A Ruby DSL for writing Linux Netfilter/iptables firewall rules
Ruby
Latest commit 2e86e31 Feb 23, 2010 @johnl More Chain rspecs
- Fixed bug in Chain#is_builting?
- New feature: Chain#jump should accept a chain object as an argument
Permalink
Failed to load latest commit information.
lib More Chain rspecs Feb 23, 2010
spec More Chain rspecs Feb 23, 2010
test
.gitignore * Initial import Nov 24, 2008
LICENSE Added LICENSE and README Feb 22, 2010
README.rdoc Added LICENSE and README Feb 22, 2010
Rakefile Initial rspec specs, starting with Protocols Feb 21, 2010

README.rdoc

Netfilter.rb

netfilter.rb is a Ruby Library/DSL for writing Linux Netfilter/iptables firewall rules.

It's currently in alpha status - a proof of concept that I'm writing rspecs for to start developing (and using) it properly.

Example use

require 'lib/netfilter.rb'
include Netfilter
include Netfilter::Protocols

filter.input.policy = :drop
filter.input.accept :in => :lo
filter.input.accept :state => :established
filter.input.accept :dport => udp(500,4500)
filter.input.accept :protocol => [:esp, 4, :ah]

trusted = filter.new_chain("trusted")
open("trusted-ips.txt").readlines.each do |ip|

trusted.accept :src => ip

end
filter.input.jump :dport => tcp(22, 25, 110, 6667..6669), :chain => trusted

filter.input.with_scope :src => '66.77.88.99' do
  accept :dport => tcp(80)
  log :prefix => 'audited: '
  reject
end

filter.input.drop :dport => [tcp(139,445), udp(135..137)]
filter.input.log :prefix => 'INPUT: ', :limit => '3/s', :burst => 6

render_netfilter

More Info

Author

John Leach (john@johnleach.co.uk)

Copyright

Copyright © 2010 John Leach

License

GPL 3.0

Github

github.com/johnl/netfilter.rb/tree/master