Browse Source

Add support for allowing entire interface

tags/v0.2.0
Ben McClure 10 years ago
parent
commit
28cfbea66b
3 changed files with 22 additions and 3 deletions
  1. +7
    -3
      _states/ufw.py
  2. +4
    -0
      pillar.example
  3. +11
    -0
      ufw/init.sls

+ 7
- 3
_states/ufw.py View File

return socket.gethostbyname(host) return socket.gethostbyname(host)




def _as_rule(method, app, protocol, from_addr, from_port, to_addr, to_port):
def _as_rule(method, app, interface, protocol, from_addr, from_port, to_addr, to_port):
cmd = [method] cmd = [method]
if app is not None: if app is not None:
cmd.append(app) cmd.append(app)
elif interface is not None:
cmd.append("in")
cmd.append("on")
cmd.append(interface)
else: else:
if protocol is not None: if protocol is not None:
cmd.append("proto") cmd.append("proto")
return _changed(name, "UFW is enabled", enabled=True) return _changed(name, "UFW is enabled", enabled=True)




def allowed(name, app=None, protocol=None,
def allowed(name, app=None, interface=None, protocol=None,
from_addr=None, from_port=None, to_addr=None, to_port=None): from_addr=None, from_port=None, to_addr=None, to_port=None):


rule = _as_rule("allow", app=app, protocol=protocol,
rule = _as_rule("allow", app=app, interface=None, protocol=protocol,
from_addr=from_addr, from_port=from_port, to_addr=to_addr, to_port=to_port) from_addr=from_addr, from_port=from_port, to_addr=to_addr, to_port=to_port)


if __opts__['test']: if __opts__['test']:

+ 4
- 0
pillar.example View File

# Allow an application defined at /etc/ufw/applications.d/ # Allow an application defined at /etc/ufw/applications.d/
applications: applications:
- OpenSSH - OpenSSH

# Allow all traffic in on the specified interface
interfaces:
- eth1

+ 11
- 0
ufw/init.sls View File

- pkg: ufw - pkg: ufw


{%- endfor %} {%- endfor %}
# Interfaces
{%- for interface in ufw.get('interfaces', []) %}

ufw-interface-{{interface}}:
ufw.allowed:
- interface: {{interface}}
- require:
- pkg: ufw

{%- endfor %}


{% else %} {% else %}
#ufw: #ufw:

Loading…
Cancel
Save