Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Iptables setup and configuration through your Moonshine manifest
Fetching latest commit...
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.
moonshine namespace and fix spec


A plugin for Moonshine

This plugin installs and configures iptables for your server. Just include the plugin and recipe, deploy, and you'll have a nice secure system.

By default, the firewall will:

  • Allow inbound ESTABLISHED and RELATED traffic
  • Allow inbound icmp, smtp, ssh, http, https
  • Allow inbound connections to unprivileged ports in the 8000-10000 range
  • Allow outbound connections to anywhere
  • Block everything else


  • script/plugin install git://
  • To customize rules, use the configure method, passing the entire ruleset.

    configure(:iptables => { :rules => [
      '-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT',
      '-A INPUT -p icmp -j ACCEPT',
      '-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT',
      '-A INPUT -p tcp -m tcp --dport 25 -j ACCEPT',
      '-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT',
      '-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT',
      '-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT',
      '-A INPUT -s -j ACCEPT',
      '-A INPUT -p tcp -m tcp --dport 8000:10000 -j ACCEPT',
      '-A INPUT -p udp -m udp --dport 8000:10000 -j ACCEPT'
  • Include the recipe in your Moonshine manifest. recipe :iptables

Unless otherwise specified, all content copyright © 2014, Rails Machine, LLC

Something went wrong with that request. Please try again.