I've been crashing around on the netfilter/iptables home page as well as beseeching The Google, but no luck so far.
I have a Rails application which needs to control packet filtering for its Linux host. It could do this by just dumping rules into /etc/sysconfig/iptables and bouncing the iptables startup script, of course. But it would be sweeter if it could just seamlessly make the calls via an API.
The app's requirements are actually very very simple; it only needs to add and delete ACCEPT rules for a given source IP address to a given TCP port on the server, to control access to that service.
I found references to a ruby-iptables project, but that apparently went moribund some years ago.
If I have to resort to raw getsocketopt() calls and the like, I'll just do the text-file-and-restart approach, which will offend my Slickness Sensor but make my customer smile, because he likes working software better than really elegant software that will work Very Soon Now.
If you search for "ruby netfilter" there's more to be found. NetFilter (http://netfilter.org/) is the underlying framework behind iptables.
http://rubyipq.rubyforge.org/ (traffic shaping) https://github.com/johnl/netfilter.rb (DSL) http://rubyforge.org/projects/iptcext/ (IPTC library interface)
The last is most like what you want, but while there's code, there doesn't seem to be a real release.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With