Saltstack Official UFW Formula
Você não pode selecionar mais de 25 tópicos Os tópicos devem começar com uma letra ou um número, podem incluir traços ('-') e podem ter até 35 caracteres.

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354
  1. # -*- coding: utf-8 -*-
  2. # vim: ft=sls
  3. {#- Get the `tplroot` from `tpldir` #}
  4. {%- set tplroot = tpldir.split('/')[0] %}
  5. {%- set sls_package_install = tplroot ~ '.package.install' %}
  6. {%- set sls_enable_service = tplroot ~ '.service.enable' %}
  7. {%- set sls_reload_service = tplroot ~ '.service.reload' %}
  8. {%- from tplroot ~ "/map.jinja" import ufw with context %}
  9. {%- set enabled = ufw.get('enabled', False) %}
  10. include:
  11. - {{ sls_package_install }}
  12. - {{ sls_enable_service }}
  13. - {{ sls_reload_service }}
  14. # Applications
  15. {%- for app_name, app_details in ufw.get('applications', {}).items() %}
  16. {%- set from_addr_raw = app_details.get('from_addr', [None]) %}
  17. {%- set from_addrs = [from_addr_raw] if from_addr_raw is string else from_addr_raw %}
  18. {%- for from_addr in from_addrs %}
  19. {%- set deny = app_details.get('deny', None) %}
  20. {%- set limit = app_details.get('limit', None) %}
  21. {%- set method = 'deny' if deny else ('limit' if limit else 'allow') %}
  22. {%- set to_addr = app_details.get('to_addr', None) %}
  23. {%- set comment = app_details.get('comment', None) %}
  24. {%- if from_addr is not none %}
  25. ufw-app-{{ method }}-{{ app_name }}-{{ from_addr }}:
  26. {%- else %}
  27. ufw-app-{{ method }}-{{ app_name }}:
  28. {%- endif %}
  29. ufw.{{ method }}:
  30. - app: '"{{ app_name }}"'
  31. {%- if from_addr is not none %}
  32. - from_addr: {{ from_addr }}
  33. {%- endif %}
  34. {%- if to_addr is not none %}
  35. - to_addr: {{ to_addr }}
  36. {%- endif %}
  37. # Debian Jessie doesn't implement the **comment** directive
  38. # CentOS-6 throws an UTF-8 error
  39. {%- if comment is not none and salt['grains.get']('osfinger') != 'Debian-8' and salt['grains.get']('osfinger') != 'CentOS-6' %}
  40. - comment: '"{{ comment }}"'
  41. {%- endif %}
  42. {%- if enabled %}
  43. - listen_in:
  44. - cmd: reload-ufw
  45. {%- endif %}
  46. {%- endfor %}
  47. {%- endfor %}