Re: Ruby + iptables

< ^ > P N |<>|^_>< --- | ~ ...Help
------art_190782_30611698.1187948423373
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

On 8/24/07, Michael T. Richter <ttmrichter / gmail.com> wrote:
>
>  I've been poking around on Rubyforge and Sourceforge and getting nowhere
> on this.  I've even tried to see if there was a Python lib I could crib off
> of and roll my own.  No dice.
>
> What I'm looking for is a good high-level interface to iptables (as in,
> basically, an iptables DSL) that would allow someone to easily read the
> iptables configuration and write a new one.  I found a half-finished wrapper
> around libiptc with no high-level interface worth mentioning and a whole
> bunch of dead links to something called ruby-iptables (but not the actual
> library).  I've tried my hand at wrapping libiptc myself using SWIG and got
> some success, but hit the usual barrier of libiptc, being specifically
> listed as *not* intended for general API consumption (and strongly
> deprecated), not having any useful documentation worth mentioning.
>
> Right now I'm looking at the possibility of wrapping the iptables-save and
> iptables-restore tools, providing a decent OO interface to the experience,
> but if someone has already done this (and ruby-iptables looks like it was
> supposed to have) I'd rather not reinvent the wheel.
>
> So, does anybody know of any Ruby + iptables implementations already done
> or in the works beyond vague statements of intent?  And if I'm going to be
> doing this on my own, would there be anybody experienced with
> iptables/libiptc willing to collaborate on it so I don't screw it up too
> badly?
>
>   --
> *Michael T. Richter* <ttmrichter / gmail.com> (*GoogleTalk:*
> ttmrichter / gmail.com)
> *When debugging, novices insert corrective code; experts remove defective
> code. (Richard Pattis)*
>

I have written such a beast, and I use it for production, it has lots of
rough edges though and I feel that the code is overly  complicated, doc is
almost not existant, ---> not released to Rubyforge, but if you are
intersted I can mail you the software as is and it might be a good occasion
to write some basic doc, and who knows, maybe you would like to help out
with it?

Cheers
Robert




-- 
I'm an atheist and that's it. I believe there's nothing we can know except
that we should be kind to each other and do what we can for other people.
-- Katharine Hepburn

------art_190782_30611698.1187948423373--