ExternalMirrors
/
iptables-formula
mirror of https://github.com/salt-formulas/salt-formula-iptables
Watch 1
Star 0
Fork 1
Code Issues 0 Releases 6 Wiki Activity
Saltstack Official IPTables Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8 Commits
2 Branches
Tree: bd5d136886
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'bd5d136886'
${ noResults }
iptables-formula/iptables/rules.sls

71 lines
1.9KB
Raw Blame History 

  1. {% from "iptables/map.jinja" import service with context %}

  2. 

  3. {%- for chain_name, chain in service.get('chain', {}).iteritems() %}

  4. 

  5. {%- if chain.policy is defined %}

  6. iptables_{{ chain_name }}_policy:

  7.   iptables.set_policy:

  8.     - chain: {{ chain_name }}

  9.     - policy: {{ chain.policy }}

  10.     - table: filter

  11. {%- endif %}

  12. 

  13. {%- for rule_name, rule in chain.get('rule', {}).iteritems() %}

  14. 

  15. iptables_{{ chain_name }}_{{ rule_name }}:

  16.   {%- if rule.position is defined %}

  17.   iptables.insert:

  18.   - position: {{ rule.position }}

  19.   {%- else %}

  20.   iptables.append:

  21.   {%- endif %}

  22.   {%- if rule.table is defined %}

  23.   - table: {{ rule.table }}

  24.   {%- endif %}

  25.   - chain: {{ chain_name }}

  26.   {%- if rule.jump is defined %}

  27.   - jump: {{ rule.jump }}

  28.   {%- endif %}

  29.   {%- if rule.match is defined %}

  30.   - match: {{ rule.match }}

  31.   {%- endif %}

  32.   {%- if rule.connection_state is defined %}

  33.   - connstate: {{ rule.connection_state }}

  34.   {%- endif %}

  35.   {%- if rule.protocol is defined %}

  36.   - proto: {{ rule.protocol }}

  37.   {%- endif %}

  38.   {%- if rule.destination_port is defined %}

  39.   - dport: {{ rule.destination_port }}

  40.   {%- endif %}

  41.   {%- if rule.source_port is defined %}

  42.   - sport: {{ rule.source_port }}

  43.   {%- endif %}

  44.   {%- if rule.in_interface is defined %}

  45.   - in-interface: {{ rule.in_interface }}

  46.   {%- endif %}

  47.   {%- if rule.out_interface is defined %}

  48.   - out-interface: {{ rule.out_interface }}

  49.   {%- endif %}

  50.   {%- if rule.to_destination is defined %}

  51.   - to-destination: {{ rule.to_destination }}

  52.   {%- endif %}

  53.   {%- if rule.to_source is defined %}

  54.   - to-source: {{ rule.to_source }}

  55.   {%- endif %}

  56.   {%-  if rule.source_network is defined %}

  57.   - source: {{ rule.source_network }}

  58.   {%- endif %}

  59.   {%-  if rule.destination_network is defined %}

  60.   - destination: {{ rule.destination_network }}

  61.   {%- endif %}

  62.   {%- if chain.policy is defined %}

  63.   - require_in:

  64.     - iptables: iptables_{{ chain_name }}_policy:

  65.   {%- endif %}

  66.   - save: True

  67. 

  68. {%- endfor %}

  69. 

  70. {%- endfor %}