ExternalMirrors
/
iptables-formula
镜像自地址 https://github.com/salt-formulas/salt-formula-iptables
关注 1
点赞 0
派生 1
代码 工单 0 版本发布 6 百科 动态
Saltstack Official IPTables Formula
您最多选择25个主题 主题必须以字母或数字开头,可以包含连字符 (-),并且长度不得超过35个字符
39 提交
2 分支
目录树: 5cdedd8221
分支列表 标签列表
${ item.name }
创建分支 ${ searchTerm }
从 '5cdedd8221'
${ noResults }
iptables-formula/iptables/files/rules.v6

136 行
4.1KB
原始文件 Blame 文件历史 

  1. # This file is managed by SaltStack

  2. 

  3. *filter

  4. {%- for chain_name, chain in chains.iteritems() %}

  5. :{{ chain_name | upper }} {{ chain.get('policy', '-') | upper }}

  6. {%- endfor %}

  7. 

  8. {%- for chain_name, chain in chains.iteritems() %}

  9. {%- for rule in meta_rules + chain.rules %}

  10. {%- if rule.get('table', 'filter').lower() == 'filter' and rule.get('family', 'ipv4') == 'ipv6' %}

  11. {%- set r = {

  12.   'full': 'True',

  13.   'table': 'filter',

  14.   'chain': chain_name.upper(),

  15.   'command': 'A',

  16.   'family': 'ipv6',

  17.   'comment': rule.get('comment', '') + '__saltstack__',

  18. } %}

  19. {%- if rule.position is defined %}

  20. {%- do r.update({

  21.   'command': 'I',

  22.   'position': rule['position'],

  23. }) %}

  24. {%- endif %}

  25. {%- if rule.jump is defined %}

  26. {%- do r.update({'jump': rule.jump}) %}

  27. {%- endif %}

  28. {%- if rule.match is defined %}

  29. {%- do r.update({'match': rule.match}) %}

  30. {%- endif %}

  31. {%- if rule.connection_state is defined %}

  32. {%- do r.update({'connstate': rule.connection_state}) %}

  33. {%- endif %}

  34. {%- if rule.protocol is defined %}

  35. {%- do r.update({'proto': rule.protocol}) %}

  36. {%- endif %}

  37. {%- if rule.destination_port is defined %}

  38. {%- do r.update({'dport': rule.destination_port}) %}

  39. {%- endif %}

  40. {%- if rule.source_port is defined %}

  41. {%- do r.update({'sport': rule.source_port}) %}

  42. {%- endif %}

  43. {%- if rule.in_interface is defined %}

  44. {%- do r.update({'in-interface': rule.in_interface}) %}

  45. {%- endif %}

  46. {%- if rule.out_interface is defined %}

  47. {%- do r.update({'out-interface': rule.out_interface}) %}

  48. {%- endif %}

  49. {%- if rule.to_destination is defined %}

  50. {%- do r.update({'to-destination': rule.to_destination}) %}

  51. {%- endif %}

  52. {%- if rule.to_port is defined %}

  53. {%- do r.update({'to-port': rule.to_port}) %}

  54. {%- endif %}

  55. {%- if rule.to_source is defined %}

  56. {%- do r.update({'to-source': rule.to_source}) %}

  57. {%- endif %}

  58. {%-  if rule.source_network is defined %}

  59. {%- do r.update({'source': rule.source_network}) %}

  60. {%- endif %}

  61. {%-  if rule.destination_network is defined %}

  62. {%- do r.update({'destination': rule.destination_network}) %}

  63. {%- endif %}

  64. {{ salt['iptables.build_rule'](**r) | regex_replace('^.*-t filter ', '') }}

  65. {%- endif %}

  66. {%- endfor %}

  67. {%- endfor %}

  68. COMMIT

  69. 

  70. *nat

  71. {%- for chain_name, chain in chains.iteritems() %}

  72. :{{ chain_name | upper }} {{ chain.get('policy', '-') | upper }}

  73. {%- endfor %}

  74. 

  75. {%- for chain_name, chain in chains.iteritems() %}

  76. {%- for rule in chain.rules %}

  77. {%- if rule.get('table', 'filter').lower() == 'nat' and rule.get('family', 'ipv4') == 'ipv6' %}

  78. {%- set r = {

  79.   'full': 'True',

  80.   'table': 'nat',

  81.   'chain': chain_name.upper(),

  82.   'command': 'A',

  83.   'family': 'ipv6',

  84.   'comment': rule.get('comment', '') + '__saltstack__',

  85. } %}

  86. {%- if rule.position is defined %}

  87. {%- do r.update({

  88.   'command': 'I',

  89.   'position': rule['position'],

  90. }) %}

  91. {%- endif %}

  92. {%- if rule.jump is defined %}

  93. {%- do r.update({'jump': rule.jump}) %}

  94. {%- endif %}

  95. {%- if rule.match is defined %}

  96. {%- do r.update({'match': rule.match}) %}

  97. {%- endif %}

  98. {%- if rule.connection_state is defined %}

  99. {%- do r.update({'connstate': rule.connection_state}) %}

  100. {%- endif %}

  101. {%- if rule.protocol is defined %}

  102. {%- do r.update({'proto': rule.protocol}) %}

  103. {%- endif %}

  104. {%- if rule.destination_port is defined %}

  105. {%- do r.update({'dport': rule.destination_port}) %}

  106. {%- endif %}

  107. {%- if rule.source_port is defined %}

  108. {%- do r.update({'sport': rule.source_port}) %}

  109. {%- endif %}

  110. {%- if rule.in_interface is defined %}

  111. {%- do r.update({'in-interface': rule.in_interface}) %}

  112. {%- endif %}

  113. {%- if rule.out_interface is defined %}

  114. {%- do r.update({'out-interface': rule.out_interface}) %}

  115. {%- endif %}

  116. {%- if rule.to_destination is defined %}

  117. {%- do r.update({'to-destination': rule.to_destination}) %}

  118. {%- endif %}

  119. {%- if rule.to_port is defined %}

  120. {%- do r.update({'to-port': rule.to_port}) %}

  121. {%- endif %}

  122. {%- if rule.to_source is defined %}

  123. {%- do r.update({'to-source': rule.to_source}) %}

  124. {%- endif %}

  125. {%-  if rule.source_network is defined %}

  126. {%- do r.update({'source': rule.source_network}) %}

  127. {%- endif %}

  128. {%-  if rule.destination_network is defined %}

  129. {%- do r.update({'destination': rule.destination_network}) %}

  130. {%- endif %}

  131. {{ salt['iptables.build_rule'](**r) | regex_replace('^.*-t nat ', '') }}

  132. {%- endif %}

  133. {%- endfor %}

  134. {%- endfor %}

  135. COMMIT