class Spior::Iptables::Default
Private Instance Methods
all()
click to toggle source
# File lib/spior/iptables/default.rb, line 29 def all ipt "-t filter -A OUTPUT -p udp -j ACCEPT" ipt "-t filter -A OUTPUT -p icmp -j REJECT" ipt "-P INPUT ACCEPT" ipt "-P FORWARD ACCEPT" ipt "-P OUTPUT ACCEPT" end
input()
click to toggle source
# File lib/spior/iptables/default.rb, line 6 def input # SSH ipt "-A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT" # Allow loopback, rules ipt "-A INPUT -i #{@lo} -j ACCEPT" # Accept related ipt "-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT" end
output()
click to toggle source
# File lib/spior/iptables/default.rb, line 15 def output ipt "-A OUTPUT -m conntrack --ctstate INVALID -j DROP" ipt "-A OUTPUT -m state --state ESTABLISHED -j ACCEPT" # Allow SSH ipt "-A OUTPUT -p tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT" # Allow Loopback ipt "-A OUTPUT -d #{@lo_addr}/8 -o #{@lo} -j ACCEPT" # Default ipt "-A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT" end