idemptables: idempotent wrapper for iptables

Xyne · 2012-12-27 22:18:35

Project page: http://xyne.archlinux.ca/projects/idemptables/

idemptables is a simple wrapper around iptables that ensures two things: when you append a rule, there will be no duplicates, and when you delete a rule, it will really be deleted.

For example, it will prevent things like this when trying to open torrent ports (this is taken from another thread):

    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:51413
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:51413
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:51413

Even if you somehow ended up with duplicates, idemptables will ensure that all of them are removed when you delete the rule.

Although it may be a useful handholder for manual configuration in some cases, it is mainly intended for automation. For example, it is useful for creating systemd services that open up ports.

fukawi2 · 2012-12-27 23:12:34

Xyne wrote:

For example, it is useful for creating systemd services that open up ports.

I'll go stabby on anyone who opens holes in my firewall through a service

Looks good though

Xyne · 2012-12-27 23:27:09

fukawi2 wrote:

I'll go stabby on anyone who opens holes in my firewall through a service

Well, the Pacserve package includes a service to manage ports, but you need to explicitly enable it, so can you just stab me a little and not in any vital organs?

Incidentally, I read that as "I'll go shabby on anyone..." at first and had a few fun seconds trying to make sense of it... was wondering if you were going to show up at someone's house in dirty clothes and in need of a shave and shower, then sit on their couch eating cheetos and dropping crumbs everywhere.

ewaller · 2012-12-28 00:21:54

fukawi2 wrote:

I'll go stabby on anyone who opens holes in my firewall through a service

As a native speaker of American "English", "Stabby" is not known to me.

Some of the definitions are a bit, um, er, unsettling....

Xyne · 2012-12-28 00:35:23

@ewaller
It's fair if you think about it... if you poke holes in my firewall, I poke holes in you.

I suspect that there's a "in Soviet Russia" joke in there somewhere.

Allan · 2012-12-28 01:38:43

ewaller wrote:

fukawi2 wrote:
I'll go stabby on anyone who opens holes in my firewall through a service
As a native speaker of American "English", "Stabby" is not known to me.
Some of the definitions are a bit, um, er, unsettling....

It is definition #5...

ewaller · 2012-12-28 02:13:40

Allan wrote:

It is definition #5...

Xyne · 2012-12-28 03:56:30

ewaller wrote:

Allan wrote:
It is definition #5...

Ok, that changes everything.

*quickly steps away from fukawi2*

Btw, ever notice that
mod + TU + dev = thread derailed in record time

(this is where I should probably insist on getting back on topic before the thread gets locked)

*cough*
So, any comments on the script?

WonderWoofy · 2012-12-28 04:01:02

I read through this thread and though... what? Then I went and read defenition #5. F*cking hilarious!

Xyne · 2012-12-28 04:08:17

Xyne wrote:

(this is where I should probably insist on getting back on topic before the thread gets locked)
*cough*
So, any comments on the script?

WonderWoofy wrote:

I read through this thread and though... what? Then I went and read defenition #5. F*cking hilarious!

Bad dog!

*throws WonderWoofy to fukawi2*

fukawi2 · 2012-12-30 06:22:53

#5 is for when you DON'T poke holes in my firewall

Xyne wrote:

Well, the Pacserve package includes a service to manage ports, but you need to explicitly enable it, so can you just stab me a little and not in any vital organs?

Unless there's a big warning, that would make me stabby. I don't use it, so doesn't really matter to me though. (nothing personal, I just have unmetered mirror and fast from my ISP so that's good enough for me)
I can understand why you've done it though.

Xyne wrote:

Incidentally, I read that as "I'll go shabby on anyone..." at first and had a few fun seconds trying to make sense of it... was wondering if you were going to show up at someone's house in dirty clothes and in need of a shave and shower, then sit on their couch eating cheetos and dropping crumbs everywhere.

I could do that too. Got bacon?

Arch Linux

#1 2012-12-27 22:18:35

idemptables: idempotent wrapper for iptables

#2 2012-12-27 23:12:34

Re: idemptables: idempotent wrapper for iptables

#3 2012-12-27 23:27:09

Re: idemptables: idempotent wrapper for iptables

#4 2012-12-28 00:21:54

Re: idemptables: idempotent wrapper for iptables

#5 2012-12-28 00:35:23

Re: idemptables: idempotent wrapper for iptables

#6 2012-12-28 01:38:43

Re: idemptables: idempotent wrapper for iptables

#7 2012-12-28 02:13:40

Re: idemptables: idempotent wrapper for iptables

#8 2012-12-28 03:56:30

Re: idemptables: idempotent wrapper for iptables

#9 2012-12-28 04:01:02

Re: idemptables: idempotent wrapper for iptables

#10 2012-12-28 04:08:17

Re: idemptables: idempotent wrapper for iptables

#11 2012-12-30 06:22:53

Re: idemptables: idempotent wrapper for iptables

Board footer