ExternalMirrors
/
ufw-formula
mirror of https://github.com/saltstack-formulas/ufw-formula
Watch 1
Star 0
Fork 1
Code Issues 0 Releases 12 Wiki Activity
Saltstack Official UFW Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
20 Commits
1 Branch
Tree: c60bc71357
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'c60bc71357'
${ noResults }
ufw-formula/ufw/templates/default.jinja

57 lines
2.6KB
Raw Blame History 

  1. {% set ufw_cfg = pillar.get('ufw', {}) -%}

  2. {% set settings_cfg = ufw_cfg.get('settings', {}) -%}

  3. {% set ipv6 = "yes" if settings_cfg.get('ipv6', True) else "no" -%}

  4. {% set default_input_policy = settings_cfg.get('default_input_policy', 'DROP') -%}

  5. {% set default_output_policy = settings_cfg.get('default_output_policy', 'ACCEPT') -%}

  6. {% set default_forward_policy = settings_cfg.get('default_forward_policy', 'DROP') -%}

  7. {% set default_application_policy = settings_cfg.get('default_application_policy', 'SKIP') -%}

  8. {% set manage_builtins = "yes" if settings_cfg.get('manage_builtins', False) else "no" -%}

  9. {% set ipt_sysctl = settings_cfg.get('ipt_sysctl', '/etc/ufw/sysctl.conf') -%}

  10. {% set ipt_modules = settings_cfg.get('ipt_modules', ['nf_conntrack_ftp', 'nf_nat_ftp', 'nf_conntrack_netbios_ns'])|join(" ") -%}

  11. 

  12. # /etc/default/ufw

  13. #

  14. # File managed by Salt. Do not edit manually.

  15. 

  16. # Set to yes to apply rules to support IPv6 (no means only IPv6 on loopback

  17. # accepted). You will need to 'disable' and then 'enable' the firewall for

  18. # the changes to take affect.

  19. IPV6={{ ipv6 }}

  20. 

  21. # Set the default input policy to ACCEPT, DROP, or REJECT. Please note that if

  22. # you change this you will most likely want to adjust your rules.

  23. DEFAULT_INPUT_POLICY="{{ default_input_policy }}"

  24. 

  25. # Set the default output policy to ACCEPT, DROP, or REJECT. Please note that if

  26. # you change this you will most likely want to adjust your rules.

  27. DEFAULT_OUTPUT_POLICY="{{ default_output_policy }}"

  28. 

  29. # Set the default forward policy to ACCEPT, DROP or REJECT.  Please note that

  30. # if you change this you will most likely want to adjust your rules

  31. DEFAULT_FORWARD_POLICY="{{ default_forward_policy }}"

  32. 

  33. # Set the default application policy to ACCEPT, DROP, REJECT or SKIP. Please

  34. # note that setting this to ACCEPT may be a security risk. See 'man ufw' for

  35. # details

  36. DEFAULT_APPLICATION_POLICY="{{ default_application_policy }}"

  37. 

  38. # By default, ufw only touches its own chains. Set this to 'yes' to have ufw

  39. # manage the built-in chains too. Warning: setting this to 'yes' will break

  40. # non-ufw managed firewall rules

  41. MANAGE_BUILTINS={{ manage_builtins }}

  42. 

  43. #

  44. # IPT backend

  45. #

  46. # only enable if using iptables backend

  47. IPT_SYSCTL={{ ipt_sysctl }}

  48. 

  49. # Extra connection tracking modules to load. Complete list can be found in

  50. # net/netfilter/Kconfig of your kernel source. Some common modules:

  51. # nf_conntrack_irc, nf_nat_irc: DCC (Direct Client to Client) support

  52. # nf_conntrack_netbios_ns: NetBIOS (samba) client support

  53. # nf_conntrack_pptp, nf_nat_pptp: PPTP over stateful firewall/NAT

  54. # nf_conntrack_ftp, nf_nat_ftp: active FTP support

  55. # nf_conntrack_tftp, nf_nat_tftp: TFTP support (server side)

  56. IPT_MODULES="{{ ipt_modules }}"