├── index.js ├── package.json └── readme.txt /index.js: -------------------------------------------------------------------------------- 1 | var spawn = require('child_process').spawn; 2 | var lazy = require('lazy'); 3 | 4 | exports.allow = function (rule) { 5 | rule.target = 'ACCEPT'; 6 | if (!rule.action) rule.action = '-A'; 7 | newRule(rule); 8 | } 9 | 10 | exports.drop = function (rule) { 11 | rule.target = 'DROP'; 12 | if (!rule.action) rule.action = '-A'; 13 | newRule(rule); 14 | } 15 | 16 | exports.reject = function (rule) { 17 | rule.target = 'REJECT'; 18 | if (!rule.action) rule.action = '-A'; 19 | newRule(rule); 20 | } 21 | 22 | exports.list = function(chain, cb) { 23 | var rule = { 24 | list : true, 25 | chain : chain, 26 | action : '-L', 27 | sudo : true 28 | }; 29 | 30 | lazy(iptables(rule).stdout) 31 | .lines 32 | .map(String) 33 | .skip(2) 34 | .map(function (line) { 35 | // packets, bytes, target, pro, opt, in, out, src, dst, opts 36 | var fields = line.trim().split(/\s+/, 9); 37 | return { 38 | parsed : { 39 | packets : fields[0], 40 | bytes : fields[1], 41 | target : fields[2], 42 | protocol : fields[3], 43 | opt : fields[4], 44 | in : fields[5], 45 | out : fields[6], 46 | src : fields[7], 47 | dst : fields[8] 48 | }, 49 | raw : line.trim() 50 | }; 51 | }) 52 | .join(function (rules) { 53 | cb(rules); 54 | }) 55 | } 56 | 57 | exports.newRule = newRule; 58 | exports.deleteRule = deleteRule; 59 | 60 | function iptables (rule) { 61 | var args = iptablesArgs(rule); 62 | 63 | var cmd = 'iptables'; 64 | if (rule.sudo) { 65 | cmd = 'sudo'; 66 | args = ['iptables'].concat(args); 67 | } 68 | 69 | var proc = spawn(cmd, args); 70 | proc.stderr.on('data', function (buf) { 71 | console.error(buf.toString()); 72 | }); 73 | return proc; 74 | } 75 | 76 | function iptablesArgs (rule) { 77 | var args = []; 78 | 79 | if (!rule.chain) rule.chain = 'INPUT'; 80 | 81 | if (rule.chain) args = args.concat([rule.action, rule.chain]); 82 | if (rule.protocol) args = args.concat(["-p", rule.protocol]); 83 | if (rule.src) args = args.concat(["--src", rule.src]); 84 | if (rule.dst) args = args.concat(["--dst", rule.dst]); 85 | if (rule.sport) args = args.concat(["--sport", rule.sport]); 86 | if (rule.dport) args = args.concat(["--dport", rule.dport]); 87 | if (rule.in) args = args.concat(["-i", rule.in]); 88 | if (rule.out) args = args.concat(["-o", rule.out]); 89 | if (rule.target) args = args.concat(["-j", rule.target]); 90 | if (rule.list) args = args.concat(["-n", "-v"]); 91 | 92 | return args; 93 | } 94 | 95 | function newRule (rule) { 96 | iptables(rule); 97 | } 98 | 99 | function deleteRule (rule) { 100 | rule.action = '-D'; 101 | iptables(rule); 102 | } 103 | 104 | -------------------------------------------------------------------------------- /package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name" : "iptables", 3 | "version" : "0.0.4", 4 | "description" : "Run iptables commands from node.js", 5 | "main" : "./index.js", 6 | "repository" : { 7 | "type" : "git", 8 | "url" : "https://github.com/pkrumins/node-iptables.git" 9 | }, 10 | "keywords" : [ 11 | "iptables", 12 | "firewall", 13 | "linux" 14 | ], 15 | "author" : { 16 | "name" : "Peteris Krumins", 17 | "email" : "peteris.krumins@gmail.com", 18 | "url" : "http://www.catonmat.net", 19 | "twitter" : "http://twitter.com/pkrumins" 20 | }, 21 | "dependencies" : { 22 | "lazy" : ">= 1.0.6" 23 | }, 24 | "license" : "MIT", 25 | "engine" : { 26 | "node" : ">=0.4.0" 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /readme.txt: -------------------------------------------------------------------------------- 1 | This is a node.js module for controlling iptables. It's very basic just for 2 | what we need at http://browserling.com. 3 | 4 | It was written by Peteris Krumins (peter@catonmat.net, @pkrumins on twitter). 5 | His blog is at http://www.catonmat.net -- good coders code, great reuse. 6 | 7 | ------------------------------------------------------------------------------ 8 | 9 | Here is an example usage: 10 | 11 | var iptables = require('iptables'); 12 | 13 | iptables.allow({ 14 | protocol : tcp, 15 | src : '10.1.1.5', 16 | dport : 34567, 17 | sudo : true 18 | }); 19 | 20 | iptables.drop({ 21 | protocol : 'tcp', 22 | dport : 34567, 23 | sudo : true 24 | }); 25 | 26 | This allows connections to port 34567 from 10.1.1.5 and drops connections from 27 | the same port from everyone else. 28 | 29 | ------------------------------------------------------------------------------ 30 | 31 | Ps. I once wrote an article on iptables on my blog, check it out: 32 | 33 | http://www.catonmat.net/blog/traffic-accounting-with-iptables 34 | 35 | 36 | Sincerely, 37 | Peteris Krumins (twitter: @pkrumins) 38 | http://www.catonmat.net 39 | 40 | --------------------------------------------------------------------------------