ExternalMirrors
/
ufw-formula
镜像来自 https://github.com/saltstack-formulas/ufw-formula
關註 1
收藏 0
複製 1
程式碼 問題管理 0 版本發佈 12 Wiki Activity
Saltstack Official UFW Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
223 Commit
1 分支
分支: master
分支列表 標籤列表
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
ufw-formula/pillar.example

pillar.example 2.5KB
原始文件 永久連結 Normal View 文件歷史

feat(yamllint): include for this repo and apply rules throughout * Semi-automated using `ssf-formula` (v0.5.0) * Fix errors shown below: ```bash ufw-formula$ $(grep "\- yamllint" .travis.yml | sed -e "s:^\s\+-\s\(.*\):\1:") pillar.example 1:1 warning missing document start "---" (document-start) 3:12 warning truthy value should be one of [false, true] (truthy) 7:11 warning truthy value should be one of [false, true] (truthy) 12:22 warning truthy value should be one of [false, true] (truthy) 64:13 warning truthy value should be one of [false, true] (truthy) 69:13 warning truthy value should be one of [false, true] (truthy) 77:13 warning truthy value should be one of [false, true] (truthy) 84:14 warning truthy value should be one of [false, true] (truthy) 101:16 warning truthy value should be one of [false, true] (truthy) 106:14 warning truthy value should be one of [false, true] (truthy) 110:13 warning truthy value should be one of [false, true] (truthy) test/salt/pillar/default.sls 1:1 warning missing document start "---" (document-start) 2:12 warning truthy value should be one of [false, true] (truthy) 9:14 warning truthy value should be one of [false, true] (truthy) 12:13 warning truthy value should be one of [false, true] (truthy) 15:13 warning truthy value should be one of [false, true] (truthy) 19:13 warning truthy value should be one of [false, true] (truthy) 25:14 warning truthy value should be one of [false, true] (truthy) 29:13 warning truthy value should be one of [false, true] (truthy) ```
5 年之前
Formula initial version
10 年之前
feat(yamllint): include for this repo and apply rules throughout * Semi-automated using `ssf-formula` (v0.5.0) * Fix errors shown below: ```bash ufw-formula$ $(grep "\- yamllint" .travis.yml | sed -e "s:^\s\+-\s\(.*\):\1:") pillar.example 1:1 warning missing document start "---" (document-start) 3:12 warning truthy value should be one of [false, true] (truthy) 7:11 warning truthy value should be one of [false, true] (truthy) 12:22 warning truthy value should be one of [false, true] (truthy) 64:13 warning truthy value should be one of [false, true] (truthy) 69:13 warning truthy value should be one of [false, true] (truthy) 77:13 warning truthy value should be one of [false, true] (truthy) 84:14 warning truthy value should be one of [false, true] (truthy) 101:16 warning truthy value should be one of [false, true] (truthy) 106:14 warning truthy value should be one of [false, true] (truthy) 110:13 warning truthy value should be one of [false, true] (truthy) test/salt/pillar/default.sls 1:1 warning missing document start "---" (document-start) 2:12 warning truthy value should be one of [false, true] (truthy) 9:14 warning truthy value should be one of [false, true] (truthy) 12:13 warning truthy value should be one of [false, true] (truthy) 15:13 warning truthy value should be one of [false, true] (truthy) 19:13 warning truthy value should be one of [false, true] (truthy) 25:14 warning truthy value should be one of [false, true] (truthy) 29:13 warning truthy value should be one of [false, true] (truthy) ```
5 年之前
Formula initial version
10 年之前
add webscale changes
8 年之前
Handle loglevel
6 年之前
feat(yamllint): include for this repo and apply rules throughout * Semi-automated using `ssf-formula` (v0.5.0) * Fix errors shown below: ```bash ufw-formula$ $(grep "\- yamllint" .travis.yml | sed -e "s:^\s\+-\s\(.*\):\1:") pillar.example 1:1 warning missing document start "---" (document-start) 3:12 warning truthy value should be one of [false, true] (truthy) 7:11 warning truthy value should be one of [false, true] (truthy) 12:22 warning truthy value should be one of [false, true] (truthy) 64:13 warning truthy value should be one of [false, true] (truthy) 69:13 warning truthy value should be one of [false, true] (truthy) 77:13 warning truthy value should be one of [false, true] (truthy) 84:14 warning truthy value should be one of [false, true] (truthy) 101:16 warning truthy value should be one of [false, true] (truthy) 106:14 warning truthy value should be one of [false, true] (truthy) 110:13 warning truthy value should be one of [false, true] (truthy) test/salt/pillar/default.sls 1:1 warning missing document start "---" (document-start) 2:12 warning truthy value should be one of [false, true] (truthy) 9:14 warning truthy value should be one of [false, true] (truthy) 12:13 warning truthy value should be one of [false, true] (truthy) 15:13 warning truthy value should be one of [false, true] (truthy) 19:13 warning truthy value should be one of [false, true] (truthy) 25:14 warning truthy value should be one of [false, true] (truthy) 29:13 warning truthy value should be one of [false, true] (truthy) ```
5 年之前
add webscale changes
8 年之前
feat(yamllint): include for this repo and apply rules throughout * Semi-automated using `ssf-formula` (v0.5.0) * Fix errors shown below: ```bash ufw-formula$ $(grep "\- yamllint" .travis.yml | sed -e "s:^\s\+-\s\(.*\):\1:") pillar.example 1:1 warning missing document start "---" (document-start) 3:12 warning truthy value should be one of [false, true] (truthy) 7:11 warning truthy value should be one of [false, true] (truthy) 12:22 warning truthy value should be one of [false, true] (truthy) 64:13 warning truthy value should be one of [false, true] (truthy) 69:13 warning truthy value should be one of [false, true] (truthy) 77:13 warning truthy value should be one of [false, true] (truthy) 84:14 warning truthy value should be one of [false, true] (truthy) 101:16 warning truthy value should be one of [false, true] (truthy) 106:14 warning truthy value should be one of [false, true] (truthy) 110:13 warning truthy value should be one of [false, true] (truthy) test/salt/pillar/default.sls 1:1 warning missing document start "---" (document-start) 2:12 warning truthy value should be one of [false, true] (truthy) 9:14 warning truthy value should be one of [false, true] (truthy) 12:13 warning truthy value should be one of [false, true] (truthy) 15:13 warning truthy value should be one of [false, true] (truthy) 19:13 warning truthy value should be one of [false, true] (truthy) 25:14 warning truthy value should be one of [false, true] (truthy) 29:13 warning truthy value should be one of [false, true] (truthy) ```
5 年之前
add webscale changes
8 年之前
Formula initial version
10 年之前
Added support for comments in all forms and added in example.
7 年之前
Formula initial version
10 年之前
Added support for comments in all forms and added in example.
7 年之前
Formula initial version
10 年之前
Added support for comments in all forms and added in example.
7 年之前
Formula initial version
10 年之前
Adds ability to limit or deny services and applications. The "limit" and "deny" parameters have been added to both the services and applications sections. Setting "limit: True" will use the "ufw limit" command instead of "ufw allow". Likewise, setting "deny: True" will use the "ufw deny" command.
6 年之前
Formula initial version
10 年之前
Added support for comments in all forms and added in example.
7 年之前
Formula initial version
10 年之前
Adds ability to limit or deny services and applications. The "limit" and "deny" parameters have been added to both the services and applications sections. Setting "limit: True" will use the "ufw limit" command instead of "ufw allow". Likewise, setting "deny: True" will use the "ufw deny" command.
6 年之前
feat(yamllint): include for this repo and apply rules throughout * Semi-automated using `ssf-formula` (v0.5.0) * Fix errors shown below: ```bash ufw-formula$ $(grep "\- yamllint" .travis.yml | sed -e "s:^\s\+-\s\(.*\):\1:") pillar.example 1:1 warning missing document start "---" (document-start) 3:12 warning truthy value should be one of [false, true] (truthy) 7:11 warning truthy value should be one of [false, true] (truthy) 12:22 warning truthy value should be one of [false, true] (truthy) 64:13 warning truthy value should be one of [false, true] (truthy) 69:13 warning truthy value should be one of [false, true] (truthy) 77:13 warning truthy value should be one of [false, true] (truthy) 84:14 warning truthy value should be one of [false, true] (truthy) 101:16 warning truthy value should be one of [false, true] (truthy) 106:14 warning truthy value should be one of [false, true] (truthy) 110:13 warning truthy value should be one of [false, true] (truthy) test/salt/pillar/default.sls 1:1 warning missing document start "---" (document-start) 2:12 warning truthy value should be one of [false, true] (truthy) 9:14 warning truthy value should be one of [false, true] (truthy) 12:13 warning truthy value should be one of [false, true] (truthy) 15:13 warning truthy value should be one of [false, true] (truthy) 19:13 warning truthy value should be one of [false, true] (truthy) 25:14 warning truthy value should be one of [false, true] (truthy) 29:13 warning truthy value should be one of [false, true] (truthy) ```
5 年之前
Adds ability to limit or deny services and applications. The "limit" and "deny" parameters have been added to both the services and applications sections. Setting "limit: True" will use the "ufw limit" command instead of "ufw allow". Likewise, setting "deny: True" will use the "ufw deny" command.
6 年之前
feat(yamllint): include for this repo and apply rules throughout * Semi-automated using `ssf-formula` (v0.5.0) * Fix errors shown below: ```bash ufw-formula$ $(grep "\- yamllint" .travis.yml | sed -e "s:^\s\+-\s\(.*\):\1:") pillar.example 1:1 warning missing document start "---" (document-start) 3:12 warning truthy value should be one of [false, true] (truthy) 7:11 warning truthy value should be one of [false, true] (truthy) 12:22 warning truthy value should be one of [false, true] (truthy) 64:13 warning truthy value should be one of [false, true] (truthy) 69:13 warning truthy value should be one of [false, true] (truthy) 77:13 warning truthy value should be one of [false, true] (truthy) 84:14 warning truthy value should be one of [false, true] (truthy) 101:16 warning truthy value should be one of [false, true] (truthy) 106:14 warning truthy value should be one of [false, true] (truthy) 110:13 warning truthy value should be one of [false, true] (truthy) test/salt/pillar/default.sls 1:1 warning missing document start "---" (document-start) 2:12 warning truthy value should be one of [false, true] (truthy) 9:14 warning truthy value should be one of [false, true] (truthy) 12:13 warning truthy value should be one of [false, true] (truthy) 15:13 warning truthy value should be one of [false, true] (truthy) 19:13 warning truthy value should be one of [false, true] (truthy) 25:14 warning truthy value should be one of [false, true] (truthy) 29:13 warning truthy value should be one of [false, true] (truthy) ```
5 年之前
Adds ability to limit or deny services and applications. The "limit" and "deny" parameters have been added to both the services and applications sections. Setting "limit: True" will use the "ufw limit" command instead of "ufw allow". Likewise, setting "deny: True" will use the "ufw deny" command.
6 年之前
Update README and pillar.example with new to_port property
6 年之前
Adds ability to limit or deny services and applications. The "limit" and "deny" parameters have been added to both the services and applications sections. Setting "limit: True" will use the "ufw limit" command instead of "ufw allow". Likewise, setting "deny: True" will use the "ufw deny" command.
6 年之前
feat(yamllint): include for this repo and apply rules throughout * Semi-automated using `ssf-formula` (v0.5.0) * Fix errors shown below: ```bash ufw-formula$ $(grep "\- yamllint" .travis.yml | sed -e "s:^\s\+-\s\(.*\):\1:") pillar.example 1:1 warning missing document start "---" (document-start) 3:12 warning truthy value should be one of [false, true] (truthy) 7:11 warning truthy value should be one of [false, true] (truthy) 12:22 warning truthy value should be one of [false, true] (truthy) 64:13 warning truthy value should be one of [false, true] (truthy) 69:13 warning truthy value should be one of [false, true] (truthy) 77:13 warning truthy value should be one of [false, true] (truthy) 84:14 warning truthy value should be one of [false, true] (truthy) 101:16 warning truthy value should be one of [false, true] (truthy) 106:14 warning truthy value should be one of [false, true] (truthy) 110:13 warning truthy value should be one of [false, true] (truthy) test/salt/pillar/default.sls 1:1 warning missing document start "---" (document-start) 2:12 warning truthy value should be one of [false, true] (truthy) 9:14 warning truthy value should be one of [false, true] (truthy) 12:13 warning truthy value should be one of [false, true] (truthy) 15:13 warning truthy value should be one of [false, true] (truthy) 19:13 warning truthy value should be one of [false, true] (truthy) 25:14 warning truthy value should be one of [false, true] (truthy) 29:13 warning truthy value should be one of [false, true] (truthy) ```
5 年之前
Adds ability to limit or deny services and applications. The "limit" and "deny" parameters have been added to both the services and applications sections. Setting "limit: True" will use the "ufw limit" command instead of "ufw allow". Likewise, setting "deny: True" will use the "ufw deny" command.
6 年之前
feat(yamllint): include for this repo and apply rules throughout * Semi-automated using `ssf-formula` (v0.5.0) * Fix errors shown below: ```bash ufw-formula$ $(grep "\- yamllint" .travis.yml | sed -e "s:^\s\+-\s\(.*\):\1:") pillar.example 1:1 warning missing document start "---" (document-start) 3:12 warning truthy value should be one of [false, true] (truthy) 7:11 warning truthy value should be one of [false, true] (truthy) 12:22 warning truthy value should be one of [false, true] (truthy) 64:13 warning truthy value should be one of [false, true] (truthy) 69:13 warning truthy value should be one of [false, true] (truthy) 77:13 warning truthy value should be one of [false, true] (truthy) 84:14 warning truthy value should be one of [false, true] (truthy) 101:16 warning truthy value should be one of [false, true] (truthy) 106:14 warning truthy value should be one of [false, true] (truthy) 110:13 warning truthy value should be one of [false, true] (truthy) test/salt/pillar/default.sls 1:1 warning missing document start "---" (document-start) 2:12 warning truthy value should be one of [false, true] (truthy) 9:14 warning truthy value should be one of [false, true] (truthy) 12:13 warning truthy value should be one of [false, true] (truthy) 15:13 warning truthy value should be one of [false, true] (truthy) 19:13 warning truthy value should be one of [false, true] (truthy) 25:14 warning truthy value should be one of [false, true] (truthy) 29:13 warning truthy value should be one of [false, true] (truthy) ```
5 年之前
Adds ability to limit or deny services and applications. The "limit" and "deny" parameters have been added to both the services and applications sections. Setting "limit: True" will use the "ufw limit" command instead of "ufw allow". Likewise, setting "deny: True" will use the "ufw deny" command.
6 年之前
Formula initial version
10 年之前
Added support for comments in all forms and added in example.
7 年之前
Formula initial version
10 年之前
Added support for comments in all forms and added in example.
7 年之前
Formula initial version
10 年之前
Adds ability to limit or deny services and applications. The "limit" and "deny" parameters have been added to both the services and applications sections. Setting "limit: True" will use the "ufw limit" command instead of "ufw allow". Likewise, setting "deny: True" will use the "ufw deny" command.
6 年之前
Formula initial version
10 年之前
add webscale changes
8 年之前
feat(yamllint): include for this repo and apply rules throughout * Semi-automated using `ssf-formula` (v0.5.0) * Fix errors shown below: ```bash ufw-formula$ $(grep "\- yamllint" .travis.yml | sed -e "s:^\s\+-\s\(.*\):\1:") pillar.example 1:1 warning missing document start "---" (document-start) 3:12 warning truthy value should be one of [false, true] (truthy) 7:11 warning truthy value should be one of [false, true] (truthy) 12:22 warning truthy value should be one of [false, true] (truthy) 64:13 warning truthy value should be one of [false, true] (truthy) 69:13 warning truthy value should be one of [false, true] (truthy) 77:13 warning truthy value should be one of [false, true] (truthy) 84:14 warning truthy value should be one of [false, true] (truthy) 101:16 warning truthy value should be one of [false, true] (truthy) 106:14 warning truthy value should be one of [false, true] (truthy) 110:13 warning truthy value should be one of [false, true] (truthy) test/salt/pillar/default.sls 1:1 warning missing document start "---" (document-start) 2:12 warning truthy value should be one of [false, true] (truthy) 9:14 warning truthy value should be one of [false, true] (truthy) 12:13 warning truthy value should be one of [false, true] (truthy) 15:13 warning truthy value should be one of [false, true] (truthy) 19:13 warning truthy value should be one of [false, true] (truthy) 25:14 warning truthy value should be one of [false, true] (truthy) 29:13 warning truthy value should be one of [false, true] (truthy) ```
5 年之前
Added support for comments in all forms and added in example.
7 年之前
Add support for allowing entire interface
9 年之前
Adds ability to limit or deny services and applications. The "limit" and "deny" parameters have been added to both the services and applications sections. Setting "limit: True" will use the "ufw limit" command instead of "ufw allow". Likewise, setting "deny: True" will use the "ufw deny" command.
6 年之前
feat(yamllint): include for this repo and apply rules throughout * Semi-automated using `ssf-formula` (v0.5.0) * Fix errors shown below: ```bash ufw-formula$ $(grep "\- yamllint" .travis.yml | sed -e "s:^\s\+-\s\(.*\):\1:") pillar.example 1:1 warning missing document start "---" (document-start) 3:12 warning truthy value should be one of [false, true] (truthy) 7:11 warning truthy value should be one of [false, true] (truthy) 12:22 warning truthy value should be one of [false, true] (truthy) 64:13 warning truthy value should be one of [false, true] (truthy) 69:13 warning truthy value should be one of [false, true] (truthy) 77:13 warning truthy value should be one of [false, true] (truthy) 84:14 warning truthy value should be one of [false, true] (truthy) 101:16 warning truthy value should be one of [false, true] (truthy) 106:14 warning truthy value should be one of [false, true] (truthy) 110:13 warning truthy value should be one of [false, true] (truthy) test/salt/pillar/default.sls 1:1 warning missing document start "---" (document-start) 2:12 warning truthy value should be one of [false, true] (truthy) 9:14 warning truthy value should be one of [false, true] (truthy) 12:13 warning truthy value should be one of [false, true] (truthy) 15:13 warning truthy value should be one of [false, true] (truthy) 19:13 warning truthy value should be one of [false, true] (truthy) 25:14 warning truthy value should be one of [false, true] (truthy) 29:13 warning truthy value should be one of [false, true] (truthy) ```
5 年之前
Adds ability to limit or deny services and applications. The "limit" and "deny" parameters have been added to both the services and applications sections. Setting "limit: True" will use the "ufw limit" command instead of "ufw allow". Likewise, setting "deny: True" will use the "ufw deny" command.
6 年之前
feat(yamllint): include for this repo and apply rules throughout * Semi-automated using `ssf-formula` (v0.5.0) * Fix errors shown below: ```bash ufw-formula$ $(grep "\- yamllint" .travis.yml | sed -e "s:^\s\+-\s\(.*\):\1:") pillar.example 1:1 warning missing document start "---" (document-start) 3:12 warning truthy value should be one of [false, true] (truthy) 7:11 warning truthy value should be one of [false, true] (truthy) 12:22 warning truthy value should be one of [false, true] (truthy) 64:13 warning truthy value should be one of [false, true] (truthy) 69:13 warning truthy value should be one of [false, true] (truthy) 77:13 warning truthy value should be one of [false, true] (truthy) 84:14 warning truthy value should be one of [false, true] (truthy) 101:16 warning truthy value should be one of [false, true] (truthy) 106:14 warning truthy value should be one of [false, true] (truthy) 110:13 warning truthy value should be one of [false, true] (truthy) test/salt/pillar/default.sls 1:1 warning missing document start "---" (document-start) 2:12 warning truthy value should be one of [false, true] (truthy) 9:14 warning truthy value should be one of [false, true] (truthy) 12:13 warning truthy value should be one of [false, true] (truthy) 15:13 warning truthy value should be one of [false, true] (truthy) 19:13 warning truthy value should be one of [false, true] (truthy) 25:14 warning truthy value should be one of [false, true] (truthy) 29:13 warning truthy value should be one of [false, true] (truthy) ```
5 年之前
Adds ability to limit or deny services and applications. The "limit" and "deny" parameters have been added to both the services and applications sections. Setting "limit: True" will use the "ufw limit" command instead of "ufw allow". Likewise, setting "deny: True" will use the "ufw deny" command.
6 年之前
Add support for allowing entire interface
9 年之前
Added support for comments in all forms and added in example.
7 年之前
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118 
  1. # -*- coding: utf-8 -*-

  2. # vim: ft=yaml

  3. ---

  4. ufw:

  5. 

  6.   enabled: true

  7. 

  8.   settings:

  9.     loglevel: low

  10.     ipv6: true

  11.     default_input_policy: 'DROP'

  12.     default_output_policy: 'ACCEPT'

  13.     default_forward_policy: 'DROP'

  14.     default_application_policy: 'SKIP'

  15.     manage_builtins: false

  16.     ipt_sysctl: '/etc/ufw/sysctl.conf'

  17.     ipt_modules:

  18.       - nf_conntrack_ftp

  19.       - nf_nat_ftp

  20.       - nf_conntrack_netbios_ns

  21. 

  22.   sysctl:

  23.     forwarding: 1

  24.     rp_filter: 1

  25.     accept_source_route: 0

  26.     accept_redirects: 0

  27.     icmp_echo_ignore_broadcasts: 1

  28.     icmp_ignore_bogus_error_responses: 1

  29.     icmp_echo_ignore_all: 0

  30.     log_martians: 0

  31.     tcp_syncookies: 0

  32.     tcp_sack: 1

  33.     ipv6_autoconf: 1

  34.     use_tempaddr: 1

  35. 

  36.   services:

  37. 

  38.     # Allow 80/tcp (http) traffic from only two remote addresses.

  39.     http:

  40.       protocol: tcp

  41.       from_addr:

  42.         - 10.0.2.15

  43.         - 10.0.2.16

  44.       comment: Upstream loadbalancers

  45. 

  46.     # Allow 443/tcp (https) traffic from network 10.0.0.0/8 to an specific local ip.

  47.     https:

  48.       protocol: tcp

  49.       from_addr:

  50.         - 10.0.0.0/8

  51.       to_addr: 10.0.2.1

  52.       comment: Intraweb portal

  53. 

  54.     # Allow from a service port.

  55.     smtp:

  56.       protocol: tcp

  57.       comment: Mail relay

  58. 

  59.     # Allow from a specific port, by number.

  60.     139:

  61.       protocol: tcp

  62.       comment: Netbios

  63. 

  64.     # Deny from a specific port, by number.

  65.     140:

  66.       protocol: tcp

  67.       deny: true

  68. 

  69.     # Deny everything from a specific ip address

  70.     '*':

  71.       protocol: tcp

  72.       deny: true

  73.       from_addr: 10.0.0.1

  74. 

  75.     # Deny everything from multiple ip addresses and avoid

  76.     # conflicts with already defined service '*'

  77.     '*/multiple':

  78.       to_port: '*'

  79.       protocol: tcp

  80.       deny: true

  81.       from_addr:

  82.         - 10.0.0.2

  83.         - 10.0.0.3

  84. 

  85.     # Limit a specific port, by number.

  86.     170:

  87.       limit: true

  88.       protocol: tcp

  89.       comment: Print service

  90. 

  91.     # Allow from a range of ports, udp.

  92.     "10000:20000":

  93.       protocol: udp

  94.       comment: We need ports, lots of ports

  95. 

  96.     # Allow from two specific ports, udp.

  97.     "30000,40000":

  98.       protocol: udp

  99.       comment: Game server and admin

  100. 

  101.   # Allow applications defined at /etc/ufw/applications.d/

  102.   applications:

  103.     OpenSSH:

  104.       enabled: true

  105.       comment: We are using fail2ban anyway

  106. 

  107.     # Limit access to salt master

  108.     Saltmaster:

  109.       limit: true

  110. 

  111.     # Deny access to Postgresql

  112.     Postgresql:

  113.       deny: true

  114. 

  115.   # Allow all traffic in on the specified interface

  116.   interfaces:

  117.     eth1:

  118.       comment: Honey pot