README
¶
droplan 
About
This utility helps secure the private interface on DigitalOcean droplets by
adding iptable rules that only allow traffic from your other droplets. droplan
queries the DigitalOcean API and automatically updates iptable rules.
Installation
The latest release is available on the github release page.
You can setup a cron job to run every 5 minutes in /etc/cron.d
*/5 * * * * root PATH=/sbin DO_KEY=READONLY_KEY /usr/local/bin/droplan >/var/log/droplan.log 2>&1
Usage
DO_KEY=<read_only_api_token> /path/to/droplan
The iptables rules added by droplan are equivalent to:
-N droplan-peers # create a new chain
-A INPUT -i eth1 -j droplan-peers # add chain to private interface
-A INPUT -i eth1 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
-A INPUT -i eth1 -j DROP # add default DROP rule to private interface
-A droplan-peers -s <PEER>/32 -j ACCEPT # allow traffic from PEER ip address
Access can be limited to a subset of droplets using tags.
The DO_TAG environment variable tells droplan to only allow access to
droplets with the specified tag.
Development
Dependencies
Dependencies are vendored with govendor.
Build
A Makefile is included:
test- runs unit testsbuild- buildsdroplanon the current platformrelease- builds releasable artifacts
Documentation
¶
There is no documentation for this package.
Source Files
Click to show internal directories.
Click to hide internal directories.