Saltstack Official IPTables Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

README.rst 3.6KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148
  1. ================
  2. iptables formula
  3. ================
  4. Iptables is used to set up, maintain, and inspect the tables of IPv4 packet
  5. filter rules in the Linux kernel. Several different tables may be defined.
  6. Each table contains a number of built-in chains and may also contain
  7. user-defined chains. Each chain is a list of rules which can match a set of
  8. packets. Each rule specifies what to do with a packet that matches. This is
  9. called a `target`, which may be a jump to a user-defined chain in the same
  10. table.
  11. Sample pillars
  12. ==============
  13. Most common rules - allow traffic on localhost, accept related,established and
  14. ping
  15. .. code-block:: yaml
  16. parameters:
  17. iptables:
  18. service:
  19. enabled: True
  20. chain:
  21. INPUT:
  22. rules:
  23. - in_interface: lo
  24. jump: ACCEPT
  25. - connection_state: RELATED,ESTABLISHED
  26. match: state
  27. jump: ACCEPT
  28. - protocol: icmp
  29. jump: ACCEPT
  30. Accept connections on port 22
  31. .. code-block:: yaml
  32. parameters:
  33. iptables:
  34. service:
  35. chain:
  36. INPUT:
  37. rules:
  38. - destination_port: 22
  39. protocol: tcp
  40. jump: ACCEPT
  41. Set drop policy on INPUT chain:
  42. .. code-block:: yaml
  43. parameters:
  44. iptables:
  45. service:
  46. chain:
  47. INPUT:
  48. policy: DROP
  49. Redirect privileged port 443 to 8081
  50. .. code-block:: yaml
  51. parameters:
  52. iptables:
  53. service:
  54. chain:
  55. PREROUTING:
  56. filter: nat
  57. destination_port: 443
  58. to_port: 8081
  59. protocol: tcp
  60. jump: REDIRECT
  61. Allow access from local network
  62. .. code-block:: yaml
  63. parameters:
  64. iptables:
  65. service:
  66. chain:
  67. INPUT:
  68. rules:
  69. - protocol: tcp
  70. destination_port: 22
  71. source_network: 192.168.1.0/24
  72. jump: ACCEPT
  73. IPv6 is supported as well
  74. .. code-block:: yaml
  75. parameters:
  76. iptables:
  77. service:
  78. enabled: True
  79. ipv6: True
  80. chain:
  81. INPUT:
  82. rules:
  83. - protocol: tcp
  84. family: ipv6
  85. destination_port: 22
  86. source_network: 2001:DB8::/32
  87. jump: ACCEPT
  88. Read more
  89. =========
  90. * http://docs.saltstack.com/en/latest/ref/states/all/salt.states.iptables.html
  91. * https://help.ubuntu.com/community/IptablesHowTo
  92. * http://wiki.centos.org/HowTos/Network/IPTables
  93. Documentation and Bugs
  94. ======================
  95. To learn how to install and update salt-formulas, consult the documentation
  96. available online at:
  97. http://salt-formulas.readthedocs.io/
  98. In the unfortunate event that bugs are discovered, they should be reported to
  99. the appropriate issue tracker. Use Github issue tracker for specific salt
  100. formula:
  101. https://github.com/salt-formulas/salt-formula-iptables/issues
  102. For feature requests, bug reports or blueprints affecting entire ecosystem,
  103. use Launchpad salt-formulas project:
  104. https://launchpad.net/salt-formulas
  105. You can also join salt-formulas-users team and subscribe to mailing list:
  106. https://launchpad.net/~salt-formulas-users
  107. Developers wishing to work on the salt-formulas projects should always base
  108. their work on master branch and submit pull request against specific formula.
  109. https://github.com/salt-formulas/salt-formula-iptables
  110. Any questions or feedback is always welcome so feel free to join our IRC
  111. channel:
  112. #salt-formulas @ irc.freenode.net