Преглед на файлове
Merge pull request #7 from hoonetorg/directrules
implement direct rulestags/v0.6.2
Niels Abspoel
преди 8 години
променени са 4 файла, в които са добавени 65 реда и са изтрити 0 реда
+ 28
- 0
firewalld/direct.sls
Целия файл
| # == State: firewalld.direct | |||||
| {% from "firewalld/map.jinja" import firewalld with context %} | |||||
| # == Define: firewalld.direct | |||||
| # | |||||
| # This defines a configuration for permanent direct chains, | |||||
| # rules and passtthroughs, see firewalld.direct (5) man page. | |||||
| {%- if firewalld.get('direct', False) %} | |||||
| /etc/firewalld/direct.xml: | |||||
| file: | |||||
| - managed | |||||
| - name: /etc/firewalld/direct.xml | |||||
| - user: root | |||||
| - group: root | |||||
| - mode: "0644" | |||||
| - source: salt://firewalld/files/direct.xml | |||||
| - template: jinja | |||||
| - require: | |||||
| - pkg: package_firewalld # make sure package is installed | |||||
| - file: directory_firewalld | |||||
| - listen_in: | |||||
| - module: service_firewalld # restart service | |||||
| - context: | |||||
| direct: {{ firewalld.direct|json }} | |||||
| {%- endif %} |
+ 18
- 0
firewalld/files/direct.xml
Целия файл
| <?xml version="1.0" encoding="utf-8"?> | |||||
| <direct> | |||||
| {%- if 'chain' in direct %} | |||||
| {%- for k, v in direct.chain.items() %} | |||||
| <chain ipv="{{v.ipv}}" table="{{v.table}}" chain="{{k}}"/> | |||||
| {%- endfor %} | |||||
| {%- endif %} | |||||
| {%- if 'rule' in direct %} | |||||
| {%- for k, v in direct.rule.items() %} | |||||
| <rule priority="{{v.priority}}" table="{{v.table}}" ipv="{{v.ipv}}" chain="{{v.chain}}">{{v.args}}</rule> | |||||
| {%- endfor %} | |||||
| {%- endif %} | |||||
| {%- if 'passthrough' in direct %} | |||||
| {%- for k, v in direct.passthrough.items() %} | |||||
| <passthrough ipv="{{v.ipv}}">{{v.args}}</passthrough> | |||||
| {%- endfor %} | |||||
| {%- endif %} | |||||
| </direct> |
+ 1
- 0
firewalld/init.sls
Целия файл
| - firewalld.ipsets | - firewalld.ipsets | ||||
| - firewalld.services | - firewalld.services | ||||
| - firewalld.zones | - firewalld.zones | ||||
| - firewalld.direct | |||||
| # iptables service that comes with rhel/centos | # iptables service that comes with rhel/centos | ||||
| iptables: | iptables: |
+ 18
- 0
pillar.example.sls
Целия файл
| - comment: vsftpd | - comment: vsftpd | ||||
| port: 21 | port: 21 | ||||
| protocol: tcp | protocol: tcp | ||||
| direct: | |||||
| chain: | |||||
| MYCHAIN: | |||||
| ipv: ipv4 | |||||
| table: raw | |||||
| rule: | |||||
| INTERNETACCESS: | |||||
| ipv: ipv4 | |||||
| table: filter | |||||
| chain: FORWARD | |||||
| priority: "0" | |||||
| args: "-i iintern -o iextern -s 192.168.1.0/24 -m conntrack --ctstate NEW,RELATED,ESTABLISHED -j ACCEPT" | |||||
| passthrough: | |||||
| MYPASSTHROUGH: | |||||
| ipv: ipv4 | |||||
| args: "-t raw -A MYCHAIN -j DROP" | |||||
Loading…