Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Iptables setup and configuration through your Moonshine manifest

branch: master

Fetching latest commit…

Octocat-spinner-32-eaf2f5

Cannot retrieve the latest commit at this time

Octocat-spinner-32 lib
Octocat-spinner-32 moonshine
Octocat-spinner-32 spec
Octocat-spinner-32 LICENSE
Octocat-spinner-32 README.rdoc
README.rdoc

Moonshine_Iptables

A plugin for Moonshine

This plugin installs and configures iptables for your server. Just include the plugin and recipe, deploy, and you'll have a nice secure system. By default, the firewall will:

- Allow inbound ESTABLISHED and RELATED traffic
- Allow inbound icmp, smtp, ssh, http, https
- Allow inbound connections to unprivileged ports in the 8000-10000 range
- Allow outbound connections to anywhere
- Block everything else

Instructions

  • script/plugin install git://github.com/railsmachine/moonshine_iptables.git

  • To customize rules, use the configure method, passing the entire ruleset.

    configure(:iptables => { :rules => [
      '-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT',
      '-A INPUT -p icmp -j ACCEPT',
      '-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT',  # <-- Custom: Allowing DNS
      '-A INPUT -p tcp -m tcp --dport 25 -j ACCEPT',
      '-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT',
      '-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT',
      '-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT',
      '-A INPUT -s 127.0.0.1 -j ACCEPT',
      '-A INPUT -p tcp -m tcp --dport 8000:10000 -j ACCEPT',
      '-A INPUT -p udp -m udp --dport 8000:10000 -j ACCEPT'
    ]})
  • Include the recipe in your Moonshine manifest.

    recipe :iptables
Something went wrong with that request. Please try again.