Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Is there a Ruby API for manipulating packet filtering chains a la iptables?

I've been crashing around on the netfilter/iptables home page as well as beseeching The Google, but no luck so far.

I have a Rails application which needs to control packet filtering for its Linux host. It could do this by just dumping rules into /etc/sysconfig/iptables and bouncing the iptables startup script, of course. But it would be sweeter if it could just seamlessly make the calls via an API.

The app's requirements are actually very very simple; it only needs to add and delete ACCEPT rules for a given source IP address to a given TCP port on the server, to control access to that service.

I found references to a ruby-iptables project, but that apparently went moribund some years ago.

If I have to resort to raw getsocketopt() calls and the like, I'll just do the text-file-and-restart approach, which will offend my Slickness Sensor but make my customer smile, because he likes working software better than really elegant software that will work Very Soon Now.

like image 472
Rick Wayne Avatar asked Nov 15 '22 04:11

Rick Wayne


1 Answers

If you search for "ruby netfilter" there's more to be found. NetFilter (http://netfilter.org/) is the underlying framework behind iptables.

http://rubyipq.rubyforge.org/ (traffic shaping) https://github.com/johnl/netfilter.rb (DSL) http://rubyforge.org/projects/iptcext/ (IPTC library interface)

The last is most like what you want, but while there's code, there doesn't seem to be a real release.

like image 94
jwilkins Avatar answered Nov 23 '22 23:11

jwilkins