Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

A Ruby DSL for writing Linux Netfilter/iptables firewall rules

branch: master

Fetching latest commit…

Octocat-spinner-32-eaf2f5

Cannot retrieve the latest commit at this time

Octocat-spinner-32 lib
Octocat-spinner-32 spec
Octocat-spinner-32 test
Octocat-spinner-32 .gitignore
Octocat-spinner-32 LICENSE
Octocat-spinner-32 README.rdoc
Octocat-spinner-32 Rakefile
README.rdoc

Netfilter.rb

netfilter.rb is a Ruby Library/DSL for writing Linux Netfilter/iptables firewall rules.

It's currently in alpha status - a proof of concept that I'm writing rspecs for to start developing (and using) it properly.

Example use

require 'lib/netfilter.rb'
include Netfilter
include Netfilter::Protocols

filter.input.policy = :drop
filter.input.accept :in => :lo
filter.input.accept :state => :established
filter.input.accept :dport => udp(500,4500)
filter.input.accept :protocol => [:esp, 4, :ah]

trusted = filter.new_chain("trusted")
open("trusted-ips.txt").readlines.each do |ip|

trusted.accept :src => ip

end
filter.input.jump :dport => tcp(22, 25, 110, 6667..6669), :chain => trusted

filter.input.with_scope :src => '66.77.88.99' do
  accept :dport => tcp(80)
  log :prefix => 'audited: '
  reject
end

filter.input.drop :dport => [tcp(139,445), udp(135..137)]
filter.input.log :prefix => 'INPUT: ', :limit => '3/s', :burst => 6

render_netfilter

More Info

Author

John Leach (john@johnleach.co.uk)

Copyright

Copyright © 2010 John Leach

License

GPL 3.0

Github

github.com/johnl/netfilter.rb/tree/master

Something went wrong with that request. Please try again.