use Rex::Commands::Iptables;

1、远程主机iptables开放情况

task "ipc", group => "all", sub {

 my $str=q(iptables -n -L);
 my $output= run $str;
 say connection->server.": $output";

};

2、rex远程批量给iptables加黑名单

task "ipb",group => "all", sub {

iptables I=>"INPUT", s => "60.173.26.35",j => "DROP";
iptables I=>"INPUT", s => "180.131.56.9",j => "DROP";


say connection->server." ip ban  success!";

 };

3、从rex从iptables中删除ip的条目

task "ipd", group => "all", sub {

 my $str=q(service iptables status|perl -lane 'print $F[0] if /180.131.56.9/');
 my $output= run $str;
             run "iptables -D INPUT $output";
 say connection->server;
};

4、iptables限制sshd端口（22）登录，仅仅开放白名单ip。

task "bansshd",group => "all", sub {

iptables A=>"INPUT", s => "192.168.1.0/24",p=>'tcp',dport=>22,j => "ACCEPT";
iptables A=>"INPUT", s => "172.16.2.88",p=>'tcp',dport=>22,j => "ACCEPT";
iptables A=>"INPUT",p=>'tcp',dport=>"22",j => "DROP";

say connection->server." sshd ban  success!";

 };