{"id":23479479,"url":"https://github.com/plinker-rpc/iptables","last_synced_at":"2025-09-04T00:12:01.885Z","repository":{"id":57042725,"uuid":"106497433","full_name":"plinker-rpc/iptables","owner":"plinker-rpc","description":"Control iptables for pre routing rules (port forwarding). Specifically suited for forwarding ports to internal LXC containers.","archived":false,"fork":false,"pushed_at":"2018-06-02T13:08:52.000Z","size":193,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-02-16T08:15:49.491Z","etag":null,"topics":["composer-package","iptables","php","plinker-rpc","rpc"],"latest_commit_sha":null,"homepage":"https://plinker-rpc.github.io/iptables","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/plinker-rpc.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-10-11T02:49:18.000Z","updated_at":"2023-07-27T05:48:08.000Z","dependencies_parsed_at":"2022-08-23T23:40:22.255Z","dependency_job_id":null,"html_url":"https://github.com/plinker-rpc/iptables","commit_stats":null,"previous_names":[],"tags_count":57,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/plinker-rpc%2Fiptables","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/plinker-rpc%2Fiptables/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/plinker-rpc%2Fiptables/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/plinker-rpc%2Fiptables/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/plinker-rpc","download_url":"https://codeload.github.com/plinker-rpc/iptables/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248758435,"owners_count":21156957,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["composer-package","iptables","php","plinker-rpc","rpc"],"created_at":"2024-12-24T19:29:44.770Z","updated_at":"2025-04-13T17:59:09.765Z","avatar_url":"https://github.com/plinker-rpc.png","language":"PHP","readme":"# PlinkerRPC - IPtables\n\nControl iptables for pre routing rules (port forwarding). Specifically suited for forwarding ports to internal LXC containers.\n\n## Install\n\nRequire this package with composer using the following command:\n\n``` bash\n$ composer require plinker/iptables\n```\n\nThen navigate to `./vendor/plinker/iptables/scripts` and run `bash install.sh`.\n\n\n## Client\n\nCreating a client instance is done as follows:\n\n\n \u003c?php\n require 'vendor/autoload.php';\n\n /**\n * Initialize plinker client.\n *\n * @param string $server - URL to server listener.\n * @param string $config - server secret, and/or a additional component data\n */\n $client = new \\Plinker\\Core\\Client(\n 'http://example.com/server.php',\n [\n 'secret' =\u003e 'a secret password',\n // database connection\n 'database' =\u003e [\n 'dsn' =\u003e 'sqlite:./.plinker/database.db',\n 'host' =\u003e '',\n 'name' =\u003e '',\n 'username' =\u003e '',\n 'password' =\u003e '',\n 'freeze' =\u003e false,\n 'debug' =\u003e false,\n ]\n ]\n );\n \n // or using global function\n $client = plinker_client('http://example.com/server.php', 'a secret password', [\n // database connection\n 'database' =\u003e [\n 'dsn' =\u003e 'sqlite:./.plinker/database.db',\n 'host' =\u003e '',\n 'name' =\u003e '',\n 'username' =\u003e '',\n 'password' =\u003e '',\n 'freeze' =\u003e false,\n 'debug' =\u003e false,\n ]\n ]);\n \n\n## Methods\n\nOnce setup, you call the class though its namespace to its method.\n\n\n### Setup\n\nApplies build tasks to plinker/tasks queue.\n\n| Parameter | Type | Description | Default |\n| ---------- | ------------- | ------------- | ------------- | \n| options | array | Build options | |\n\n**Call**\n\n $client-\u003eiptables-\u003esetup([\n 'build_sleep' =\u003e 5,\n 'lxd' =\u003e [\n 'bridge' =\u003e 'lxcbr0',\n 'ip' =\u003e '10.171.90.0/8'\n ],\n 'docker' =\u003e [\n 'bridge' =\u003e 'docker0',\n 'ip' =\u003e '172.17.0.0/16'\n ]\n ])\n\n**Response**\n``` text\n```\n\n### Update Package\n\nRuns composer update to update package.\n\n**Call**\n\n $client-\u003eiptables-\u003eupdate_package();\n\n**Response**\n``` text\n```\n\n### Fetch\n\nFetch currently configured forward or blocked rules from database.\n\n| Parameter | Type | Description | Default |\n| ---------- | ------------- | ------------- | ------------- | \n| placeholder | string | Query placeholder | |\n| values | array | Match values | |\n\n**Call**\n\n all - $client-\u003eiptables-\u003efetch();\n ruleById(1) - $client-\u003eiptables-\u003efetch('id = ?', [1]);\n ruleByName(1) - $client-\u003eiptables-\u003efetch('name = ?', ['guidV4-value'])\n \n**Response**\n``` text\nArray\n(\n [0] =\u003e Array\n (\n [id] =\u003e 1\n [type] =\u003e forward\n [name] =\u003e 5b1b63cd-0106-4fde-ba3f-8b252ae400a1\n [label] =\u003e Example\n [ip] =\u003e 10.100.200.2\n [port] =\u003e 2251\n [srv_type] =\u003e SSH\n [srv_port] =\u003e 22\n [enabled] =\u003e 1\n [added_date] =\u003e 2018-01-25 02:18:26\n [has_change] =\u003e 0\n [updated_date] =\u003e 2018-01-25 02:18:26\n [range] =\u003e \n [note] =\u003e \n [bantime] =\u003e \n )\n\n)\n```\n\n\n### Count\n\nFetch count of currently configured forward or blocked rules from database.\n\n| Parameter | Type | Description | Default |\n| ---------- | ------------- | ------------- | ------------- | \n| placeholder | string | Query placeholder | |\n| values | array | Match values | |\n\n**Call**\n\n all - $client-\u003eiptables-\u003ecount();\n ruleById(1) - $client-\u003eiptables-\u003ecount('id = ?', [1]);\n ruleByName(1) - $client-\u003eiptables-\u003ecount('name = ?', ['guidV4-value'])\n \n**Response**\n``` text\n1\n```\n\n### Rebuild\n\nRebuild forward or blocked rule.\n\n| Parameter | Type | Description | Default |\n| ---------- | ------------- | ------------- | ------------- | \n| placeholder | string | Query placeholder | |\n| values | array | Match values | |\n\n**Call**\n\n ruleById(1) - $client-\u003eiptables-\u003erebuild('id = ?', [1]);\n ruleByName(1) - $client-\u003eiptables-\u003erebuild('name = ?', ['guidV4-value'])\n \n**Response**\n``` text\nArray\n(\n [status] =\u003e success\n)\n```\n\n### Remove\n\nRemove forward or blocked rule.\n\n| Parameter | Type | Description | Default |\n| ---------- | ------------- | ------------- | ------------- | \n| placeholder | string | Query placeholder | |\n| values | array | Match values | |\n\n**Call**\n\n ruleById(1) - $client-\u003eiptables-\u003eremove('id = ?', [1]);\n ruleByName(1) - $client-\u003eiptables-\u003eremove('name = ?', ['guidV4-value'])\n \n**Response**\n``` text\nArray\n(\n [status] =\u003e success\n)\n```\n\n### Reset\n\nRemove all forwards and blocked rules.\n\n| Parameter | Type | Description | Default |\n| ---------- | ------------- | ------------- | ------------- | \n| purge | bool | Also remove tasks | `false` |\n\n**Call**\n\n $client-\u003eiptables-\u003ereset(); // remove just rules\n $client-\u003eiptables-\u003ereset(true); // remove rules and tasks (purge)\n \n**Response**\n``` text\nArray\n(\n [status] =\u003e success\n)\n```\n\n### Add Block\n\nAdd an IP address to blocked rules.\n\n| Parameter | Type | Description | Default |\n| ---------- | ------------- | ------------- | ------------- | \n| data | array | Rule data | |\n\n**Call**\n\n $client-\u003eiptables-\u003eaddBlock([\n 'ip' =\u003e '123.123.123.123',\n 'range' =\u003e 32,\n 'note' =\u003e 'Port scanned server',\n 'enabled' =\u003e 1\n ]);\n \n**Response**\n\n``` text\nArray\n(\n [status] =\u003e success\n [values] =\u003e Array\n (\n [id] =\u003e 3\n [type] =\u003e block\n [name] =\u003e 7bb82b0c-617d-4343-bca5-f8055a7e3087\n [label] =\u003e -\n [ip] =\u003e 123.123.123.123\n [range] =\u003e 32\n [note] =\u003e Port scanned server\n [added_date] =\u003e 2018-05-09 22:46:30\n [bantime] =\u003e 0\n [enabled] =\u003e 1\n [has_change] =\u003e 1\n )\n\n)\n```\n\n### Update Block\n\nUpdate a blocked IP address rule.\n\n| Parameter | Type | Description | Default |\n| ---------- | ------------- | ------------- | ------------- | \n| placeholder | string | Query placeholder | |\n| values | array | Match values | |\n| data | array | Updated rule data | |\n\n**Call**\n\n $client-\u003eiptables-\u003eupdateBlock('id = ?', [3], [\n 'label' =\u003e '',\n 'enabled' =\u003e 1,\n 'ip' =\u003e '212.123.123.123',\n 'range' =\u003e 32,\n 'note' =\u003e 'FooBar',\n 'bantime' =\u003e 0\n ]);\n \n**Response**\n\n``` text\nArray\n(\n [status] =\u003e success\n [values] =\u003e Array\n (\n [id] =\u003e 3\n [type] =\u003e block\n [name] =\u003e 7bb82b0c-617d-4343-bca5-f8055a7e3087\n [label] =\u003e \n [ip] =\u003e 212.123.123.123\n [port] =\u003e \n [srv_type] =\u003e \n [srv_port] =\u003e \n [enabled] =\u003e 1\n [added_date] =\u003e 2018-05-09 22:46:30\n [has_change] =\u003e 1\n [updated_date] =\u003e 2018-05-09 22:54:15\n [range] =\u003e 32\n [note] =\u003e FooBar\n [bantime] =\u003e 0\n )\n\n)\n```\n\n### Status\n\nEnumarate and return status of used and available ports.\n\n**Call**\n\n $client-\u003eiptables-\u003estatus();\n \n**Response**\n\n``` text\nArray\n(\n [blocked_rules] =\u003e 1\n [forward_rules] =\u003e 0\n [total] =\u003e 400\n [available] =\u003e 400\n)\n```\n\n### Raw\n\nFetch raw iptables, equivalent to `iptables-save`.\n\n**Call**\n\n $client-\u003eiptables-\u003eraw();\n \n**Response**\n\n``` text\n# Generated on Thu Jan 25 12:34:56 2018\n*mangle\n:PREROUTING ACCEPT [0:0]\n:INPUT ACCEPT [0:0]\n:FORWARD ACCEPT [0:0]\n:OUTPUT ACCEPT [0:0]\n:POSTROUTING ACCEPT [0:0]\n-A POSTROUTING -o lxcbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill\nCOMMIT\n*nat\n:PREROUTING ACCEPT [0:0]\n:INPUT ACCEPT [0:0]\n:OUTPUT ACCEPT [0:0]\n:POSTROUTING ACCEPT [0:0]\n:DOCKER - [0:0]\n-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER\n-A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER\n-A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE\n-A PREROUTING -p tcp -m tcp --dport 2251 -j DNAT --to-destination 10.158.250.6:22\n-A PREROUTING -p udp -m udp --dport 2251 -j DNAT --to-destination 10.158.250.6:22\n-A POSTROUTING -s 10.158.250.0/8 ! -d 10.158.250.0/8 -j MASQUERADE\n-A DOCKER -i lxcbr0 -j RETURN\nCOMMIT\n*filter\n:INPUT ACCEPT [0:0]\n:FORWARD ACCEPT [0:0]\n:OUTPUT ACCEPT [0:0]\n:fail2ban-ssh - [0:0]\n:DOCKER - [0:0]\n:DOCKER-ISOLATION - [0:0]\n:DOCKER-USER - [0:0]\n-A INPUT -p tcp -m multiport --dports 2020 -j fail2ban-ssh\n-A INPUT -p tcp -m multiport --dports 22 -j fail2ban-ssh\n-A INPUT -p tcp -m multiport --dports 2200:2299 -j fail2ban-ssh\n-A INPUT -i lxcbr0 -p tcp -m tcp --dport 53 -j ACCEPT\n-A INPUT -i lxcbr0 -p udp -m udp --dport 53 -j ACCEPT\n-A INPUT -i lxcbr0 -p tcp -m tcp --dport 67 -j ACCEPT\n-A INPUT -i lxcbr0 -p udp -m udp --dport 67 -j ACCEPT\n-A INPUT -i lo -j ACCEPT\n-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT\n-A INPUT -m conntrack --ctstate INVALID -j DROP\n-A INPUT -p tcp -m tcp --dport 80 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT\n-A INPUT -p tcp -m tcp --dport 443 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT\n-A INPUT -p tcp -m tcp --dport 8443 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT\n-A FORWARD -j DOCKER-USER\n-A FORWARD -j DOCKER-ISOLATION\n-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT\n-A FORWARD -o docker0 -j DOCKER\n-A FORWARD -i docker0 ! -o docker0 -j ACCEPT\n-A FORWARD -i docker0 -o docker0 -j ACCEPT\n-A FORWARD -o lxcbr0 -j ACCEPT\n-A FORWARD -i lxcbr0 -j ACCEPT\n-A OUTPUT -o lo -j ACCEPT\n-A OUTPUT -p tcp -m tcp --sport 80 -m conntrack --ctstate ESTABLISHED -j ACCEPT\n-A OUTPUT -p tcp -m tcp --sport 443 -m conntrack --ctstate ESTABLISHED -j ACCEPT\n-A OUTPUT -p tcp -m tcp --sport 8443 -m conntrack --ctstate ESTABLISHED -j ACCEPT\n-A OUTPUT -o lxcbr0 -p tcp -m tcp --sport 53 -j ACCEPT\n-A OUTPUT -o lxcbr0 -p udp -m udp --sport 53 -j ACCEPT\n-A OUTPUT -o lxcbr0 -p udp -m udp --sport 67 -j ACCEPT\n-A DOCKER-ISOLATION -j RETURN\n-A DOCKER-USER -j RETURN\n-A INPUT -s 212.123.123.123/32 -j REJECT\n-A fail2ban-ssh -j RETURN\nCOMMIT\n# Completed on Thu Jan 25 12:34:56 2018\n```\n\n### Available Ports\n\nFetch available ports within a range type.\n\n| Parameter | Type | Description | Default |\n| ---------- | ------------- | ------------- | ------------- | \n| type | string | Port range type | `all` |\n\nThe following port ranges (400 ports) are externally available for forwarding.\n\n| Type | Range | Description |\n| ---------- | ------------- | ------------- |\n| all | 2200 - 8099 | Returns all available ports |\n| ssh | 2200 - 2299 | Returns available ssh ports |\n| http | 8000 - 8099 | Returns available http ports |\n| mysql | 3300 - 3399 | Returns available mysql ports |\n| shellinabox | 4200 - 4299 | Returns available shellinabox ports |\n\n\n**Call**\n\n $client-\u003eiptables-\u003eavailablePorts('http');\n \n**Response**\n\n``` text\nArray\n(\n [0] =\u003e 8000\n [1] =\u003e 8001\n [2] =\u003e 8002\n [3] =\u003e 8003\n [4] =\u003e 8004\n [5] =\u003e 8005\n [6] =\u003e 8006\n [7] =\u003e 8007\n [8] =\u003e 8008\n [9] =\u003e 8009\n [10] =\u003e 8010\n ... snip\n [99] =\u003e 8099\n)\n```\n\n### Check Port In Use\n\nCheck if a port is already in use by a rule.\n\n| Parameter | Type | Description | Default |\n| ---------- | ------------- | ------------- | ------------- | \n| port | int | Port to check | `0` |\n\n\n**Call**\n\n $client-\u003eiptables-\u003echeckPortInUse(8000);\n \n**Response**\n\n``` text\nboolean\n```\n\n\n### Check Allowed Port\n\nCheck if a port is in allowed ranges.\n\n| Parameter | Type | Description | Default |\n| ---------- | ------------- | ------------- | ------------- | \n| port | int | Port to check | `0` |\n\n\n**Call**\n\n $client-\u003eiptables-\u003echeckAllowedPort(12345);\n \n**Response**\n\n``` text\nboolean - false in the above case\n```\n\n### Add Forward\n\nAdd new port forward rule.\n\n| Parameter | Type | Description | Default |\n| ---------- | ------------- | ------------- | ------------- | \n| data | array | Rule data | |\n\n**Call**\n\n $client-\u003eiptables-\u003eaddForward([\n 'label' =\u003e 'Example',\n 'ip' =\u003e '10.158.250.5',\n 'port' =\u003e 2252,\n 'srv_type' =\u003e 'SSH',\n 'srv_port' =\u003e 22,\n 'enabled' =\u003e 1\n ]);\n \n**Response**\n\n``` text\nArray\n(\n [status] =\u003e success\n [values] =\u003e Array\n (\n [id] =\u003e 5\n [type] =\u003e forward\n [name] =\u003e d82025df-fc3f-4a2e-bbbd-dde6fddab4cb\n [label] =\u003e Example\n [ip] =\u003e 10.158.250.5\n [port] =\u003e 2252\n [srv_type] =\u003e ssh\n [srv_port] =\u003e 22\n [enabled] =\u003e 1\n [added_date] =\u003e 2018-05-10 01:01:46\n [has_change] =\u003e 1\n )\n\n)\n```\n\n### Update Forward\n\nUpdate port forward rule.\n\n| Parameter | Type | Description | Default |\n| ---------- | ------------- | ------------- | ------------- | \n| placeholder | string | Query placeholder | |\n| values | array | Match values | |\n| data | array | Updated rule data | |\n\n**Call**\n\n $client-\u003eiptables-\u003eupdateForward('id = ?', [4], [\n 'name' =\u003e '8610e47a-cf06-4806-964b-c5a3642954bb', // always use, to bypass port in use check\n 'label' =\u003e 'Example',\n 'ip' =\u003e '10.158.250.5',\n 'port' =\u003e 2252,\n 'srv_type' =\u003e 'SSH',\n 'srv_port' =\u003e 22,\n 'enabled' =\u003e 1\n ]);\n \n**Response**\n\n``` text\nArray\n(\n [status] =\u003e success\n [values] =\u003e Array\n (\n [id] =\u003e 4\n [type] =\u003e forward\n [name] =\u003e 8610e47a-cf06-4806-964b-c5a3642954bb\n [label] =\u003e Example\n [ip] =\u003e 10.158.250.5\n [port] =\u003e 2252\n [srv_type] =\u003e SSH\n [srv_port] =\u003e 22\n [enabled] =\u003e 1\n [added_date] =\u003e 2018-05-10 01:01:25\n [has_change] =\u003e 1\n [updated_date] =\u003e 2018-05-10 01:16:46\n [range] =\u003e \n [note] =\u003e \n [bantime] =\u003e \n )\n\n)\n```\n\n## Testing\n\nThere are no tests setup for this component.\n\n## Contributing\n\nPlease see [CONTRIBUTING](https://github.com/plinker-rpc/iptables/blob/master/CONTRIBUTING) for details.\n\n## Security\n\nIf you discover any security related issues, please contact me via [https://cherone.co.uk](https://cherone.co.uk) instead of using the issue tracker.\n\n## Credits\n\n- [Lawrence Cherone](https://github.com/lcherone)\n- [All Contributors](https://github.com/plinker-rpc/iptables/graphs/contributors)\n\n\n## Development Encouragement\n\nIf you use this project and make money from it or want to show your appreciation,\nplease feel free to make a donation [https://www.paypal.me/lcherone](https://www.paypal.me/lcherone), thanks.\n\n## Sponsors\n\nGet your company or name listed throughout the documentation and on each github repository, contact me at [https://cherone.co.uk](https://cherone.co.uk) for further details.\n\n## License\n\nThe MIT License (MIT). Please see [License File](https://github.com/plinker-rpc/iptables/blob/master/LICENSE) for more information.\n\nSee the [organisations page](https://github.com/plinker-rpc) for additional components.\n","funding_links":["https://www.paypal.me/lcherone"],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fplinker-rpc%2Fiptables","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fplinker-rpc%2Fiptables","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fplinker-rpc%2Fiptables/lists"}