp --dport 8000:10000 -j ACCEPT', '-A INPUT -p udp -m udp --dport 8000:10000 -j ACCEPT' ]}} +* Include the plugin and recipe in your Moonshine manifest. + plugin :iptables + recipe :iptables README.rdoc 434372690678e49af9c4ac6be06d0b42968cf4f6 Rob Lingle rob@actsasif.com http://github.com/railsmachine/moonshine_iptables/commit/2bc2fad2939698a77796ec1988901700ae0bb26d 2bc2fad2939698a77796ec1988901700ae0bb26d 2009-05-01T08:56:36-07:00 2009-05-01T08:56:36-07:00 updating docs 8f3001d9eb1cf592be748b98098d6d241eb39c04 Rob Lingle rob@actsasif.com