class Spior::Iptables::Default

Private Instance Methods

all() click to toggle source
# File lib/spior/iptables/default.rb, line 29
def all
  ipt "-t filter -A OUTPUT -p udp -j ACCEPT"
  ipt "-t filter -A OUTPUT -p icmp -j REJECT"
  ipt "-P INPUT ACCEPT"
  ipt "-P FORWARD ACCEPT"
  ipt "-P OUTPUT ACCEPT"
end
input() click to toggle source
# File lib/spior/iptables/default.rb, line 6
def input
  # SSH
  ipt "-A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT"
  # Allow loopback, rules
  ipt "-A INPUT -i #{@lo} -j ACCEPT"
  # Accept related
  ipt "-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT"
end
output() click to toggle source
# File lib/spior/iptables/default.rb, line 15
def output
  ipt "-A OUTPUT -m conntrack --ctstate INVALID -j DROP"
  ipt "-A OUTPUT -m state --state ESTABLISHED -j ACCEPT"

  # Allow SSH
  ipt "-A OUTPUT -p tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT"

  # Allow Loopback
  ipt "-A OUTPUT -d #{@lo_addr}/8 -o #{@lo} -j ACCEPT"

  # Default
  ipt "-A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT"
end