A nice webui for the iptables
command, written in NodeJS. Currently a work in progress.
This WebUI is not meant to be used as a general access long running web server. Instead the following flow is assumed:
- The User SSH's into a remote server with a port forward e.g:
ssh myserver.com -L 8099:localhost:8099
- The user starts the iptables web interface
iptables-webui start
- The user navigates to the address in their browser e.g:
http://localhost:8099
Pro-tip: Store the server/forwarding details in ~/.ssh/config
:
Host myserver
Hostname myserver.com
User me
LocalForward 8099:localhost:8099
It would be possible to run it as a typical web server process, but it would not be recommended as good security practice to leave IPTables so wide open. Even if there was authentication and authorization built into this app.
- Modular handling of rules (enable and disable named groups of rules)
- Raw rule editing
- Flexible Port Forwarding table
- Simple Pre-built rules (like enable/disable SSH or HTTP in/out)
- Advanced Pre-built rules (internet connection sharing, load balancing)
- Current Status of IP Tables
- View Compiled rules vs Source rules
- Help with enabling/disabling kernel network features (forwarding, masquerading)
This is an example of what a rule looks like in JSON:
- name: the name (user set)
- enabled: whether the rule is enabled (user set)
- lines: the lines that make up the rule, can be either (user set):
- an object that can be parsed by the RuleParser
- or a string of iptables arguments
- valid: determined by the result of the last test
- test_lines: the lines that made up the file used for the last test
- error: the error that occured on the last test
{
name: 'my_dumb-rule',
enabled: false,
lines: [
'# lines in the rule can be JSON or string',
'-A INPUT --dport 22 -j ACCEPT',
{chain: 'input', dport: 80, target: 'accept'}
]
valid: true,
test_lines: [
'# iptables-restore test file generated by iprules 2015-01-06 00:00',
'*filter'
'# my_dumb-rule'
'# lines in the rule can be JSON or string',
'-A INPUT --dport 22 -j ACCEPT',
'-A INPUT --dport 80 -j ACCEPT',
'#end'
],
error: ''
}
The RuleParser can handle the following arguments (examples shown):
{
chain: 'INPUT',
protocol: 'tcp', // default is TCP
sport: false, // this will be ignored during compile time
dport: 8822,
target: 'ACCEPT',
src: '192.168.3.0/24',
dst: '172.16.0.233',
in: 'eth0',
out: 'eth1',
table: 'nat', // default is filter
states: ['new'],
to_dst: '172.16.0.233:22'
}
This is the API so far, not everything is working:
GET /rules # gets all the rules
POST /rules # creates a rule
GET /rules/:pattern # gets a rule by name or glob pattern
PUT /rules/:name # updates the named rule
DELETE /rules/:name # deletes the named rule
GET /rules/:name/test # tests the named rule
GET /iptables/list # gives iptables -L output
GET /status # various statuses
I did it in NodeJS and ReactJS because:
- I don't want to learn a real language like C++
- I want to learn more about NodeJS an ReactJS
- I want to use it on an ARM and Node is faster than ruby (dammit!)
- I am a sadomasochist