Home Explore Help
Sign In
ActualizeInMaterial
/
iptables-compose
Watch 1
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki

modified mirror of https://github.com/samuelngs/iptables-compose

Branch: master
Branches Tags
iptables-com...
ZIP TAR.GZ
ActualizeInMaterial ddf8df77cb todo: iptables-restore 9 years ago
src ddf8df77cb todo: iptables-restore 9 years ago
.gitignore 1e3c9639e6 Updated git ignore file for OSX 9 years ago
Cargo.toml 7b33ce2810 Bump version to v1.1.0 9 years ago
LICENSE 6fb12c8344 Updated License, added author email address 9 years ago
README.md b020bfc502 Updated generated rules in README.md 9 years ago
c f797104ce4 set policy to drop before reset 9 years ago
e f797104ce4 set policy to drop before reset 9 years ago
example.yaml 91769a6f0f Updated the example.yaml data 9 years ago
go f797104ce4 set policy to drop before reset 9 years ago
go2 f797104ce4 set policy to drop before reset 9 years ago

README.md

iptables-compose

YAML files as iptables configuration sources

Source
filter:
  input: drop
  forward: drop
  output: accept
web:
  ports:
    - port: 80
      allow: true
      subnet:
        - "10.1.0.0/24"
        - "10.2.0.0/24"
    - port: 443
      allow: true
      subnet:
        - "10.1.0.0/24"
        - "10.2.0.0/24"
    - port: 8080
      forward: 443
openvpn:
  ports:
    - port: 1194
      protocol: udp
      allow: true
Result
$ ./iptables-compose example.yaml --reset

iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P FORWARD DROP
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -I INPUT -p udp -m udp --dport 1194 -j ACCEPT
iptables -I INPUT -s 10.1.0.0/24,10.2.0.0/24 -p tcp -m tcp --dport 80 -j ACCEPT
iptables -I INPUT -s 10.1.0.0/24,10.2.0.0/24 -p tcp -m tcp --dport 443 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp -m tcp --dport 8080 -j REDIRECT --to-port 443