Saltstack Official FirewallD Formula
Du kan inte välja fler än 25 ämnen Ämnen måste starta med en bokstav eller siffra, kan innehålla bindestreck ('-') och vara max 35 tecken långa.

pillar.example.sls 2.2KB

10 år sedan
10 år sedan
10 år sedan
10 år sedan
10 år sedan
10 år sedan
10 år sedan
10 år sedan
10 år sedan
12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091
  1. # FirewallD pillar examples:
  2. firewalld:
  3. enabled: True
  4. ipset: True
  5. default_zone: public
  6. services:
  7. sshcustom:
  8. short: sshcustom
  9. description: SSH on port 3232 and 5252. Secure Shell (SSH) is a protocol for logging into and executing commands on remote machines. It provides secure encrypted communications. If you plan on accessing your machine remotely via SSH over a firewalled interface, enable this option. You need the openssh-server package installed for this option to be useful.
  10. ports:
  11. tcp:
  12. - 3232
  13. - 5252
  14. modules:
  15. - some_module_to_load
  16. destinations:
  17. ipv4:
  18. - 224.0.0.251
  19. - 224.0.0.252
  20. ipv6:
  21. - ff02::fb
  22. - ff02::fc
  23. zabbixcustom:
  24. short: Zabbixcustom
  25. description: "zabbix custom rule"
  26. ports:
  27. tcp:
  28. - "10051"
  29. salt-minion:
  30. short: salt-minion
  31. description: "salt-minion"
  32. ports:
  33. tcp:
  34. - "8000"
  35. ipsets:
  36. fail2ban-ssh:
  37. short: fail2ban-ssh
  38. description: fail2ban-ssh ipset
  39. type: 'hash:ip'
  40. options:
  41. maxelem:
  42. - 65536
  43. timeout:
  44. - 300
  45. hashsize:
  46. - 1024
  47. entries:
  48. - 10.0.0.1
  49. zones:
  50. public:
  51. short: Public
  52. description: "For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted."
  53. services:
  54. - http
  55. - zabbixcustom
  56. - https
  57. - ssh
  58. - salt-minion
  59. rich_rules:
  60. - family: ipv4
  61. source:
  62. address: 8.8.8.8/24
  63. accept: true
  64. - family: ipv4
  65. ipset:
  66. name: fail2ban-ssh
  67. reject:
  68. type: icmp-port-unreachable
  69. ports:
  70. {% if grains['id'] == 'salt.example.com' %}
  71. - comment: salt-master
  72. port: 4505
  73. protocol: tcp
  74. - comment: salt-python
  75. port: 4506
  76. protocol: tcp
  77. {% endif %}
  78. - comment: zabbix-agent
  79. port: 10050
  80. protocol: tcp
  81. - comment: bacula-client
  82. port: 9102
  83. protocol: tcp
  84. - comment: vsftpd
  85. port: 21
  86. protocol: tcp