salt
/
iptables-formula
forked from ExternalMirrors/iptables-formula
Watch 1
Star 0
Fork 0
Code Releases 6 Activity
Saltstack Official IPTables Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
18 Commits
2 Branches
Tree: 23030090ac
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '23030090ac'
${ noResults }
iptables-formula/README.rst

README.rst 2.2KB
Raw Normal View History

Initial commit
9 years ago
Fix documentation, remove obsolete
8 years ago
Initial commit
9 years ago
Fix documentation, remove obsolete
8 years ago
Initial commit
9 years ago
Fix documentation, remove obsolete
8 years ago
Initial commit
9 years ago
Fix documentation, remove obsolete
8 years ago
Initial commit
9 years ago
Fix documentation, remove obsolete
8 years ago
Initial commit
9 years ago
Fix documentation, remove obsolete
8 years ago
Initial commit
9 years ago
Fix documentation, remove obsolete
8 years ago
Initial commit
9 years ago
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596 
  1. 

  2. ================

  3. iptables formula

  4. ================

  5. 

  6. Iptables is used to set up, maintain, and inspect the tables of IPv4 packet

  7. filter rules in the Linux kernel. Several different tables may be defined.

  8. Each table contains a number of built-in chains and may also contain

  9. user-defined chains.  Each chain is a list of rules which can match a set of

  10. packets. Each rule specifies what to do with a packet that matches. This is

  11. called a `target`, which may be a jump to a user-defined chain in the same

  12. table.

  13. 

  14. Sample pillars

  15. ==============

  16. 

  17. Most common rules - allow traffic on localhost, accept related,established and

  18. ping

  19. 

  20. .. code-block:: yaml

  21. 

  22.     parametetrs:

  23.       iptables:

  24.         service:

  25.           chain:

  26.             INPUT:

  27.               rules:

  28.                 - in_interface: lo

  29.                   jump: ACCEPT

  30.                 - connection_state: RELATED,ESTABLISHED

  31.                   match: state

  32.                   jump: ACCEPT

  33.                 - protocol: icmp

  34.                   jump: ACCEPT

  35. 

  36. Accept connections on port 22

  37. 

  38. .. code-block:: yaml

  39. 

  40.     parametetrs:

  41.       iptables:

  42.         service:

  43.           chain:

  44.             INPUT:

  45.               rules:

  46.                 - destination_port: 22

  47.                   protocol: tcp

  48.                   jump: ACCEPT

  49. 

  50. Set drop policy on INPUT chain:

  51. 

  52. .. code-block:: yaml

  53. 

  54.     parametetrs:

  55.       iptables:

  56.         service:

  57.           chain:

  58.             INPUT:

  59.               policy: DROP

  60. 

  61. Redirect privileged port 443 to 8081

  62. 

  63. .. code-block:: yaml

  64. 

  65.     parameters:

  66.       iptables:

  67.         service:

  68.           chain:

  69.             PREROUTING:

  70.               filter: nat

  71.               destination_port: 443

  72.               to_port: 8081

  73.               protocol: tcp

  74.               jump: REDIRECT

  75. 

  76. Allow access from local network

  77. 

  78. .. code-block:: yaml

  79. 

  80.     parameters:

  81.       iptables:

  82.         service:

  83.           chain:

  84.             INPUT:

  85.               rules:

  86.                 - protocol: tcp

  87.                   destination_port: 22

  88.                   source_network: 192.168.1.0/24

  89.                   jump: ACCEPT

  90. 

  91. Read more

  92. =========

  93. 

  94. * http://docs.saltstack.com/en/latest/ref/states/all/salt.states.iptables.html

  95. * https://help.ubuntu.com/community/IptablesHowTo

  96. * http://wiki.centos.org/HowTos/Network/IPTables