浏览代码
feat: add an alternative way to define the sysctl for UFW
Instead of having a hard coded list and have to figure what is what, instead allow pretty any sysctl to be defined and hence match people have in theirs. This allows to match more closely what is already in an existing configuration and ensure that the transition is smooth.pull/29/head
Matthieu Patou
2 年前
+ 4
- 0
pillar.example
查看文件
| @@ -20,6 +20,10 @@ ufw: | |||
| - nf_conntrack_netbios_ns | |||
| sysctl: | |||
| sysctls: | |||
| net/ipv4/ip_forward: 1 | |||
| net/ipv6/conf/default/forwarding: 1 | |||
| net/ipv6/conf/all/forwarding: 1 | |||
| forwarding: 1 | |||
| rp_filter: 1 | |||
| accept_source_route: 0 | |||
+ 7
- 0
ufw/files/default/ufw.sysctl.tmpl.jinja
查看文件
| @@ -2,6 +2,7 @@ | |||
| # File managed by Salt at <{{ source }}>. | |||
| # Your changes will be overwritten. | |||
| ######################################################################## | |||
| {%- set sysctls = ufw_sysctl.get('sysctls') %} | |||
| {%- set forwarding = ufw_sysctl.get('forwarding', 0) %} | |||
| {%- set rp_filter = ufw_sysctl.get('rp_filter', 1) %} | |||
| {%- set accept_source_route = ufw_sysctl.get('accept_source_route', 0) %} | |||
| @@ -18,6 +19,11 @@ | |||
| # Configuration file for setting network variables. Please note these settings | |||
| # override /etc/sysctl.conf. If you prefer to use /etc/sysctl.conf, please | |||
| # adjust IPT_SYSCTL in /etc/default/ufw. | |||
| {%- if sysctls is not none %} | |||
| {%- for sysctl, value in sysctls.items() %} | |||
| {{ sysctl }}={{ value }} | |||
| {%- endfor %} | |||
| {%- else %} | |||
| # Uncomment this to allow this host to route packets between interfaces | |||
| net/ipv4/ip_forward={{ forwarding }} | |||
| @@ -70,3 +76,4 @@ net/ipv6/conf/all/autoconf={{ ipv6_autoconf }} | |||
| # Uncomment this to enable ipv6 privacy addressing | |||
| net/ipv6/conf/default/use_tempaddr={{ use_tempaddr }} | |||
| net/ipv6/conf/all/use_tempaddr={{ use_tempaddr }} | |||
| {% endif %} | |||
正在加载...