Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Iptables setup and configuration through your Moonshine manifest
Ruby
branch: master

This branch is 4 commits ahead, 18 commits behind railsmachine:master

Fetching latest commit…

Cannot retrieve the latest commit at this time

Failed to load latest commit information.
lib/moonshine
moonshine
recipes
spec
README.rdoc

README.rdoc

Moonshine_Iptables

A plugin for Moonshine

This plugin installs and configues iptables for your server. Just include the plugin and recipe, deploy, and you'll have a nice secure system. By default, the firewall will:

- Allow inbound ESTABLISHED and RELATED traffic
- Allow inbound icmp, smtp, ssh, http, https
- Allow inbound connections to unprivileged ports in the 8000-10000 range
- Allow outbound connections to anywhere
- Block everything else

Instructions

  • script/plugin install git://github.com/railsmachine/moonshine_iptables.git

  • To customize rules, use the configure method, passing the entire ruleset.

    configure(:iptables => { :rules => [
      '-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT',
      '-A INPUT -p icmp -j ACCEPT',
      '-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT',  # <-- Custom: Allowing DNS
      '-A INPUT -p tcp -m tcp --dport 25 -j ACCEPT',
      '-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT',
      '-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT',
      '-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT',
      '-A INPUT -s 127.0.0.1 -j ACCEPT',
      '-A INPUT -p tcp -m tcp --dport 8000:10000 -j ACCEPT',
      '-A INPUT -p udp -m udp --dport 8000:10000 -j ACCEPT'
    ]})
  • Include the plugin and recipe in your Moonshine manifest.

    plugin :iptables
    recipe :iptables
Something went wrong with that request. Please try again.