ExternalMirrors
/
firewalld-formula
espelhamento de https://github.com/saltstack-formulas/firewalld-formula
Observar 1
Favorito 0
Fork 1
Código Issues 0 Versões 14 Wiki Atividade
Saltstack Official FirewallD Formula
Você não pode selecionar mais de 25 tópicos Os tópicos devem começar com uma letra ou um número, podem incluir traços ('-') e podem ter até 35 caracteres.
54 Commits
1 Branch
Tag: 951050008d
Branches Tags
${ item.name }
Criar branch ${ searchTerm }
de 951050008d
${ noResults }
firewalld-formula/pillar.example

pillar.example 3.1KB
Original Visão normal Histórico

add ipset support for firewalld
8 anos atrás
Initial commit.
10 anos atrás
Update pillar.example
6 anos atrás
Refactor ipset format, add backward compatibility See https://github.com/saltstack-formulas/firewalld-formula/pull/21#pullrequestreview-146958098
6 anos atrás
Update pillar.example
6 anos atrás
Initial commit.
10 anos atrás
add ipset support for firewalld
8 anos atrás
Initial commit.
10 anos atrás
add ipset support for firewalld
8 anos atrás
Initial commit.
10 anos atrás
add ipset support for firewalld
8 anos atrás
Initial commit.
10 anos atrás
add ipset support for firewalld
8 anos atrás
Initial commit.
10 anos atrás
add ipset support for firewalld
8 anos atrás
Initial commit.
10 anos atrás
add ipset support for firewalld
8 anos atrás
Initial commit.
10 anos atrás
add ipset support for firewalld
8 anos atrás
Initial commit.
10 anos atrás
add ipset support for firewalld
8 anos atrás
implement direct rules
8 anos atrás
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122 
  1. # FirewallD pillar examples:

  2. firewalld:

  3.   enabled: True

  4. 

  5.   ipset:

  6.     manage: True

  7.     pkg: ipset

  8. 

  9.   # ipset:                          # Deprecated. Support for this format will be removed in future releases

  10.   # ipsetpackag: ipset              # Deprecated. Will be removed in future releases

  11. 

  12.   backend:

  13.     manage: True

  14.     pkg: nftables

  15. 

  16.   # installbackend: True            # Deprecated. Will be removed in future releases

  17.   # backendpackage: nftables        # Deprecated. Will be removed in future releases

  18. 

  19.   default_zone: public

  20. 

  21.   services:

  22.     sshcustom:

  23.       short: sshcustom

  24.       description: SSH on port 3232 and 5252. Secure Shell (SSH) is a protocol for logging into and executing commands on remote machines. It provides secure encrypted communications. If you plan on accessing your machine remotely via SSH over a firewalled interface, enable this option. You need the openssh-server package installed for this option to be useful.

  25.       ports:

  26.         tcp:

  27.           - 3232

  28.           - 5252

  29.       modules:

  30.         - some_module_to_load

  31.       destinations:

  32.         ipv4:

  33.           - 224.0.0.251

  34.           - 224.0.0.252

  35.         ipv6:

  36.           - ff02::fb

  37.           - ff02::fc

  38. 

  39.     zabbixcustom:

  40.       short: Zabbixcustom

  41.       description: "zabbix custom rule"

  42.       ports:

  43.         tcp:

  44.           - "10051"

  45.     salt-minion:

  46.       short: salt-minion

  47.       description: "salt-minion"

  48.       ports:

  49.         tcp:

  50.           - "8000"

  51. 

  52.   ipsets:

  53.     fail2ban-ssh:

  54.       short: fail2ban-ssh

  55.       description: fail2ban-ssh ipset

  56.       type: 'hash:ip'

  57.       options:

  58.         maxelem:

  59.           - 65536

  60.         timeout:

  61.           - 300

  62.         hashsize:

  63.           - 1024

  64.       entries:

  65.         - 10.0.0.1

  66. 

  67.   zones:

  68.     public:

  69.       short: Public

  70.       description: "For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted."

  71.       services:

  72.         - http

  73.         - zabbixcustom

  74.         - https

  75.         - ssh

  76.         - salt-minion

  77.       rich_rules:

  78.         - family: ipv4

  79.           source:

  80.               address: 8.8.8.8/24

  81.           accept: true

  82.         - family: ipv4

  83.           ipset:

  84.             name: fail2ban-ssh

  85.           reject:

  86.             type: icmp-port-unreachable

  87.       ports:

  88. {% if grains['id'] == 'salt.example.com' %}

  89.         - comment: salt-master

  90.           port: 4505

  91.           protocol: tcp

  92.         - comment: salt-python

  93.           port: 4506

  94.           protocol: tcp

  95. {% endif %}

  96.         - comment: zabbix-agent

  97.           port: 10050

  98.           protocol: tcp

  99.         - comment: bacula-client

  100.           port: 9102

  101.           protocol: tcp

  102.         - comment: vsftpd

  103.           port: 21

  104.           protocol: tcp

  105. 

  106.   direct:

  107.     chain:

  108.       MYCHAIN:

  109.         ipv: ipv4

  110.         table: raw

  111.     rule:

  112.       INTERNETACCESS:

  113.         ipv: ipv4

  114.         table: filter

  115.         chain: FORWARD

  116.         priority: "0"

  117.         args: "-i iintern -o iextern -s 192.168.1.0/24 -m conntrack --ctstate NEW,RELATED,ESTABLISHED -j ACCEPT"

  118.     passthrough:

  119.       MYPASSTHROUGH:

  120.         ipv: ipv4

  121.         args: "-t raw -A MYCHAIN -j DROP"

  122.