Browse Source
set ipv6 policies only if ipv6 is enabled on the host and not explicitly turned off for this service
pull/3/head
Dennis van Dok
7 years ago
2 changed files with 3 additions and 3 deletions
+ 1
- 1
iptables/rules.sls
View File
| - policy: {{ chain.policy }} | - policy: {{ chain.policy }} | ||||
| - table: filter | - table: filter | ||||
| {%- if service.ipv6 %} | |||||
| {%- if grains.ipv6|default(False) and service.ipv6|default(True) %} | |||||
| iptables_{{ chain_name }}_ipv6_policy: | iptables_{{ chain_name }}_ipv6_policy: | ||||
| iptables.set_policy: | iptables.set_policy: | ||||
| - family: ipv6 | - family: ipv6 |
+ 2
- 2
iptables/service.sls
View File
| - require_in: | - require_in: | ||||
| - iptables: iptables_flush | - iptables: iptables_flush | ||||
| {%- if service.ipv6 %} | |||||
| {%- if grains.ipv6|default(False) and service.ipv6|default(True) %} | |||||
| iptables_{{ chain_name }}_ipv6_policy: | iptables_{{ chain_name }}_ipv6_policy: | ||||
| iptables.set_policy: | iptables.set_policy: | ||||
| - chain: {{ chain_name }} | - chain: {{ chain_name }} | ||||
| iptables_flush: | iptables_flush: | ||||
| iptables.flush | iptables.flush | ||||
| {%- if service.ipv6 %} | |||||
| {%- if grains.ipv6|default(False) and service.ipv6|default(True) %} | |||||
| ip6tables_flush: | ip6tables_flush: | ||||
| iptables.flush: | iptables.flush: | ||||
| - family: ipv6 | - family: ipv6 |
Loading…