1Rex::Commands::IptablesU(s3e)r Contributed Perl DocumentaRteixo:n:Commands::Iptables(3)
2
3
4

NAME

6       Rex::Commands::Iptables - Iptable Management Commands
7

DESCRIPTION

9       With this Module you can manage basic Iptables rules.
10
11       Version <= 1.0: All these functions will not be reported.
12
13       Only open_port and close_port are idempotent.
14

SYNOPSIS

16        use Rex::Commands::Iptables;
17
18        task "firewall", sub {
19          iptables_clear;
20
21          open_port 22;
22          open_port [22, 80] => {
23            dev => "eth0",
24          };
25
26          close_port 22 => {
27            dev => "eth0",
28          };
29          close_port "all";
30
31          redirect_port 80 => 10080;
32          redirect_port 80 => {
33            dev => "eth0",
34            to  => 10080,
35          };
36
37          default_state_rule;
38          default_state_rule dev => "eth0";
39
40          is_nat_gateway;
41
42          iptables t => "nat",
43                A => "POSTROUTING",
44                o => "eth0",
45                j => "MASQUERADE";
46
47          # The 'iptables' function also accepts long options,
48          # however, options with dashes need to be quoted
49          iptables table => "nat",
50                accept          => "POSTROUTING",
51                "out-interface" => "eth0",
52                jump            => "MASQUERADE";
53
54          # Version of IP can be specified in the first argument
55          # of any function: -4 or -6 (defaults to -4)
56          iptables_clear -6;
57
58          open_port -6, [22, 80];
59          close_port -6, "all";
60          redirect_port -6, 80 => 10080;
61          default_state_rule -6;
62
63          iptables -6, "flush";
64          iptables -6,
65                t     => "filter",
66                A     => "INPUT",
67                i     => "eth0",
68                m     => "state",
69                state => "RELATED,ESTABLISHED",
70                j     => "ACCEPT";
71        };
72

EXPORTED FUNCTIONS

74   open_port($port, $option)
75       Open a port for inbound connections.
76
77        task "firewall", sub {
78          open_port 22;
79          open_port [22, 80];
80          open_port [22, 80],
81            dev => "eth1";
82        };
83
84        task "firewall", sub {
85         open_port 22,
86           dev    => "eth1",
87           only_if => "test -f /etc/firewall.managed";
88       } ;
89
90   close_port($port, $option)
91       Close a port for inbound connections.
92
93        task "firewall", sub {
94          close_port 22;
95          close_port [22, 80];
96          close_port [22, 80],
97            dev    => "eth0",
98            only_if => "test -f /etc/firewall.managed";
99        };
100
101   redirect_port($in_port, $option)
102       Redirect $in_port to another local port.
103
104        task "redirects", sub {
105          redirect_port 80 => 10080;
106          redirect_port 80 => {
107            to  => 10080,
108            dev => "eth0",
109          };
110        };
111
112   iptables(@params)
113       Write standard iptable comands.
114
115       Note that there is a short form for the iptables "--flush" option; when
116       you pass the option of "-F|"flush"" as the only argument, the command
117       "iptables -F" is run on the connected host.  With the two argument form
118       of "flush" shown in the examples below, the second argument is table
119       you want to flush.
120
121        task "firewall", sub {
122          iptables t => "nat", A => "POSTROUTING", o => "eth0", j => "MASQUERADE";
123          iptables t => "filter", i => "eth0", m => "state", state => "RELATED,ESTABLISHED", j => "ACCEPT";
124
125          # automatically flushes all tables; equivalent to 'iptables -F'
126          iptables "flush";
127          iptables -F;
128
129          # flush only the "filter" table
130          iptables flush => "filter";
131          iptables -F => "filter";
132        };
133
134        # Note: options with dashes "-" need to be quoted to escape them from Perl
135        task "long_form_firewall", sub {
136          iptables table => "nat",
137               append          => "POSTROUTING",
138               "out-interface" => "eth0",
139               jump            => "MASQUERADE";
140          iptables table => "filter",
141               "in-interface" => "eth0",
142               match          => "state",
143               state          => "RELATED,ESTABLISHED",
144               jump           => "ACCEPT";
145        };
146
147   is_nat_gateway
148       This function creates a NAT gateway for the device the default route
149       points to.
150
151        task "make-gateway", sub {
152          is_nat_gateway;
153          is_nat_gateway -6;
154        };
155
156   default_state_rule(%option)
157       Set the default state rules for the given device.
158
159        task "firewall", sub {
160          default_state_rule(dev => "eth0");
161        };
162
163   iptables_list
164       List all iptables rules.
165
166        task "list-iptables", sub {
167          print Dumper iptables_list;
168          print Dumper iptables_list -6;
169        };
170
171   iptables_clear
172       Remove all iptables rules.
173
174        task "no-firewall", sub {
175          iptables_clear;
176        };
177
178
179
180perl v5.28.1                      2017-03-01        Rex::Commands::Iptables(3)
Impressum