├── index.js
├── package.json
└── readme.txt


/index.js:
--------------------------------------------------------------------------------
  1 | var spawn = require('child_process').spawn;
  2 | var lazy = require('lazy');
  3 | 
  4 | exports.allow = function (rule) {
  5 |     rule.target = 'ACCEPT';
  6 |     if (!rule.action) rule.action = '-A';
  7 |     newRule(rule);
  8 | }
  9 | 
 10 | exports.drop = function (rule) {
 11 |     rule.target = 'DROP';
 12 |     if (!rule.action) rule.action = '-A';
 13 |     newRule(rule);
 14 | }
 15 | 
 16 | exports.reject = function (rule) {
 17 |     rule.target = 'REJECT';
 18 |     if (!rule.action) rule.action = '-A';
 19 |     newRule(rule);
 20 | }
 21 | 
 22 | exports.list = function(chain, cb) {
 23 |     var rule = {
 24 |         list : true,
 25 |         chain : chain,
 26 |         action : '-L',
 27 |         sudo : true
 28 |     };
 29 | 
 30 |     lazy(iptables(rule).stdout)
 31 |         .lines
 32 |         .map(String)
 33 |         .skip(2)
 34 |         .map(function (line) {
 35 |             // packets, bytes, target, pro, opt, in, out, src, dst, opts
 36 |             var fields = line.trim().split(/\s+/, 9);
 37 |             return {
 38 |                 parsed : {
 39 |                     packets : fields[0],
 40 |                     bytes : fields[1],
 41 |                     target : fields[2],
 42 |                     protocol : fields[3],
 43 |                     opt : fields[4],
 44 |                     in : fields[5],
 45 |                     out : fields[6],
 46 |                     src : fields[7],
 47 |                     dst : fields[8]
 48 |                 },
 49 |                 raw : line.trim()
 50 |             };
 51 |         })
 52 |         .join(function (rules) {
 53 |             cb(rules);
 54 |         })
 55 | }
 56 | 
 57 | exports.newRule = newRule;
 58 | exports.deleteRule = deleteRule;
 59 | 
 60 | function iptables (rule) {
 61 |     var args = iptablesArgs(rule);
 62 | 
 63 |     var cmd = 'iptables';
 64 |     if (rule.sudo) {
 65 |         cmd = 'sudo';
 66 |         args = ['iptables'].concat(args);
 67 |     }
 68 | 
 69 |     var proc = spawn(cmd, args);
 70 |     proc.stderr.on('data', function (buf) {
 71 |         console.error(buf.toString());
 72 |     });
 73 |     return proc;
 74 | }
 75 | 
 76 | function iptablesArgs (rule) {
 77 |     var args = [];
 78 | 
 79 |     if (!rule.chain) rule.chain = 'INPUT';
 80 | 
 81 |     if (rule.chain) args = args.concat([rule.action, rule.chain]);
 82 |     if (rule.protocol) args = args.concat(["-p", rule.protocol]);
 83 |     if (rule.src) args = args.concat(["--src", rule.src]);
 84 |     if (rule.dst) args = args.concat(["--dst", rule.dst]);
 85 |     if (rule.sport) args = args.concat(["--sport", rule.sport]);
 86 |     if (rule.dport) args = args.concat(["--dport", rule.dport]);
 87 |     if (rule.in) args = args.concat(["-i", rule.in]);
 88 |     if (rule.out) args = args.concat(["-o", rule.out]);
 89 |     if (rule.target) args = args.concat(["-j", rule.target]);
 90 |     if (rule.list) args = args.concat(["-n", "-v"]);
 91 | 
 92 |     return args;
 93 | }
 94 | 
 95 | function newRule (rule) {
 96 |     iptables(rule);
 97 | }
 98 | 
 99 | function deleteRule (rule) {
100 |     rule.action = '-D';
101 |     iptables(rule);
102 | }
103 | 
104 | 


--------------------------------------------------------------------------------
/package.json:
--------------------------------------------------------------------------------
 1 | {
 2 |     "name" : "iptables",
 3 |     "version" : "0.0.4",
 4 |     "description" : "Run iptables commands from node.js",
 5 |     "main" : "./index.js",
 6 |     "repository" : {
 7 |         "type" : "git",
 8 |         "url" : "https://github.com/pkrumins/node-iptables.git"
 9 |     },
10 |     "keywords" : [
11 |         "iptables",
12 |         "firewall",
13 |         "linux"
14 |     ],
15 |     "author" : {
16 |         "name" : "Peteris Krumins",
17 |         "email" : "peteris.krumins@gmail.com",
18 |         "url" : "http://www.catonmat.net",
19 |         "twitter" : "http://twitter.com/pkrumins"
20 |     },
21 |     "dependencies" : {
22 |         "lazy" : ">= 1.0.6"
23 |     },
24 |     "license" : "MIT",
25 |     "engine" : {
26 |         "node" : ">=0.4.0"
27 |     }
28 | }
29 | 


--------------------------------------------------------------------------------
/readme.txt:
--------------------------------------------------------------------------------
 1 | This is a node.js module for controlling iptables. It's very basic just for
 2 | what we need at http://browserling.com.
 3 | 
 4 | It was written by Peteris Krumins (peter@catonmat.net, @pkrumins on twitter).
 5 | His blog is at http://www.catonmat.net  --  good coders code, great reuse.
 6 | 
 7 | ------------------------------------------------------------------------------
 8 | 
 9 | Here is an example usage:
10 | 
11 |     var iptables = require('iptables');
12 | 
13 |     iptables.allow({
14 |         protocol : tcp,
15 |         src : '10.1.1.5',
16 |         dport : 34567,
17 |         sudo : true
18 |     });
19 | 
20 |     iptables.drop({
21 |         protocol : 'tcp',
22 |         dport : 34567,
23 |         sudo : true
24 |     });
25 | 
26 | This allows connections to port 34567 from 10.1.1.5 and drops connections from
27 | the same port from everyone else.
28 | 
29 | ------------------------------------------------------------------------------
30 | 
31 | Ps. I once wrote an article on iptables on my blog, check it out:
32 | 
33 | http://www.catonmat.net/blog/traffic-accounting-with-iptables
34 | 
35 | 
36 | Sincerely,
37 | Peteris Krumins (twitter: @pkrumins)
38 | http://www.catonmat.net
39 | 
40 | 


--------------------------------------------------------------------------------