Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Iptables setup and configuration through your Moonshine manifest
Ruby
Branch: master

Fetching latest commit…

Cannot retrieve the latest commit at this time

Failed to load latest commit information.
lib/moonshine
moonshine
spec
LICENSE
README.md

README.md

Moonshine_Iptables

A plugin for Moonshine

This plugin installs and configures iptables for your server. Just include the plugin and recipe, deploy, and you'll have a nice secure system.

By default, the firewall will:

  • Allow inbound ESTABLISHED and RELATED traffic
  • Allow inbound icmp, smtp, ssh, http, https
  • Allow inbound connections to unprivileged ports in the 8000-10000 range
  • Allow outbound connections to anywhere
  • Block everything else

Instructions

  • script/plugin install git://github.com/railsmachine/moonshine_iptables.git
  • To customize rules, use the configure method, passing the entire ruleset.

    
    configure(:iptables => { :rules => [
      '-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT',
      '-A INPUT -p icmp -j ACCEPT',
      '-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT',
      '-A INPUT -p tcp -m tcp --dport 25 -j ACCEPT',
      '-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT',
      '-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT',
      '-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT',
      '-A INPUT -s 127.0.0.1 -j ACCEPT',
      '-A INPUT -p tcp -m tcp --dport 8000:10000 -j ACCEPT',
      '-A INPUT -p udp -m udp --dport 8000:10000 -j ACCEPT'
    ]})
    
  • Include the recipe in your Moonshine manifest. recipe :iptables


Unless otherwise specified, all content copyright © 2014, Rails Machine, LLC

Something went wrong with that request. Please try again.