Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Iptables setup and configuration through your Moonshine manifest
Branch: master

Fetching latest commit…

Cannot retrieve the latest commit at this time

Failed to load latest commit information.
moonshine namespace and fix spec


A plugin for Moonshine

This plugin installs and configures iptables for your server. Just include the plugin and recipe, deploy, and you'll have a nice secure system.

By default, the firewall will:

  • Allow inbound ESTABLISHED and RELATED traffic
  • Allow inbound icmp, smtp, ssh, http, https
  • Allow inbound connections to unprivileged ports in the 8000-10000 range
  • Allow outbound connections to anywhere
  • Block everything else


  • script/plugin install git://
  • To customize rules, use the configure method, passing the entire ruleset.

    configure(:iptables => { :rules => [
      '-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT',
      '-A INPUT -p icmp -j ACCEPT',
      '-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT',
      '-A INPUT -p tcp -m tcp --dport 25 -j ACCEPT',
      '-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT',
      '-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT',
      '-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT',
      '-A INPUT -s -j ACCEPT',
      '-A INPUT -p tcp -m tcp --dport 8000:10000 -j ACCEPT',
      '-A INPUT -p udp -m udp --dport 8000:10000 -j ACCEPT'
  • Include the recipe in your Moonshine manifest. recipe :iptables

Unless otherwise specified, all content copyright © 2014, Rails Machine, LLC

Something went wrong with that request. Please try again.