ExternalMirrors
/
iptables-formula
kopie van https://github.com/salt-formulas/salt-formula-iptables
Volgen 1
Ster 0
Vork 1
Code Kwesties 0 Publicaties 6 Wiki Activiteit
Saltstack Official IPTables Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
40 Commits
2 Branches
Tree: e484ba9ec3
Branches Labels
${ item.name }
Maak branch ${ searchTerm }
van 'e484ba9ec3'
${ noResults }
iptables-formula/iptables/files/rules.v4

77 lines
2.3KB
Ruw Blame Geschiedenis 

  1. # This file is managed by SaltStack

  2. {%- for table in ['mangle', 'nat', 'filter'] %}

  3. 

  4. *{{ table }}

  5. {%- for chain_name, chain in chains.iteritems() %}

  6. :{{ chain_name | upper }} {{ chain.get('policy', '-') | upper }}

  7. {%- endfor %}

  8. 

  9. {%- for chain_name, chain in chains.iteritems() %}

  10. {%- for rule in chain.rules %}

  11. {%- if rule.get('table', 'filter').lower() == table and rule.get('family', 'ipv4') == 'ipv4' %}

  12. {%- set r = {

  13.   'full': 'True',

  14.   'table': table,

  15.   'chain': chain_name.upper(),

  16.   'command': 'A',

  17.   'family': 'ipv4',

  18.   'comment': rule.get('comment', '') + '__saltstack__',

  19. } %}

  20. {%- if rule.position is defined %}

  21. {%- do r.update({

  22.   'command': 'I',

  23.   'position': rule['position'],

  24. }) %}

  25. {%- endif %}

  26. {%- if rule.jump is defined %}

  27. {%- do r.update({'jump': rule.jump}) %}

  28. {%- endif %}

  29. {%- if rule.match is defined %}

  30. {%- do r.update({'match': rule.match}) %}

  31. {%- endif %}

  32. {%- if rule.connection_state is defined %}

  33. {%- do r.update({'connstate': rule.connection_state}) %}

  34. {%- endif %}

  35. {%- if rule.protocol is defined %}

  36. {%- do r.update({'proto': rule.protocol}) %}

  37. {%- endif %}

  38. {%- if rule.destination_port is defined %}

  39. {%- do r.update({'dport': rule.destination_port}) %}

  40. {%- endif %}

  41. {%- if rule.source_port is defined %}

  42. {%- do r.update({'sport': rule.source_port}) %}

  43. {%- endif %}

  44. {%- if rule.in_interface is defined %}

  45. {%- do r.update({'in-interface': rule.in_interface}) %}

  46. {%- endif %}

  47. {%- if rule.out_interface is defined %}

  48. {%- do r.update({'out-interface': rule.out_interface}) %}

  49. {%- endif %}

  50. {%- if rule.to_destination is defined %}

  51. {%- do r.update({'to-destination': rule.to_destination}) %}

  52. {%- endif %}

  53. {%- if rule.to_port is defined %}

  54. {%- do r.update({'to-port': rule.to_port}) %}

  55. {%- endif %}

  56. {%- if rule.to_source is defined %}

  57. {%- do r.update({'to-source': rule.to_source}) %}

  58. {%- endif %}

  59. {%- if rule.source_network is defined %}

  60. {%- do r.update({'source': rule.source_network}) %}

  61. {%- endif %}

  62. {%- if rule.destination_network is defined %}

  63. {%- do r.update({'destination': rule.destination_network}) %}

  64. {%- endif %}

  65. {%- if rule.mark is defined %}

  66. {%- do r.update({'mark': rule.mark}) %}

  67. {%- endif %}

  68. {%- if rule.set_mark is defined %}

  69. {%- do r.update({'set-mark': rule.set_mark}) %}

  70. {%- endif %}

  71. {{ salt['iptables.build_rule'](**r) | regex_replace('^.*-t %s ' % table, '') }}

  72. {%- endif %}

  73. {%- endfor %}

  74. {%- endfor %}

  75. COMMIT

  76. {%- endfor %}