Saltstack Official UFW Formula

Rob Ruana 62fbb150de Inserts deny rules first, to ensure they take precedence		6 年之前
_modules	Handle test mode when enabling ufw	6 年之前
_states	Inserts deny rules first, to ensure they take precedence	6 年之前
test/integration/ufw	Adds ability to limit or deny services and applications.	6 年之前
ufw	Adds ability to limit or deny services and applications.	6 年之前
.gitignore	Add kitchen tests	6 年之前
.kitchen.yml	Adds ability to limit or deny services and applications.	6 年之前
.travis.yml	Add travis config	6 年之前
Gemfile	Add kitchen tests	6 年之前
LICENSE	Initial commit	10 年之前
README.md	Add badge	6 年之前
pillar.example	Adds ability to limit or deny services and applications.	6 年之前

Ufw Salt Formula

This module manages your firewall using ufw with pillar configured rules.

Usage

All the configuration for the firewall is done via pillar (pillar.example).

Enable firewall, applying default configuration:

ufw:
  enabled: True

Allow 80/tcp (http) traffic from only two remote addresses:

ufw:
  services:
    http:
      protocol: tcp
      from_addr:
        - 10.0.2.15
        - 10.0.2.16

Allow 443/tcp (https) traffic from network 10.0.0.0/8 to an specific local ip:

ufw:
  services:
    https:
      protocol: tcp
      from_addr:
        - 10.0.0.0/8
      to_addr: 10.0.2.1

Allow from a service port:

ufw:
  services:
    smtp:
      protocol: tcp

Allow from an specific port, by number:

ufw:
  services:
    139:
      protocol: tcp

Allow from a range of ports, udp:

ufw:
  services:
    "10000:20000":
      protocol: udp

Allow from two specific ports, udp:

ufw:
  services:
    "30000,40000":
      protocol: udp

Allow an application defined at /etc/ufw/applications.d/:

ufw:
  applications:
    - OpenSSH

This formula is tested with Kitchen and Inspec in a Docker container.

To run tests you need to

Original state and module based on the work from Yigal Duppen.

Salt formula originally developed by Mario del Pozo.