modified mirror of https://github.com/samuelngs/iptables-compose

ActualizeInMaterial ddf8df77cb todo: iptables-restore		%!s(int64=9) %!d(string=hai) anos
src	ddf8df77cb todo: iptables-restore	%!s(int64=9) %!d(string=hai) anos
.gitignore	1e3c9639e6 Updated git ignore file for OSX	%!s(int64=9) %!d(string=hai) anos
Cargo.toml	7b33ce2810 Bump version to v1.1.0	%!s(int64=9) %!d(string=hai) anos
LICENSE	6fb12c8344 Updated License, added author email address	%!s(int64=9) %!d(string=hai) anos
README.md	b020bfc502 Updated generated rules in README.md	%!s(int64=9) %!d(string=hai) anos
c	f797104ce4 set policy to drop before reset	%!s(int64=9) %!d(string=hai) anos
e	f797104ce4 set policy to drop before reset	%!s(int64=9) %!d(string=hai) anos
example.yaml	91769a6f0f Updated the example.yaml data	%!s(int64=9) %!d(string=hai) anos
go	f797104ce4 set policy to drop before reset	%!s(int64=9) %!d(string=hai) anos
go2	f797104ce4 set policy to drop before reset	%!s(int64=9) %!d(string=hai) anos

iptables-compose

YAML files as iptables configuration sources

Source

filter:
  input: drop
  forward: drop
  output: accept
web:
  ports:
    - port: 80
      allow: true
      subnet:
        - "10.1.0.0/24"
        - "10.2.0.0/24"
    - port: 443
      allow: true
      subnet:
        - "10.1.0.0/24"
        - "10.2.0.0/24"
    - port: 8080
      forward: 443
openvpn:
  ports:
    - port: 1194
      protocol: udp
      allow: true

Result

$ ./iptables-compose example.yaml --reset

iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P FORWARD DROP
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -I INPUT -p udp -m udp --dport 1194 -j ACCEPT
iptables -I INPUT -s 10.1.0.0/24,10.2.0.0/24 -p tcp -m tcp --dport 80 -j ACCEPT
iptables -I INPUT -s 10.1.0.0/24,10.2.0.0/24 -p tcp -m tcp --dport 443 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp -m tcp --dport 8080 -j REDIRECT --to-port 443

README.md

iptables-compose

Source

Result