Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
Rex::Commands::IptableUser Contributed Perl DocumentRex::Commands::Iptables(3)

NAME
       Rex::Commands::Iptables - Iptable Management Commands

DESCRIPTION
       With this Module	you can	manage basic Iptables rules.

       Version <= 1.0: All these functions will	not be reported.

       Only open_port and close_port are idempotent.

SYNOPSIS
	use Rex::Commands::Iptables;

	task "firewall", sub {
	  iptables_clear;

	  open_port 22;
	  open_port [22, 80] =>	{
	    dev	=> "eth0",
	  };

	  close_port 22	=> {
	    dev	=> "eth0",
	  };
	  close_port "all";

	  redirect_port	80 => 10080;
	  redirect_port	80 => {
	    dev	=> "eth0",
	    to	=> 10080,
	  };

	  default_state_rule;
	  default_state_rule dev => "eth0";

	  is_nat_gateway;

	  iptables t =>	"nat",
		A => "POSTROUTING",
		o => "eth0",
		j => "MASQUERADE";

	  # The	'iptables' function also accepts long options,
	  # however, options with dashes need to be quoted
	  iptables table => "nat",
		accept		=> "POSTROUTING",
		"out-interface"	=> "eth0",
		jump		=> "MASQUERADE";

	  # Version of IP can be specified in the first	argument
	  # of any function: -4	or -6 (defaults	to -4)
	  iptables_clear -6;

	  open_port -6,	[22, 80];
	  close_port -6, "all";
	  redirect_port	-6, 80 => 10080;
	  default_state_rule -6;

	  iptables -6, "flush";
	  iptables -6,
		t     => "filter",
		A     => "INPUT",
		i     => "eth0",
		m     => "state",
		state => "RELATED,ESTABLISHED",
		j     => "ACCEPT";
	};

EXPORTED FUNCTIONS
   open_port($port, $option)
       Open a port for inbound connections.

	task "firewall", sub {
	  open_port 22;
	  open_port [22, 80];
	  open_port [22, 80],
	    dev	=> "eth1";
	};

	task "firewall", sub {
	 open_port 22,
	   dev	  => "eth1",
	   only_if => "test -f /etc/firewall.managed";
       } ;

   close_port($port, $option)
       Close a port for	inbound	connections.

	task "firewall", sub {
	  close_port 22;
	  close_port [22, 80];
	  close_port [22, 80],
	    dev	   => "eth0",
	    only_if => "test -f	/etc/firewall.managed";
	};

   redirect_port($in_port, $option)
       Redirect	$in_port to another local port.

	task "redirects", sub {
	  redirect_port	80 => 10080;
	  redirect_port	80 => {
	    to	=> 10080,
	    dev	=> "eth0",
	  };
	};

   iptables(@params)
       Write standard iptable comands.

       Note that there is a short form for the iptables	"--flush" option; when
       you pass	the option of "-F|"flush"" as the only argument, the command
       "iptables -F" is	run on the connected host.  With the two argument form
       of "flush" shown	in the examples	below, the second argument is table
       you want	to flush.

	task "firewall", sub {
	  iptables t =>	"nat", A => "POSTROUTING", o =>	"eth0",	j => "MASQUERADE";
	  iptables t =>	"filter", i => "eth0", m => "state", state => "RELATED,ESTABLISHED", j => "ACCEPT";

	  # automatically flushes all tables; equivalent to 'iptables -F'
	  iptables "flush";
	  iptables -F;

	  # flush only the "filter" table
	  iptables flush => "filter";
	  iptables -F => "filter";
	};

	# Note:	options	with dashes "-"	need to	be quoted to escape them from Perl
	task "long_form_firewall", sub {
	  iptables table => "nat",
	       append	       => "POSTROUTING",
	       "out-interface" => "eth0",
	       jump	       => "MASQUERADE";
	  iptables table => "filter",
	       "in-interface" => "eth0",
	       match	      => "state",
	       state	      => "RELATED,ESTABLISHED",
	       jump	      => "ACCEPT";
	};

   is_nat_gateway
       This function creates a NAT gateway for the device the default route
       points to.

	task "make-gateway", sub {
	  is_nat_gateway;
	  is_nat_gateway -6;
	};

   default_state_rule(%option)
       Set the default state rules for the given device.

	task "firewall", sub {
	  default_state_rule(dev => "eth0");
	};

   iptables_list
       List all	iptables rules.

	task "list-iptables", sub {
	  print	Dumper iptables_list;
	  print	Dumper iptables_list -6;
	};

   iptables_clear
       Remove all iptables rules.

	task "no-firewall", sub	{
	  iptables_clear;
	};

perl v5.24.1			  2016-07-16	    Rex::Commands::Iptables(3)

NAME | DESCRIPTION | SYNOPSIS | EXPORTED FUNCTIONS

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=Rex::Commands::Iptables&sektion=3&manpath=FreeBSD+12.0-RELEASE+and+Ports>

home | help