NAME
Rex::Commands::Iptables - Iptable Management Commands
DESCRIPTION
With this Module you can manage basic Iptables rules.
Version <= 1.0: All these functions will not be reported.
Only open_port and close_port are idempotent.
SYNOPSIS
use Rex::Commands::Iptables;
task "firewall", sub {
iptables_clear;
open_port 22;
open_port [22, 80] => {
dev => "eth0",
};
close_port 22 => {
dev => "eth0",
};
close_port "all";
redirect_port 80 => 10080;
redirect_port 80 => {
dev => "eth0",
to => 10080,
};
default_state_rule;
default_state_rule dev => "eth0";
is_nat_gateway;
iptables t => "nat",
A => "POSTROUTING",
o => "eth0",
j => "MASQUERADE";
};
EXPORTED FUNCTIONS
- open_port($port, $option)
-
Open a port for inbound connections.
task "firewall", sub { open_port 22; open_port [22, 80]; open_port [22, 80], dev => "eth1"; }; task "firewall", sub { open_port 22, dev => "eth1", only_if => "test -f /etc/firewall.managed"; } ;
- close_port($port, $option)
-
Close a port for inbound connections.
task "firewall", sub { close_port 22; close_port [22, 80]; close_port [22, 80], dev => "eth0", only_if => "test -f /etc/firewall.managed"; };
- redirect_port($in_port, $option)
-
Redirect $in_port to another local port.
task "redirects", sub { redirect_port 80 => 10080; redirect_port 80 => { to => 10080, dev => "eth0", }; };
- iptables(@params)
-
Write standard iptable comands.
task "firewall", sub { iptables t => "nat", A => "POSTROUTING", o => "eth0", j => "MASQUERADE"; iptables t => "filter", i => "eth0", m => "state", state => "RELATED,ESTABLISHED", j => "ACCEPT"; iptables "flush"; iptables -F; iptables flush => "filter"; iptables -F => "filter"; };
- is_nat_gateway
-
This function creates a NAT gateway for the device the default route points to.
task "make-gateway", sub { is_nat_gateway; };
- default_state_rule(%option)
-
Set the default state rules for the given device.
task "firewall", sub { default_state_rule(dev => "eth0"); };
- iptables_list
-
List all iptables rules.
task "list-iptables", sub { print Dumper iptables_list; };
- iptables_clear
-
Remove all iptables rules.
task "no-firewall", sub { iptables_clear; };