{"id":38286945,"url":"https://github.com/ctxswitch/shutter","last_synced_at":"2026-01-17T02:04:14.438Z","repository":{"id":3676813,"uuid":"4746327","full_name":"ctxswitch/shutter","owner":"ctxswitch","description":"Generate iptables rules from simple configuration files","archived":false,"fork":false,"pushed_at":"2013-07-05T21:50:47.000Z","size":248,"stargazers_count":0,"open_issues_count":1,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2026-01-14T11:21:17.058Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ctxswitch.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2012-06-22T01:22:44.000Z","updated_at":"2019-05-05T18:58:44.000Z","dependencies_parsed_at":"2022-09-01T06:22:38.980Z","dependency_job_id":null,"html_url":"https://github.com/ctxswitch/shutter","commit_stats":null,"previous_names":["rlyon/shutter"],"tags_count":13,"template":false,"template_full_name":null,"purl":"pkg:github/ctxswitch/shutter","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ctxswitch%2Fshutter","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ctxswitch%2Fshutter/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ctxswitch%2Fshutter/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ctxswitch%2Fshutter/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ctxswitch","download_url":"https://codeload.github.com/ctxswitch/shutter/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ctxswitch%2Fshutter/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28492047,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-17T00:50:05.742Z","status":"online","status_checked_at":"2026-01-17T02:00:07.808Z","response_time":85,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-01-17T02:04:14.356Z","updated_at":"2026-01-17T02:04:14.422Z","avatar_url":"https://github.com/ctxswitch.png","language":"Ruby","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Shutter\n\n[![Build Status](https://secure.travis-ci.org/rlyon/shutter.png)](http://travis-ci.org/rlyon/shutter)\n\nShutter is a tool that gives system administrators the ability to manage \niptables firewall settings through simple lists instead of complex iptables commands, making it\neasier to define host and service firewall setting with configuration management tools. Please note:\nThis application is currently only tested with Red Hat based distributions. Ubuntu and Debian should \nwork but are not supported.\n\n## Installation\n\nInstalation is through the gem package management program. \n\n $ gem install shutter\n\n## Upgrading from older versions\n\nThe base template will sometimes change with new versions to correct errors and add features. To upgrade the base template and add any new configuration files that the new version may require, use the following command:\n\n $ shutter --upgrade\n\n## Usage\n\n#### Install the gem.\n \n $ gem install shutter\n\n#### OPTIONAL: Create the initial configuration files.\nShutter automatically creates any missing configuration files anytime it is run, but you can create them prior to \n\n $ shutter --init\n\n#### Modify the files to meet your required settings. \n\nThere are several files that you can modify:\n* **base.ipt:** The one file to rule them all. Modifying this file is optional as\nit is the template that is used to build the firewall. If you do modify the file,\njust make sure you include the appropriate placeholder directives to allow\nshutter to dynamically fill in the rules. It is possible to leave out any unwanted\nplaceholders. By default the files are will be found in the */etc/shutter.d* directory\n* **iface.dmz:** Enter any private interfaces that will be unprotected by the firewall. One per line.\n* **iface.forward:** Enter any source and destination interfaces that forwarding will occur.\n* **ip.allow:** A list of IP addresses and ranges that are allowed to access the 'private' ports\n* **ip.deny:** A list of IP addresses and ranges that are denied access to both public and private ports. \n* **ports.private:** A list of ports and protocols that are available to traffic that passes through the AllowIP chain\n* **ports.public:** A list of ports and protocols that are available publically to everyone except the 'Bastards' listed in ip.deny\n\nShutter was designed to work with the Fail2ban access monitoring/management tool. It includes a \nspecial chain called 'Jail' which is used to insert the jump rules that fail2ban uses to deny \naccess 'on-the-fly'. To work correctly, you configure fail2ban to use the Jail chain instead of \nINPUT. The dynamic rules that fail2ban has created in the jail chain remain persistant when \nshutter is 'restored' or reloaded.\n\n#### To show your firewall rules you can run:\n\n $ shutter --save\n\nThis command mimics the 'iptables-save' command which prints the rules out to the screen. \nThis does not modify the firewall settings.\n\n#### To implement the changes, use:\n\n $ shutter --restore\n\nThis command uses 'iptables-restore' under the hood to update the firewall. You can use the '--persist' option\nto make the changes permanent and survive reboots. Persist can optionally take an argument which defines the location of the\npersist file if it is in a non-standard location.\n\n\n#### To check your current firewall rules generated by 'iptables-save' against the ones shutter will generate, use:\n\n $ shutter --check\n\nThe command will return 'OK' if the rules and chains match and 'MISMATCH' if there is any variance.\n\n#### Command line options\n Usage: shutter [options]\n --init Create the initial configuration files.\n --reinit Rereate the initial configuration files.\n --upgrade Upgrade the configuration files that have changes with a new version.\n -s, --save Output the firewall to stdout. This is the default behavior.\n -r, --restore Restore the firewall through iptables-restore.\n -p, --persist [FILE] Write the firewall to the persistance file. If an argument is given, it will be used as the persistance file\n -d, --dir DIR Set the directory for configuration files. Default is /etc/shutter.d.\n --debug Turn on debugging for extra output.\n -h, --help Display help and exit.\n --version Display version and exit.\n\nMore documentation to come...\n\n\n## Contributing\n\n1. Fork it\n2. Create your feature branch (`git checkout -b my-new-feature`)\n3. Commit your changes (`git commit -am 'Added some feature'`)\n4. Push to the branch (`git push origin my-new-feature`)\n5. Create new Pull Request\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fctxswitch%2Fshutter","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fctxswitch%2Fshutter","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fctxswitch%2Fshutter/lists"}