ExternalMirrors
/
iptables-formula
spogulis no https://github.com/salt-formulas/salt-formula-iptables
Vērot 1
Pievienot zvaigznīti 0
Atdalīts 1
Kods Problēmas 0 Laidieni 6 Vikivietne Aktivitāte
Saltstack Official IPTables Formula
Nevar pievienot vairāk kā 25 tēmas Tēmai ir jāsākas ar burtu vai ciparu, tā var saturēt domu zīmes ('-') un var būt līdz 35 simboliem gara.
40 Revīzijas
2 Atzari
Koks: e484ba9ec3
Atzari Tagi
${ item.name }
Izveidot atzaru ${ searchTerm }
no 'e484ba9ec3'
${ noResults }
iptables-formula/iptables/files/ip4tables

ip4tables 2.5KB
Neapstrādāts Parastais skats Vēsture

Add support for using iptables-restore to apply the rules This will not save or flush current iptables rules so that it makes the iptables-restore provider compatible with docker or similar software that manage their own rules in iptables.
pirms 7 gadiem
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101 
  1. #!/bin/sh

  2. 

  3. # This file is part of netfilter-persistent

  4. # (was iptables-persistent)

  5. # Copyright (C) 2009, Simon Richter <sjr@debian.org>

  6. # Copyright (C) 2010, 2014 Jonathan Wiltshire <jmw@debian.org>

  7. #

  8. # This program is free software; you can redistribute it and/or

  9. # modify it under the terms of the GNU General Public License

  10. # as published by the Free Software Foundation, either version 3

  11. # of the License, or (at your option) any later version.

  12. 

  13. rc=0

  14. 

  15. load_rules()

  16. {

  17. 	#load IPv4 rules

  18. 	if [ ! -f /etc/iptables/rules.v4 ]; then

  19. 		echo "Warning: skipping IPv4 (no rules to load)"

  20. 	else

  21. {%- if provider == 'iptables-restore' %}

  22. 		iptables-restore --test < /etc/iptables/rules.v4 2> /dev/null

  23. 		if [ $? -ne 0 ]; then

  24. 			rc=1

  25. 		else

  26. 			iptables-save > /etc/iptables/rules.v4.bak

  27. 			grep -v __saltstack__ /etc/iptables/rules.v4.bak | iptables-restore 2> /dev/null

  28. 			iptables-restore --noflush < /etc/iptables/rules.v4 2> /dev/null

  29. 			if [ $? -ne 0 ]; then

  30. 				rc=1

  31. 				iptables-restore < /etc/iptables/rules.v4.bak 2> /dev/null

  32. 			fi

  33. 		fi

  34. {%- else %}

  35. 		iptables-restore < /etc/iptables/rules.v4 2> /dev/null

  36. 		if [ $? -ne 0 ]; then

  37. 			rc=1

  38. 		fi

  39. {%- endif %}

  40. 	fi

  41. }

  42. 

  43. save_rules()

  44. {

  45. 	#save IPv4 rules

  46. 	#need at least iptable_filter loaded:

  47. 	/sbin/modprobe -q iptable_filter

  48. 	if [ ! -f /proc/net/ip_tables_names ]; then

  49. 		echo "Warning: skipping IPv4 (no modules loaded)"

  50. 	elif [ -x /sbin/iptables-save ]; then

  51. 		touch /etc/iptables/rules.v4

  52. 		chmod 0640 /etc/iptables/rules.v4

  53. 		iptables-save > /etc/iptables/rules.v4

  54. 		if [ $? -ne 0 ]; then

  55. 			rc=1

  56. 		fi

  57. 	fi

  58. }

  59. 

  60. flush_rules()

  61. {

  62. 	if [ ! -f /proc/net/ip_tables_names ]; then

  63. 		log_action_cont_msg "Warning: skipping IPv4 (no module loaded)"

  64. 	elif [ -x /sbin/iptables ]; then

  65. 		for param in F Z X; do /sbin/iptables -$param; done

  66. 		for table in $(cat /proc/net/ip_tables_names)

  67. 		do

  68. 			/sbin/iptables -t $table -F

  69. 			/sbin/iptables -t $table -Z

  70. 			/sbin/iptables -t $table -X

  71. 		done

  72. 		for chain in INPUT FORWARD OUTPUT

  73. 		do

  74. 			/sbin/iptables -P $chain ACCEPT

  75. 		done

  76. 	fi

  77. }

  78. 

  79. case "$1" in

  80. start|restart|reload|force-reload)

  81. 	load_rules

  82. 	;;

  83. save)

  84. 	save_rules

  85. 	;;

  86. stop)

  87. 	# Why? because if stop is used, the firewall gets flushed for a variable

  88. 	# amount of time during package upgrades, leaving the machine vulnerable

  89. 	# It's also not always desirable to flush during purge

  90. 	echo "Automatic flushing disabled, use \"flush\" instead of \"stop\""

  91. 	;;

  92. flush)

  93. 	flush_rules

  94. 	;;

  95. *)

  96. 	echo "Usage: $0 {start|restart|reload|force-reload|save|flush}" >&2

  97. 	exit 1

  98. 	;;

  99. esac

  100. 

  101. exit $rc