Saltstack Official UFW Formula

Mike Campbell e3cace7a49 Return host if it's an ip ..		8 年前
_modules	import re, don't pass through None protocol & fix completely broken ip regex	8 年前
_states	Return host if it's an ip ..	8 年前
ufw	import re, don't pass through None protocol & fix completely broken ip regex	8 年前
LICENSE	Initial commit	10 年前
README.md	Formula initial version	10 年前
pillar.example	Add support for allowing entire interface	9 年前

ufw-formula

This module manages your firewall using ufw with pillar configured rules.

Usage

All the configuration for the firewall is done via pillar (pillar.example).

Enable firewall, applying default configuration:

ufw:
  enabled: True

Allow 80/tcp (http) traffic from only two remote addresses:

ufw:
  services:
    http:
      protocol: tcp
      from_addr:
        - 10.0.2.15
        - 10.0.2.16

Allow 443/tcp (https) traffic from network 10.0.0.0/8 to an specific local ip:

ufw:
  services:
    https:
      protocol: tcp
      from_addr:
        - 10.0.0.0/8
      to_addr: 10.0.2.1

Allow from a service port:

ufw:
  services:
    smtp:
      protocol: tcp

Allow from an specific port, by number:

ufw:
  services:
    139:
      protocol: tcp

Allow from a range of ports, udp:

ufw:
  services:
    "10000:20000":
      protocol: udp

Allow from two specific ports, udp:

ufw:
  services:
    "30000,40000":
      protocol: udp

Allow an application defined at /etc/ufw/applications.d/:

ufw:
  applications:
    - OpenSSH

Original state and module based on the work from Yigal Duppen.

Salt formula developed by Mario del Pozo.