ExternalMirrors
/
iptables-formula
огледало од https://github.com/salt-formulas/salt-formula-iptables
Прати 1
Волим 0
Креирај огранак 1
Код Дискусије 0 Издања 6 Вики Activity
Saltstack Official IPTables Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
41 Комити
2 Гране
Дрво: 9c7f975282
Гране Ознаке
${ item.name }
Create branch ${ searchTerm }
from '9c7f975282'
${ noResults }
iptables-formula/README.rst

README.rst 3.6KB
Датотека Normal View Историја

Initial commit
пре 9 година
Fix documentation, remove obsolete
пре 8 година
Initial commit
пре 9 година
Fix documentation, remove obsolete
пре 8 година
Initial commit
пре 9 година
Correct parameters spelling
пре 7 година
Fix documentation, remove obsolete
пре 8 година
add the option to specify the family per rule to support ipv6 (#3) Closes: #2 * add the option to specify the family per rule to support ipv6 * include policy updates for ipv6 * update documentation to mention ipv6 * Make ipv6 optional; remove spurious tabs from the readme. * set ipv6 policies only if ipv6 is enabled on the host and not explicitly turned off for this service
пре 7 година
Initial commit
пре 9 година
Fix documentation, remove obsolete
пре 8 година
Initial commit
пре 9 година
Fix documentation, remove obsolete
пре 8 година
Initial commit
пре 9 година
Fix documentation, remove obsolete
пре 8 година
Correct parameters spelling
пре 7 година
Fix documentation, remove obsolete
пре 8 година
Initial commit
пре 9 година
Fix documentation, remove obsolete
пре 8 година
Correct parameters spelling
пре 7 година
Fix documentation, remove obsolete
пре 8 година
Adding comment option to iptables rule Change-Id: I9d93052cfc197a364b42240448344d5543e8805f
пре 7 година
Initial commit
пре 9 година
add the option to specify the family per rule to support ipv6 (#3) Closes: #2 * add the option to specify the family per rule to support ipv6 * include policy updates for ipv6 * update documentation to mention ipv6 * Make ipv6 optional; remove spurious tabs from the readme. * set ipv6 policies only if ipv6 is enabled on the host and not explicitly turned off for this service
пре 7 година
Initial commit
пре 9 година
Unify Makefile, .gitignore and update readme
пре 7 година
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149 
  1. 

  2. ================

  3. iptables formula

  4. ================

  5. 

  6. Iptables is used to set up, maintain, and inspect the tables of IPv4 packet

  7. filter rules in the Linux kernel. Several different tables may be defined.

  8. Each table contains a number of built-in chains and may also contain

  9. user-defined chains.  Each chain is a list of rules which can match a set of

  10. packets. Each rule specifies what to do with a packet that matches. This is

  11. called a `target`, which may be a jump to a user-defined chain in the same

  12. table.

  13. 

  14. Sample pillars

  15. ==============

  16. 

  17. Most common rules - allow traffic on localhost, accept related,established and

  18. ping

  19. 

  20. .. code-block:: yaml

  21. 

  22.     parameters:

  23.       iptables:

  24.         service:

  25.           enabled: True

  26.           chain:

  27.             INPUT:

  28.               rules:

  29.                 - in_interface: lo

  30.                   jump: ACCEPT

  31.                 - connection_state: RELATED,ESTABLISHED

  32.                   match: state

  33.                   jump: ACCEPT

  34.                 - protocol: icmp

  35.                   jump: ACCEPT

  36. 

  37. Accept connections on port 22

  38. 

  39. .. code-block:: yaml

  40. 

  41.     parameters:

  42.       iptables:

  43.         service:

  44.           chain:

  45.             INPUT:

  46.               rules:

  47.                 - destination_port: 22

  48.                   protocol: tcp

  49.                   jump: ACCEPT

  50. 

  51. Set drop policy on INPUT chain:

  52. 

  53. .. code-block:: yaml

  54. 

  55.     parameters:

  56.       iptables:

  57.         service:

  58.           chain:

  59.             INPUT:

  60.               policy: DROP

  61. 

  62. Redirect privileged port 443 to 8081

  63. 

  64. .. code-block:: yaml

  65. 

  66.     parameters:

  67.       iptables:

  68.         service:

  69.           chain:

  70.             PREROUTING:

  71.               filter: nat

  72.               destination_port: 443

  73.               to_port: 8081

  74.               protocol: tcp

  75.               jump: REDIRECT

  76. 

  77. Allow access from local network

  78. 

  79. .. code-block:: yaml

  80. 

  81.     parameters:

  82.       iptables:

  83.         service:

  84.           chain:

  85.             INPUT:

  86.               rules:

  87.                 - protocol: tcp

  88.                   destination_port: 22

  89.                   source_network: 192.168.1.0/24

  90.                   jump: ACCEPT

  91.                   comment: Blah

  92. 

  93. IPv6 is supported as well

  94. 

  95. .. code-block:: yaml

  96. 

  97.     parameters:

  98.       iptables:

  99.         service:

  100.           enabled: True

  101.           ipv6: True

  102.           chain:

  103.             INPUT:

  104.               rules:

  105.                 - protocol: tcp

  106.                   family: ipv6

  107.                   destination_port: 22

  108.                   source_network: 2001:DB8::/32

  109.                   jump: ACCEPT

  110. 

  111. Read more

  112. =========

  113. 

  114. * http://docs.saltstack.com/en/latest/ref/states/all/salt.states.iptables.html

  115. * https://help.ubuntu.com/community/IptablesHowTo

  116. * http://wiki.centos.org/HowTos/Network/IPTables

  117. 

  118. Documentation and Bugs

  119. ======================

  120. 

  121. To learn how to install and update salt-formulas, consult the documentation

  122. available online at:

  123. 

  124.     http://salt-formulas.readthedocs.io/

  125. 

  126. In the unfortunate event that bugs are discovered, they should be reported to

  127. the appropriate issue tracker. Use Github issue tracker for specific salt

  128. formula:

  129. 

  130.     https://github.com/salt-formulas/salt-formula-iptables/issues

  131. 

  132. For feature requests, bug reports or blueprints affecting entire ecosystem,

  133. use Launchpad salt-formulas project:

  134. 

  135.     https://launchpad.net/salt-formulas

  136. 

  137. You can also join salt-formulas-users team and subscribe to mailing list:

  138. 

  139.     https://launchpad.net/~salt-formulas-users

  140. 

  141. Developers wishing to work on the salt-formulas projects should always base

  142. their work on master branch and submit pull request against specific formula.

  143. 

  144.     https://github.com/salt-formulas/salt-formula-iptables

  145. 

  146. Any questions or feedback is always welcome so feel free to join our IRC

  147. channel:

  148. 

  149.     #salt-formulas @ irc.freenode.net