瀏覽代碼

set ipv6 policies only if ipv6 is enabled on the host and not explicitly turned off for this service

pull/3/head
Dennis van Dok 7 年之前
父節點
當前提交
6ad67680cd
共有 2 個檔案被更改,包括 3 行新增3 行删除
  1. +1
    -1
      iptables/rules.sls
  2. +2
    -2
      iptables/service.sls

+ 1
- 1
iptables/rules.sls 查看文件

@@ -10,7 +10,7 @@ iptables_{{ chain_name }}_policy:
- policy: {{ chain.policy }}
- table: filter

{%- if service.ipv6 %}
{%- if grains.ipv6|default(False) and service.ipv6|default(True) %}
iptables_{{ chain_name }}_ipv6_policy:
iptables.set_policy:
- family: ipv6

+ 2
- 2
iptables/service.sls 查看文件

@@ -37,7 +37,7 @@ iptables_{{ chain_name }}_policy:
- require_in:
- iptables: iptables_flush

{%- if service.ipv6 %}
{%- if grains.ipv6|default(False) and service.ipv6|default(True) %}
iptables_{{ chain_name }}_ipv6_policy:
iptables.set_policy:
- chain: {{ chain_name }}
@@ -53,7 +53,7 @@ iptables_{{ chain_name }}_ipv6_policy:
iptables_flush:
iptables.flush

{%- if service.ipv6 %}
{%- if grains.ipv6|default(False) and service.ipv6|default(True) %}
ip6tables_flush:
iptables.flush:
- family: ipv6

Loading…
取消
儲存