Saltstack Official FirewallD Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

pillar.example.sls 2.6KB

10 yıl önce
10 yıl önce
10 yıl önce
10 yıl önce
10 yıl önce
10 yıl önce
10 yıl önce
10 yıl önce
10 yıl önce
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109
  1. # FirewallD pillar examples:
  2. firewalld:
  3. enabled: True
  4. ipset: True
  5. default_zone: public
  6. services:
  7. sshcustom:
  8. short: sshcustom
  9. description: SSH on port 3232 and 5252. Secure Shell (SSH) is a protocol for logging into and executing commands on remote machines. It provides secure encrypted communications. If you plan on accessing your machine remotely via SSH over a firewalled interface, enable this option. You need the openssh-server package installed for this option to be useful.
  10. ports:
  11. tcp:
  12. - 3232
  13. - 5252
  14. modules:
  15. - some_module_to_load
  16. destinations:
  17. ipv4:
  18. - 224.0.0.251
  19. - 224.0.0.252
  20. ipv6:
  21. - ff02::fb
  22. - ff02::fc
  23. zabbixcustom:
  24. short: Zabbixcustom
  25. description: "zabbix custom rule"
  26. ports:
  27. tcp:
  28. - "10051"
  29. salt-minion:
  30. short: salt-minion
  31. description: "salt-minion"
  32. ports:
  33. tcp:
  34. - "8000"
  35. ipsets:
  36. fail2ban-ssh:
  37. short: fail2ban-ssh
  38. description: fail2ban-ssh ipset
  39. type: 'hash:ip'
  40. options:
  41. maxelem:
  42. - 65536
  43. timeout:
  44. - 300
  45. hashsize:
  46. - 1024
  47. entries:
  48. - 10.0.0.1
  49. zones:
  50. public:
  51. short: Public
  52. description: "For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted."
  53. services:
  54. - http
  55. - zabbixcustom
  56. - https
  57. - ssh
  58. - salt-minion
  59. rich_rules:
  60. - family: ipv4
  61. source:
  62. address: 8.8.8.8/24
  63. accept: true
  64. - family: ipv4
  65. ipset:
  66. name: fail2ban-ssh
  67. reject:
  68. type: icmp-port-unreachable
  69. ports:
  70. {% if grains['id'] == 'salt.example.com' %}
  71. - comment: salt-master
  72. port: 4505
  73. protocol: tcp
  74. - comment: salt-python
  75. port: 4506
  76. protocol: tcp
  77. {% endif %}
  78. - comment: zabbix-agent
  79. port: 10050
  80. protocol: tcp
  81. - comment: bacula-client
  82. port: 9102
  83. protocol: tcp
  84. - comment: vsftpd
  85. port: 21
  86. protocol: tcp
  87. direct:
  88. chain:
  89. MYCHAIN:
  90. ipv: ipv4
  91. table: raw
  92. rule:
  93. INTERNETACCESS:
  94. ipv: ipv4
  95. table: filter
  96. chain: FORWARD
  97. priority: "0"
  98. args: "-i iintern -o iextern -s 192.168.1.0/24 -m conntrack --ctstate NEW,RELATED,ESTABLISHED -j ACCEPT"
  99. passthrough:
  100. MYPASSTHROUGH:
  101. ipv: ipv4
  102. args: "-t raw -A MYCHAIN -j DROP"