ExternalMirrors
/
iptables-formula
miroir de https://github.com/salt-formulas/salt-formula-iptables
Suivre 1
Ajouter aux favoris 0
Bifurcation 1
Code Tickets 0 Versions 6 Wiki Activité
Saltstack Official IPTables Formula
Vous ne pouvez pas sélectionner plus de 25 sujets Les noms de sujets doivent commencer par une lettre ou un nombre, peuvent contenir des tirets ('-') et peuvent comporter jusqu'à 35 caractères.
45 Révisions
2 Branches
Aborescence: 7df3a168f8
Branches Tags
${ item.name }
Créer la branche ${ searchTerm }
de '7df3a168f8'
${ noResults }
iptables-formula/iptables/_rule.sls

_rule.sls 2.5KB
Brut Vue normale Historique

Refactor to allow both explicit position and append
il y a 8 ans
Allow setting iptables by support metadata
il y a 8 ans
Refactor to allow both explicit position and append
il y a 8 ans
add the option to specify the family per rule to support ipv6 (#3) Closes: #2 * add the option to specify the family per rule to support ipv6 * include policy updates for ipv6 * update documentation to mention ipv6 * Make ipv6 optional; remove spurious tabs from the readme. * set ipv6 policies only if ipv6 is enabled on the host and not explicitly turned off for this service
il y a 7 ans
Refactor to allow both explicit position and append
il y a 8 ans
Adding comment option to iptables rule Change-Id: I9d93052cfc197a364b42240448344d5543e8805f
il y a 7 ans
Refactor to allow both explicit position and append
il y a 8 ans
new parameters allowed in pillar
il y a 7 ans
Refactor to allow both explicit position and append
il y a 8 ans
Allow using to-port option
il y a 8 ans
Refactor to allow both explicit position and append
il y a 8 ans
new parameters allowed in pillar
il y a 7 ans
Refactor to allow both explicit position and append
il y a 8 ans
Allow custom chains to be present (#12) * Allow custom chains to be present, other than the INPUT, FORWARD, OUTPUT default chains. * Adding missing endif * Require the packages to be installed first. * Test should use rules as key, not rule. * Making it a array list, instead of a dict. * convert rules to a list instead of a dict. * Only if policy is defined, include this statement. * Only ensure chains if not container :) * The chain is only ensured if we are not a container. * Do not run at all for containers.
il y a 7 ans
Refactor to allow both explicit position and append
il y a 8 ans
 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182 
  1. iptables_{{ chain_name }}_{{ rule_name }}:

  2.   {%- if rule.position is defined %}

  3.   iptables.insert:

  4.   - position: {{ rule.position }}

  5.   {%- else %}

  6.   iptables.append:

  7.   {%- if loop.index != 1 %}

  8.   - require:

  9.     - iptables: iptables_{{ chain_name }}_{% if service_name is defined %}{{ service_name }}_{% endif %}{{ loop.index - 1 }}

  10.   {%- endif %}

  11.   {%- endif %}

  12.   - table: {{ rule.get('table', 'filter') }}

  13.   - chain: {{ chain_name }}

  14.   {%- if rule.family is defined %}

  15.   - family: {{ rule.family }}

  16.   {%- endif %}

  17.   {%- if rule.jump is defined %}

  18.   - jump: {{ rule.jump }}

  19.   {%- endif %}

  20.   {%- if rule.match is defined %}

  21.   - match: {{ rule.match }}

  22.   {%- endif %}

  23.   {%- if rule.comment is defined %}

  24.   - comment: {{ rule.comment }}

  25.   {%- endif %}

  26.   {%- if rule.connection_state is defined %}

  27.   - connstate: {{ rule.connection_state }}

  28.   {%- endif %}

  29.   {%- if rule.protocol is defined %}

  30.   - proto: {{ rule.protocol }}

  31.   {%- endif %}

  32.   {%- if rule.destination_port is defined %}

  33.   - dport: {{ rule.destination_port }}

  34.   {%- endif %}

  35.   {%- if rule.destination_ports is defined %}

  36.   - dports:

  37.   {%- for port in rule.destination_ports %}

  38.     - {{ port }}

  39.   {% endfor %}

  40.   {%- endif %}

  41.   {%- if rule.source_port is defined %}

  42.   - sport: {{ rule.source_port }}

  43.   {%- endif %}

  44.   {%- if rule.in_interface is defined %}

  45.   - in-interface: {{ rule.in_interface }}

  46.   {%- endif %}

  47.   {%- if rule.out_interface is defined %}

  48.   - out-interface: {{ rule.out_interface }}

  49.   {%- endif %}

  50.   {%- if rule.to_destination is defined %}

  51.   - to-destination: {{ rule.to_destination }}

  52.   {%- endif %}

  53.   {%- if rule.to_port is defined %}

  54.   - to-port: {{ rule.to_port }}

  55.   {%- endif %}

  56.   {%- if rule.to_source is defined %}

  57.   - to-source: {{ rule.to_source }}

  58.   {%- endif %}

  59.   {%-  if rule.source_network is defined %}

  60.   - source: {{ rule.source_network }}

  61.   {%- endif %}

  62.   {%-  if rule.destination_network is defined %}

  63.   - destination: {{ rule.destination_network }}

  64.   {%- endif %}

  65.   {%-  if rule.log_prefix is defined %}

  66.   - log-prefix: '{{ rule.log_prefix }}'

  67.   {%- endif %}

  68.   {%-  if rule.log_level is defined %}

  69.   - log-level: {{ rule.log_level }}

  70.   {%- endif %}

  71.   {%-  if rule.limit is defined %}

  72.   - limit: '{{ rule.limit }}'

  73.   {%- endif %}

  74.   {%- if chain.policy is defined %}

  75.   - require_in:

  76.     - iptables: iptables_{{ chain_name }}_policy

  77.   {%- endif %}

  78.   {%- if grains.get('virtual_subtype', None) not in ['Docker', 'LXC'] %}

  79.   - require:

  80.     - iptables: iptables_{{ chain_name }}{% if rule.family is defined %}_{{ rule.family }}{% endif %}

  81.   {%- endif %}

  82.   - save: True