Saltstack Official IPTables Formula
Vous ne pouvez pas sélectionner plus de 25 sujets Les noms de sujets doivent commencer par une lettre ou un nombre, peuvent contenir des tirets ('-') et peuvent comporter jusqu'à 35 caractères.

README.rst 4.2KB

il y a 9 ans
il y a 9 ans
il y a 9 ans
il y a 9 ans
il y a 9 ans
il y a 9 ans
il y a 9 ans
il y a 9 ans
il y a 9 ans
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173
  1. ================
  2. iptables formula
  3. ================
  4. Iptables is used to set up, maintain, and inspect the tables of IPv4 packet
  5. filter rules in the Linux kernel. Several different tables may be defined.
  6. Each table contains a number of built-in chains and may also contain
  7. user-defined chains. Each chain is a list of rules which can match a set of
  8. packets. Each rule specifies what to do with a packet that matches. This is
  9. called a `target`, which may be a jump to a user-defined chain in the same
  10. table.
  11. Sample pillars
  12. ==============
  13. Most common rules - allow traffic on localhost, accept related,established and
  14. ping
  15. .. code-block:: yaml
  16. parameters:
  17. iptables:
  18. service:
  19. enabled: True
  20. chain:
  21. INPUT:
  22. rules:
  23. - in_interface: lo
  24. jump: ACCEPT
  25. - connection_state: RELATED,ESTABLISHED
  26. match: state
  27. jump: ACCEPT
  28. - protocol: icmp
  29. jump: ACCEPT
  30. Accept connections on port 22
  31. .. code-block:: yaml
  32. parameters:
  33. iptables:
  34. service:
  35. chain:
  36. INPUT:
  37. rules:
  38. - destination_port: 22
  39. protocol: tcp
  40. jump: ACCEPT
  41. Set drop policy on INPUT chain:
  42. .. code-block:: yaml
  43. parameters:
  44. iptables:
  45. service:
  46. chain:
  47. INPUT:
  48. policy: DROP
  49. Redirect privileged port 443 to 8081
  50. .. code-block:: yaml
  51. parameters:
  52. iptables:
  53. service:
  54. chain:
  55. PREROUTING:
  56. filter: nat
  57. destination_port: 443
  58. to_port: 8081
  59. protocol: tcp
  60. jump: REDIRECT
  61. Allow access from local network
  62. .. code-block:: yaml
  63. parameters:
  64. iptables:
  65. service:
  66. chain:
  67. INPUT:
  68. rules:
  69. - protocol: tcp
  70. destination_port: 22
  71. source_network: 192.168.1.0/24
  72. jump: ACCEPT
  73. comment: Blah
  74. Support logging with custom prefix and log level
  75. .. code-block:: yaml
  76. parameters:
  77. iptables:
  78. service:
  79. chain:
  80. POSTROUTING:
  81. rules:
  82. - table: nat
  83. protocol: tcp
  84. match: multiport
  85. destination_ports:
  86. - 21
  87. - 80
  88. - 443
  89. - 2220
  90. source_network: '10.20.30.0/24'
  91. log_level: 7
  92. log_prefix: 'iptables-logging: '
  93. jump: LOG
  94. IPv6 is supported as well
  95. .. code-block:: yaml
  96. parameters:
  97. iptables:
  98. service:
  99. enabled: True
  100. ipv6: True
  101. chain:
  102. INPUT:
  103. rules:
  104. - protocol: tcp
  105. family: ipv6
  106. destination_port: 22
  107. source_network: 2001:DB8::/32
  108. jump: ACCEPT
  109. Read more
  110. =========
  111. * http://docs.saltstack.com/en/latest/ref/states/all/salt.states.iptables.html
  112. * https://help.ubuntu.com/community/IptablesHowTo
  113. * http://wiki.centos.org/HowTos/Network/IPTables
  114. Documentation and Bugs
  115. ======================
  116. To learn how to install and update salt-formulas, consult the documentation
  117. available online at:
  118. http://salt-formulas.readthedocs.io/
  119. In the unfortunate event that bugs are discovered, they should be reported to
  120. the appropriate issue tracker. Use Github issue tracker for specific salt
  121. formula:
  122. https://github.com/salt-formulas/salt-formula-iptables/issues
  123. For feature requests, bug reports or blueprints affecting entire ecosystem,
  124. use Launchpad salt-formulas project:
  125. https://launchpad.net/salt-formulas
  126. You can also join salt-formulas-users team and subscribe to mailing list:
  127. https://launchpad.net/~salt-formulas-users
  128. Developers wishing to work on the salt-formulas projects should always base
  129. their work on master branch and submit pull request against specific formula.
  130. https://github.com/salt-formulas/salt-formula-iptables
  131. Any questions or feedback is always welcome so feel free to join our IRC
  132. channel:
  133. #salt-formulas @ irc.freenode.net