Iptables setup and configuration through your Moonshine manifest
Failed to load latest commit information.
lib/moonshine Quote modes. Apr 14, 2015
moonshine namespace and fix spec Jun 24, 2011
spec better support for changing chains Jun 24, 2011
LICENSE add MIT license Oct 18, 2010
README.md Update README.md Apr 30, 2014



A plugin for Moonshine

This plugin installs and configures iptables for your server. Just include the plugin and recipe, deploy, and you'll have a nice secure system.

By default, the firewall will:

  • Allow inbound ESTABLISHED and RELATED traffic
  • Allow inbound icmp, smtp, ssh, http, https
  • Allow inbound connections to unprivileged ports in the 8000-10000 range
  • Allow outbound connections to anywhere
  • Block everything else


  • script/plugin install git://github.com/railsmachine/moonshine_iptables.git
  • To customize rules, use the configure method, passing the entire ruleset.

    configure(:iptables => { :rules => [
      '-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT',
      '-A INPUT -p icmp -j ACCEPT',
      '-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT',
      '-A INPUT -p tcp -m tcp --dport 25 -j ACCEPT',
      '-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT',
      '-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT',
      '-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT',
      '-A INPUT -s -j ACCEPT',
      '-A INPUT -p tcp -m tcp --dport 8000:10000 -j ACCEPT',
      '-A INPUT -p udp -m udp --dport 8000:10000 -j ACCEPT'
  • Include the recipe in your Moonshine manifest. recipe :iptables

Unless otherwise specified, all content copyright © 2014, Rails Machine, LLC