Ruby + iptables

ruby-talk
1

I've been poking around on Rubyforge and Sourceforge and getting nowhere
on this. I've even tried to see if there was a Python lib I could crib
off of and roll my own. No dice.

What I'm looking for is a good high-level interface to iptables (as in,
basically, an iptables DSL) that would allow someone to easily read the
iptables configuration and write a new one. I found a half-finished
wrapper around libiptc with no high-level interface worth mentioning and
a whole bunch of dead links to something called ruby-iptables (but not
the actual library). I've tried my hand at wrapping libiptc myself
using SWIG and got some success, but hit the usual barrier of libiptc,
being specifically listed as not intended for general API consumption
(and strongly deprecated), not having any useful documentation worth
mentioning.

Right now I'm looking at the possibility of wrapping the iptables-save
and iptables-restore tools, providing a decent OO interface to the
experience, but if someone has already done this (and ruby-iptables
looks like it was supposed to have) I'd rather not reinvent the wheel.

So, does anybody know of any Ruby + iptables implementations already
done or in the works beyond vague statements of intent? And if I'm
going to be doing this on my own, would there be anybody experienced
with iptables/libiptc willing to collaborate on it so I don't screw it
up too badly?

···

--
Michael T. Richter <ttmrichter@gmail.com> (GoogleTalk:
ttmrichter@gmail.com)
When debugging, novices insert corrective code; experts remove defective
code. (Richard Pattis)

2

I have written such a beast, and I use it for production, it has lots of
rough edges though and I feel that the code is overly complicated, doc is
almost not existant, ---> not released to Rubyforge, but if you are
intersted I can mail you the software as is and it might be a good occasion
to write some basic doc, and who knows, maybe you would like to help out
with it?

Cheers
Robert

···

On 8/24/07, Michael T. Richter <ttmrichter@gmail.com> wrote:

I've been poking around on Rubyforge and Sourceforge and getting nowhere
on this. I've even tried to see if there was a Python lib I could crib off
of and roll my own. No dice.

What I'm looking for is a good high-level interface to iptables (as in,
basically, an iptables DSL) that would allow someone to easily read the
iptables configuration and write a new one. I found a half-finished wrapper
around libiptc with no high-level interface worth mentioning and a whole
bunch of dead links to something called ruby-iptables (but not the actual
library). I've tried my hand at wrapping libiptc myself using SWIG and got
some success, but hit the usual barrier of libiptc, being specifically
listed as *not* intended for general API consumption (and strongly
deprecated), not having any useful documentation worth mentioning.

Right now I'm looking at the possibility of wrapping the iptables-save and
iptables-restore tools, providing a decent OO interface to the experience,
but if someone has already done this (and ruby-iptables looks like it was
supposed to have) I'd rather not reinvent the wheel.

So, does anybody know of any Ruby + iptables implementations already done
or in the works beyond vague statements of intent? And if I'm going to be
doing this on my own, would there be anybody experienced with
iptables/libiptc willing to collaborate on it so I don't screw it up too
badly?

  --
*Michael T. Richter* <ttmrichter@gmail.com> (*GoogleTalk:*
ttmrichter@gmail.com)
*When debugging, novices insert corrective code; experts remove defective
code. (Richard Pattis)*

--
I'm an atheist and that's it. I believe there's nothing we can know except
that we should be kind to each other and do what we can for other people.
-- Katharine Hepburn

3

Hi,

    I am New To Ruby,Please Help me to get through Ruby Ip-tables
gem,https://github.com/kbarber/ruby-iptables,How to use in My Rails App

Thanks in Advance

···

--
Posted via http://www.ruby-forum.com/.

4

I'd be happy to look it over, document what's there and collaborate on
future expansion. Thanks.

···

On Fri, 2007-24-08 at 18:40 +0900, Robert Dober wrote:

I have written such a beast, and I use it for production, it has lots of
rough edges though and I feel that the code is overly complicated, doc is
almost not existant, ---> not released to Rubyforge, but if you are
intersted I can mail you the software as is and it might be a good occasion
to write some basic doc, and who knows, maybe you would like to help out
with it?

--
Michael T. Richter <ttmrichter@gmail.com> (GoogleTalk:
ttmrichter@gmail.com)
I'm not schooled in the science of human factors, but I suspect surprise
is not an element of a robust user interface. (Chip Rosenthal)

5

Hey!

I have written such a beast, and I use it for production, it has lots of
rough edges though and I feel that the code is overly complicated, doc is
almost not existant, ---> not released to Rubyforge, but if you are
intersted I can mail you the software as is and it might be a good occasion
to write some basic doc, and who knows, maybe you would like to help out
with it?

Do you think I might be able to catch a glimpse of your beast here? I'm hoping to write a nice iptables DSL, if Michael doesn't have one out.

I'll send you a copy of my final product, too!

Thanks,
Ari
-------------------------------------------|
Nietzsche is my copilot

···

On Aug 24, 2007, at 5:40 AM, Robert Dober wrote:

6

Hello Sashi,

Please tell us what do you want to achieve in your rails application and we can go on from there. You might not need the iptables-gem at all.

Try to be as descriptive as possible :slight_smile:

···

On 22 Ιαν 2014, at 11:39 , Shashi Kiran <lists@ruby-forum.com> wrote:

Hi,

   I am New To Ruby,Please Help me to get through Ruby Ip-tables
gem,https://github.com/kbarber/ruby-iptables,How to use in My Rails App

Thanks in Advance

--
Posted via http://www.ruby-forum.com/\.

Panagiotis (atmosx) Atmatzidis

email: atma@convalesco.org
URL: http://www.convalesco.org
GnuPG ID: 0x1A7BFEC5
gpg --keyserver pgp.mit.edu --recv-keys 1A7BFEC5
--
The wise man said: "Never argue with an idiot. They bring you down to their level and beat you with experience."

7

Hi Panagiotis,

               I wanna a write a set of Rules for Iptables that should

create a Script through Rails application So that i can use that script
and

use it in my server

For example, the first thing that comes to mind is I think it would make

sense to create our own iptables generator so that we can customize the

firewall without relying on the individual knowledge of the

engineer.

I am trying with Ruby Iptable-Gem tool

···

--
Posted via http://www.ruby-forum.com/.

8

Hello Kashi,

Hi Panagiotis,

             I wanna a write a set of Rules for Iptables that should

create a Script through Rails application So that i can use that script
and

use it in my server

For example, the first thing that comes to mind is I think it would make

sense to create our own iptables generator so that we can customize the

firewall without relying on the individual knowledge of the

engineer.

I am trying with Ruby Iptable-Gem tool

System administration, computer security and programming are considered different fields due to their complexity.

What I don't understand is what kind of ruleset would you like a default rails server to have, apart from the security guide[1] (no mention of firewalls there), to be considered secure? Firewalls are operating a different layer and they can't understand malicious requests - except DOS - without a third party monitoring the logs and issuing commands.

[1] Securing Rails Applications — Ruby on Rails Guides

--
Posted via http://www.ruby-forum.com/\.

Panagiotis (atmosx) Atmatzidis

email: atma@convalesco.org
URL: http://www.convalesco.org
GnuPG ID: 0x1A7BFEC5
gpg --keyserver pgp.mit.edu --recv-keys 1A7BFEC5

···

On 23 Ιαν 2014, at 06:20 , Shashi Kiran <lists@ruby-forum.com> wrote:
--
The wise man said: "Never argue with an idiot. They bring you down to their level and beat you with experience."