https://github.com/rubyonworld/netfilter-rb
netfilter.rb is a Ruby Library/DSL for writing Linux Netfilter/iptables firewall rules.
https://github.com/rubyonworld/netfilter-rb
dsl firewall linux netfilter ruby
Last synced: about 1 month ago
JSON representation
netfilter.rb is a Ruby Library/DSL for writing Linux Netfilter/iptables firewall rules.
- Host: GitHub
- URL: https://github.com/rubyonworld/netfilter-rb
- Owner: RubyOnWorld
- License: gpl-3.0
- Created: 2022-09-23T02:44:40.000Z (over 3 years ago)
- Default Branch: master
- Last Pushed: 2022-09-23T02:44:54.000Z (over 3 years ago)
- Last Synced: 2025-05-19T20:32:45.222Z (about 1 year ago)
- Topics: dsl, firewall, linux, netfilter, ruby
- Language: Ruby
- Homepage:
- Size: 24.4 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.rdoc
- License: LICENSE
Awesome Lists containing this project
README
= Netfilter.rb
netfilter.rb is a Ruby Library/DSL for writing Linux
Netfilter/iptables firewall rules.
It's currently in alpha status - a proof of concept that I'm writing
rspecs for to start developing (and using) it properly.
= Example use
require 'lib/netfilter.rb'
include Netfilter
include Netfilter::Protocols
filter.input.policy = :drop
filter.input.accept :in => :lo
filter.input.accept :state => :established
filter.input.accept :dport => udp(500,4500)
filter.input.accept :protocol => [:esp, 4, :ah]
trusted = filter.new_chain("trusted")
open("trusted-ips.txt").readlines.each do |ip|
trusted.accept :src => ip
end
filter.input.jump :dport => tcp(22, 25, 110, 6667..6669), :chain => trusted
filter.input.with_scope :src => '66.77.88.99' do
accept :dport => tcp(80)
log :prefix => 'audited: '
reject
end
filter.input.drop :dport => [tcp(139,445), udp(135..137)]
filter.input.log :prefix => 'INPUT: ', :limit => '3/s', :burst => 6
render_netfilter
= More Info
Author:: John Leach (mailto:john@johnleach.co.uk)
Copyright:: Copyright (c) 2010 John Leach
License:: GPL 3.0
Github:: http://github.com/johnl/netfilter.rb/tree/master