Rex::Commands::Iptables - Iptable Management Commands
With this Module you can manage basic Iptables rules.
use Rex::Commands::Iptables;
task "firewall", sub {
iptables_clear;
open_port 22;
open_port [22, 80] => {
dev => "eth0",
};
close_port 22 => {
dev => "eth0",
};
close_port "all";
redirect_port 80 => 10080;
redirect_port 80 => {
dev => "eth0",
to => 10080,
};
default_state_rule;
default_state_rule dev => "eth0";
is_nat_gateway;
iptables t => "nat",
A => "POSTROUTING",
o => "eth0",
j => "MASQUERADE";
};
Open a port for inbound connections.
task "firewall", sub {
open_port 22;
open_port [22, 80];
open_port [22, 80] => { dev => "eth1", };
};
Close a port for inbound connections.
task "firewall", sub {
close_port 22;
close_port [22, 80];
close_port [22, 80] => { dev => "eth0", };
};
Redirect $in_port to an other local port.
task "redirects", sub {
redirect_port 80 => 10080;
redirect_port 80 => {
to => 10080,
dev => "eth0",
};
};
Write standard iptable comands.
task "firewall", sub {
iptables t => "nat", A => "POSTROUTING", o => "eth0", j => "MASQUERADE";
iptables t => "filter", i => "eth0", m => "state", state => "RELATED,ESTABLISHED", j => "ACCEPT";
iptables "flush";
iptables -F;
iptables flush => "filter";
iptables -F => "filter";
};
This function create a nat gateway for the device the default route points to.
task "make-gateway", sub {
is_nat_gateway;
};
Set the default state rules for the given device.
task "firewall", sub {
default_state_rule(dev => "eth0");
};
List all iptables rules.
task "list-iptables", sub {
print Dumper iptables_list;
};
Remove all iptables rules.
task "no-firewall", sub {
iptables_clear;
};
