NAME
Rex::Commands::Iptables - Iptable Management Commands
DESCRIPTION
With this Module you can manage basic Iptables rules.
SYNOPSIS
use Rex::Commands::Iptables;
task "firewall", sub {
iptables_clear;
open_port 22;
open_port [22, 80] => {
dev => "eth0",
};
close_port 22 => {
dev => "eth0",
};
close_port "all";
redirect_port 80 => 10080;
redirect_port 80 => {
dev => "eth0",
to => 10080,
};
default_state_rule;
default_state_rule dev => "eth0";
is_nat_gateway;
iptables t => "nat",
A => "POSTROUTING",
o => "eth0",
j => "MASQUERADE";
};EXPORTED FUNCTIONS
- open_port($port, $option)
-
Open a port for inbound connections.
task "firewall", sub { open_port 22; open_port [22, 80]; open_port [22, 80] => { dev => "eth1", }; }; - close_port($port, $option)
-
Close a port for inbound connections.
task "firewall", sub { close_port 22; close_port [22, 80]; close_port [22, 80] => { dev => "eth0", }; }; - redirect_port($in_port, $option)
-
Redirect $in_port to an other local port.
task "redirects", sub { redirect_port 80 => 10080; redirect_port 80 => { to => 10080, dev => "eth0", }; }; - iptables(@params)
-
Write standard iptable comands.
task "firewall", sub { iptables t => "nat", A => "POSTROUTING", o => "eth0", j => "MASQUERADE"; iptables t => "filter", i => "eth0", m => "state", state => "RELATED,ESTABLISHED", j => "ACCEPT"; iptables "flush"; iptables -F; iptables flush => "filter"; iptables -F => "filter"; }; - is_nat_gateway
-
This function create a nat gateway for the device the default route points to.
task "make-gateway", sub { is_nat_gateway; }; - default_state_rule(%option)
-
Set the default state rules for the given device.
task "firewall", sub { default_state_rule(dev => "eth0"); }; - iptables_list
-
List all iptables rules.
task "list-iptables", sub { print Dumper iptables_list; }; - iptables_clear
-
Remove all iptables rules.
task "no-firewall", sub { iptables_clear; };