You are not logged in.

#1 2012-12-27 22:18:35

Xyne
Moderator/TU
Registered: 2008-08-03
Posts: 5,644
Website

idemptables: idempotent wrapper for iptables

Project page: http://xyne.archlinux.ca/projects/idemptables/

idemptables is a simple wrapper around iptables that ensures two things: when you append a rule, there will be no duplicates, and when you delete a rule, it will really be deleted.

For example, it will prevent things like this when trying to open torrent ports (this is taken from another thread):

    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:51413
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:51413
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:51413

Even if you somehow ended up with duplicates, idemptables will ensure that all of them are removed when you delete the rule.


Although it may be a useful handholder for manual configuration in some cases, it is mainly intended for automation. For example, it is useful for creating systemd services that open up ports.

Offline

#2 2012-12-27 23:12:34

fukawi2
Forum Moderator
From: .vic.au
Registered: 2007-09-28
Posts: 5,275
Website

Re: idemptables: idempotent wrapper for iptables

Xyne wrote:

For example, it is useful for creating systemd services that open up ports.

I'll go stabby on anyone who opens holes in my firewall through a service yikes

Looks good though smile

Offline

#3 2012-12-27 23:27:09

Xyne
Moderator/TU
Registered: 2008-08-03
Posts: 5,644
Website

Re: idemptables: idempotent wrapper for iptables

fukawi2 wrote:

I'll go stabby on anyone who opens holes in my firewall through a service yikes

Well, the Pacserve package includes a service to manage ports, but you need to explicitly enable it, so can you just stab me a little and not in any vital organs?

Incidentally, I read that as "I'll go shabby on anyone..." at first and had a few fun seconds trying to make sense of it... was wondering if you were going to show up at someone's house in dirty clothes and in need of a shave and shower, then sit on their couch eating cheetos and dropping crumbs everywhere.

Offline

#4 2012-12-28 00:21:54

ewaller
Administrator
From: Pasadena, CA
Registered: 2009-07-13
Posts: 12,700

Re: idemptables: idempotent wrapper for iptables

fukawi2 wrote:

I'll go stabby on anyone who opens holes in my firewall through a service yikes

As a native speaker of American "English", "Stabby" is not known to me.

Some of the definitions are a bit, um, er, unsettling....

hmm


Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Like you, I have no idea what you are doing, but I am pretty sure it is wrong...Jasonwryan
----
How to Ask Questions the Smart Way

Offline

#5 2012-12-28 00:35:23

Xyne
Moderator/TU
Registered: 2008-08-03
Posts: 5,644
Website

Re: idemptables: idempotent wrapper for iptables

@ewaller
It's fair if you think about it... if you poke holes in my firewall, I poke holes in you.

I suspect that there's a "in Soviet Russia" joke in there somewhere.

Offline

#6 2012-12-28 01:38:43

Allan
Developer
From: Brisbane, AU
Registered: 2007-06-09
Posts: 10,395
Website

Re: idemptables: idempotent wrapper for iptables

ewaller wrote:
fukawi2 wrote:

I'll go stabby on anyone who opens holes in my firewall through a service yikes

As a native speaker of American "English", "Stabby" is not known to me.

Some of the definitions are a bit, um, er, unsettling....

hmm

It is definition #5...   tongue

Offline

#7 2012-12-28 02:13:40

ewaller
Administrator
From: Pasadena, CA
Registered: 2009-07-13
Posts: 12,700

Re: idemptables: idempotent wrapper for iptables

Allan wrote:

It is definition #5...   tongue

big_smile


Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Like you, I have no idea what you are doing, but I am pretty sure it is wrong...Jasonwryan
----
How to Ask Questions the Smart Way

Offline

#8 2012-12-28 03:56:30

Xyne
Moderator/TU
Registered: 2008-08-03
Posts: 5,644
Website

Re: idemptables: idempotent wrapper for iptables

ewaller wrote:
Allan wrote:

It is definition #5...   tongue

big_smile

Ok, that changes everything.

*quickly steps away from fukawi2*


Btw, ever notice that
mod + TU + dev = thread derailed in record time tongue


(this is where I should probably insist on getting back on topic before the thread gets locked)

*cough*
So, any comments on the script?

Offline

#9 2012-12-28 04:01:02

WonderWoofy
Member
From: Los Gatos, CA
Registered: 2012-05-19
Posts: 8,412

Re: idemptables: idempotent wrapper for iptables

I read through this thread and though... what?  Then I went and read defenition #5.  F*cking hilarious!

Offline

#10 2012-12-28 04:08:17

Xyne
Moderator/TU
Registered: 2008-08-03
Posts: 5,644
Website

Re: idemptables: idempotent wrapper for iptables

Xyne wrote:

(this is where I should probably insist on getting back on topic before the thread gets locked)

*cough*
So, any comments on the script?

WonderWoofy wrote:

I read through this thread and though... what?  Then I went and read defenition #5.  F*cking hilarious!

Bad dog!

*throws WonderWoofy to fukawi2*

Offline

#11 2012-12-30 06:22:53

fukawi2
Forum Moderator
From: .vic.au
Registered: 2007-09-28
Posts: 5,275
Website

Re: idemptables: idempotent wrapper for iptables

#5 is for when you DON'T poke holes in my firewall tongue


Xyne wrote:

Well, the Pacserve package includes a service to manage ports, but you need to explicitly enable it, so can you just stab me a little and not in any vital organs?

Unless there's a big warning, that would make me stabby. I don't use it, so doesn't really matter to me though. (nothing personal, I just have unmetered mirror and fast from my ISP so that's good enough for me)
I can understand why you've done it though.

Xyne wrote:

Incidentally, I read that as "I'll go shabby on anyone..." at first and had a few fun seconds trying to make sense of it... was wondering if you were going to show up at someone's house in dirty clothes and in need of a shave and shower, then sit on their couch eating cheetos and dropping crumbs everywhere.

I could do that too. Got bacon?

Offline

Board footer

Powered by FluxBB