Skip to content

dels/ript

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

30 Commits
conf
conf
 
 
example
example
 
 
lib
lib
 
 
src
src
 
 
.gitignore
.gitignore
 
 
README
README
 
 
ript.rb
ript.rb
 
 

Repository files navigation


RIPT (Ruby IPTables)

RIPT is a ruby script that creates a set of iptables rules
defineable by a JSON file. We wrote this script to simplify
the creation of rules for different interfaces and ip addresses. 

The main purpose is to configure rule creating and logging as easy as
possible. Thus, for packets that has been accepted, dropped, rejected 
etc. is configurable in both, global for all interfaces and for each 
interface.

The precicly configurable logging makes it easier to detect anomalies 
by AI algorithms that analyze the iptables logfile. 
It has been developed in a students project at the Universität Bremen
called FIDIUS.


Configuration

The ript.json is the configuration file hopefully almost self explaining.

But to set some system variables like
"/proc/sys/net/ipv4/icmp_echo_ignore_all" you need to edit the
ript.rb. These settings are (still) hardcoded but they are kept at the
upper part of the ript.rb. 

The ript.json.example should provide enough information to get this
script working. I am using this script also in more complex
configurations such as routers and VPN-Gateways. If you are interested in
more sophisticated examples feel free to e-mail me.

ATTENTION for remote usage: ript will deny all communication by
default. Please note that you have to allow all communication
explicitly be every interface!
A good start for testing your newly created ript.json is this command:
ruby ript.rb && sleep 10 && sh ./reset.sh
After executing this command you should see the message
"commited and saved iptables". If so, you can cancel the execution of 
reset.sh with CTRL-C
If you don't you just have to wait about 10 seconds. After that the
reset.sh file will reset the iptables and ip6tables rules to allow all 
communication by default again. 


Files

ript.rb			The ruby script
ript.json     		The configuration file (to be created by user)
ript.json.example	An example configuration file
reset.sh		Shell script which resets all iptables and
			ip6tables and sets INPUT, OUTPUT and FORWARD
			to ACCEPT per default
if-up.d/*		File for linux based linux systems. These
			files set up all iptables and ip6tables rules
			on system restart if configured in ript.json

About

Ruby IPTables

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages