Saltstack Official IPTables Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Filip Pytloun 04f2396174
Merge pull request #20 from scambra/patch-1
5 vuotta sitten
_modules Fix for python3 5 vuotta sitten
debian Refactor from the scratch 6 vuotta sitten
iptables Fixed leading space in iptables package for RedHat and added iptables-services (#19) 5 vuotta sitten
metadata/service Add support metadata 9 vuotta sitten
tests Setting up openstack tests for iptables formula 6 vuotta sitten
.gitignore Unify Makefile, .gitignore and update readme 7 vuotta sitten
.kitchen.openstack.yml Setting up openstack tests for iptables formula 6 vuotta sitten
.travis.yml Fixing travis for openstack kitchen driver installer 6 vuotta sitten
CHANGELOG.rst Refactor from the scratch 6 vuotta sitten
LICENSE Refactor from the scratch 6 vuotta sitten
Makefile Update Makefile 6 vuotta sitten
README.rst Setting up openstack tests for iptables formula 6 vuotta sitten
VERSION Refactor from the scratch 6 vuotta sitten
metadata.yml Refactor from the scratch 6 vuotta sitten
user_data.sh Setting up openstack tests for iptables formula 6 vuotta sitten

README.rst

=====================
iptables salt formula
=====================

Iptables is used to set up, maintain, and inspect the tables of IPv4 packet
filter rules in the Linux kernel. Several different tables may be defined.
Each table contains a number of built-in chains and may also contain
user-defined chains. Each chain is a list of rules which can match a set of
packets. Each rule specifies what to do with a packet that matches. This is
called a `target`, which may be a jump to a user-defined chain in the same
table.

This version of a formula guarantees that manually added rules or rules which
has been added in runtime would be removed.

In order to ensure architecture, proper epoch value should be specified.
Refer to an example.

Sample pillars
==============

.. code-block:: yaml

parameters:
iptables:
schema:
epoch: 1
service:
v4:
enabled: true
persistent_config: /etc/iptables/rules.v4
modules:
- nf_conntrack_ftp
- nf_conntrack_pptp
v6:
enabled: false
persistent_config: /etc/iptables/rules.v6
modules:
- nf_conntrack_ipv6
defaults:
v4:
metadata_rules: false
policy: ACCEPT
ruleset:
action: ACCEPT
params: ""
rule: ""
v6:
metadata_rules: false
policy: DROP
ruleset:
action: ACCEPT
params: ""
rule: ""
tables:
v4:
filter:
chains:
INPUT:
ruleset:
5:
action: log_drop
10:
rule: -s 192.168.0.0/24 -p tcp
log_drop:
policy: DROP
ruleset:
10:
action: LOG
comment: "Log my packets"
nat:
chains:
OUTPUT: {}
PREROUTING: {}
POSTROUTING:
policy: ACCEPT
ruleset:
10:
rule: -s 192.168.0.0/24 -p tcp -o lo
action: SNAT
params: --to-source=127.0.0.1


Read more
=========

* http://docs.saltstack.com/en/latest/ref/states/all/salt.states.iptables.html
* https://help.ubuntu.com/community/IptablesHowTo
* http://wiki.centos.org/HowTos/Network/IPTables

Documentation and Bugs
======================

To learn how to install and update salt-formulas, consult the documentation
available online at:

http://salt-formulas.readthedocs.io/

In the unfortunate event that bugs are discovered, they should be reported to
the appropriate issue tracker. Use Github issue tracker for specific salt
formula:

https://github.com/salt-formulas/salt-formula-iptables/issues


Developers wishing to work on the salt-formulas projects should always base
their work on master branch and submit pull request against specific formula.

https://github.com/salt-formulas/salt-formula-iptables