You are not logged in.

#1 2012-12-27 22:18:35

Xyne
Moderator/TU
Registered: 2008-08-03
Posts: 5,971
Website

idemptables: idempotent wrapper for iptables

Project page: http://xyne.archlinux.ca/projects/idemptables/

idemptables is a simple wrapper around iptables that ensures two things: when you append a rule, there will be no duplicates, and when you delete a rule, it will really be deleted.

For example, it will prevent things like this when trying to open torrent ports (this is taken from another thread):

    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:51413
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:51413
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:51413

Even if you somehow ended up with duplicates, idemptables will ensure that all of them are removed when you delete the rule.


Although it may be a useful handholder for manual configuration in some cases, it is mainly intended for automation. For example, it is useful for creating systemd services that open up ports.


My Arch Linux StuffForum PolicyCommunity Ethos - Arch is not for everyone

Offline

#2 2012-12-27 23:12:34

fukawi2
Forum Moderator
From: .vic.au
Registered: 2007-09-28
Posts: 5,343
Website

Re: idemptables: idempotent wrapper for iptables

Xyne wrote:

For example, it is useful for creating systemd services that open up ports.

I'll go stabby on anyone who opens holes in my firewall through a service yikes

Looks good though smile

Offline

#3 2012-12-27 23:27:09

Xyne
Moderator/TU
Registered: 2008-08-03
Posts: 5,971
Website

Re: idemptables: idempotent wrapper for iptables

fukawi2 wrote:

I'll go stabby on anyone who opens holes in my firewall through a service yikes

Well, the Pacserve package includes a service to manage ports, but you need to explicitly enable it, so can you just stab me a little and not in any vital organs?

Incidentally, I read that as "I'll go shabby on anyone..." at first and had a few fun seconds trying to make sense of it... was wondering if you were going to show up at someone's house in dirty clothes and in need of a shave and shower, then sit on their couch eating cheetos and dropping crumbs everywhere.


My Arch Linux StuffForum PolicyCommunity Ethos - Arch is not for everyone

Offline

#4 2012-12-28 00:21:54

ewaller
Administrator
From: Pasadena, CA
Registered: 2009-07-13
Posts: 14,264

Re: idemptables: idempotent wrapper for iptables

fukawi2 wrote:

I'll go stabby on anyone who opens holes in my firewall through a service yikes

As a native speaker of American "English", "Stabby" is not known to me.

Some of the definitions are a bit, um, er, unsettling....

hmm


Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
You assume people are rational and influenced by evidence.  You must not work with the public much. -- Trilby
----
How to Ask Questions the Smart Way

Offline

#5 2012-12-28 00:35:23

Xyne
Moderator/TU
Registered: 2008-08-03
Posts: 5,971
Website

Re: idemptables: idempotent wrapper for iptables

@ewaller
It's fair if you think about it... if you poke holes in my firewall, I poke holes in you.

I suspect that there's a "in Soviet Russia" joke in there somewhere.


My Arch Linux StuffForum PolicyCommunity Ethos - Arch is not for everyone

Offline

#6 2012-12-28 01:38:43

Allan
is always right
From: Brisbane, AU
Registered: 2007-06-09
Posts: 10,514
Website

Re: idemptables: idempotent wrapper for iptables

ewaller wrote:
fukawi2 wrote:

I'll go stabby on anyone who opens holes in my firewall through a service yikes

As a native speaker of American "English", "Stabby" is not known to me.

Some of the definitions are a bit, um, er, unsettling....

hmm

It is definition #5...   tongue

Offline

#7 2012-12-28 02:13:40

ewaller
Administrator
From: Pasadena, CA
Registered: 2009-07-13
Posts: 14,264

Re: idemptables: idempotent wrapper for iptables

Allan wrote:

It is definition #5...   tongue

big_smile


Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
You assume people are rational and influenced by evidence.  You must not work with the public much. -- Trilby
----
How to Ask Questions the Smart Way

Offline

#8 2012-12-28 03:56:30

Xyne
Moderator/TU
Registered: 2008-08-03
Posts: 5,971
Website

Re: idemptables: idempotent wrapper for iptables

ewaller wrote:
Allan wrote:

It is definition #5...   tongue

big_smile

Ok, that changes everything.

*quickly steps away from fukawi2*


Btw, ever notice that
mod + TU + dev = thread derailed in record time tongue


(this is where I should probably insist on getting back on topic before the thread gets locked)

*cough*
So, any comments on the script?


My Arch Linux StuffForum PolicyCommunity Ethos - Arch is not for everyone

Offline

#9 2012-12-28 04:01:02

WonderWoofy
Member
From: Los Gatos, CA
Registered: 2012-05-19
Posts: 8,412

Re: idemptables: idempotent wrapper for iptables

I read through this thread and though... what?  Then I went and read defenition #5.  F*cking hilarious!

Offline

#10 2012-12-28 04:08:17

Xyne
Moderator/TU
Registered: 2008-08-03
Posts: 5,971
Website

Re: idemptables: idempotent wrapper for iptables

Xyne wrote:

(this is where I should probably insist on getting back on topic before the thread gets locked)

*cough*
So, any comments on the script?

WonderWoofy wrote:

I read through this thread and though... what?  Then I went and read defenition #5.  F*cking hilarious!

Bad dog!

*throws WonderWoofy to fukawi2*


My Arch Linux StuffForum PolicyCommunity Ethos - Arch is not for everyone

Offline

#11 2012-12-30 06:22:53

fukawi2
Forum Moderator
From: .vic.au
Registered: 2007-09-28
Posts: 5,343
Website

Re: idemptables: idempotent wrapper for iptables

#5 is for when you DON'T poke holes in my firewall tongue


Xyne wrote:

Well, the Pacserve package includes a service to manage ports, but you need to explicitly enable it, so can you just stab me a little and not in any vital organs?

Unless there's a big warning, that would make me stabby. I don't use it, so doesn't really matter to me though. (nothing personal, I just have unmetered mirror and fast from my ISP so that's good enough for me)
I can understand why you've done it though.

Xyne wrote:

Incidentally, I read that as "I'll go shabby on anyone..." at first and had a few fun seconds trying to make sense of it... was wondering if you were going to show up at someone's house in dirty clothes and in need of a shave and shower, then sit on their couch eating cheetos and dropping crumbs everywhere.

I could do that too. Got bacon?

Offline

Board footer

Powered by FluxBB