Filip Pytloun
před 7 roky
2 změnil soubory, kde provedl 39 přidání a 0 odebrání
+ 24
- 0
README.rst
Zobrazit soubor
| @@ -90,6 +90,30 @@ Allow access from local network | |||
| jump: ACCEPT | |||
| comment: Blah | |||
| Support logging with custom prefix and log level | |||
| .. code-block:: yaml | |||
| parameters: | |||
| iptables: | |||
| service: | |||
| chain: | |||
| POSTROUTING: | |||
| rules: | |||
| - table: nat | |||
| protocol: tcp | |||
| match: multiport | |||
| destination_ports: | |||
| - 21 | |||
| - 80 | |||
| - 443 | |||
| - 2220 | |||
| source_network: '10.20.30.0/24' | |||
| log_level: 7 | |||
| log_prefix: 'iptables-logging: ' | |||
| jump: LOG | |||
| IPv6 is supported as well | |||
| .. code-block:: yaml | |||
+ 15
- 0
iptables/_rule.sls
Zobrazit soubor
| @@ -32,6 +32,12 @@ iptables_{{ chain_name }}_{{ rule_name }}: | |||
| {%- if rule.destination_port is defined %} | |||
| - dport: {{ rule.destination_port }} | |||
| {%- endif %} | |||
| {%- if rule.destination_ports is defined %} | |||
| - dports: | |||
| {%- for port in rule.destination_ports %} | |||
| - {{ port }} | |||
| {% endfor %} | |||
| {%- endif %} | |||
| {%- if rule.source_port is defined %} | |||
| - sport: {{ rule.source_port }} | |||
| {%- endif %} | |||
| @@ -56,6 +62,15 @@ iptables_{{ chain_name }}_{{ rule_name }}: | |||
| {%- if rule.destination_network is defined %} | |||
| - destination: {{ rule.destination_network }} | |||
| {%- endif %} | |||
| {%- if rule.log_prefix is defined %} | |||
| - log-prefix: '{{ rule.log_prefix }}' | |||
| {%- endif %} | |||
| {%- if rule.log_level is defined %} | |||
| - log-level: {{ rule.log_level }} | |||
| {%- endif %} | |||
| {%- if rule.limit is defined %} | |||
| - limit: '{{ rule.limit }}' | |||
| {%- endif %} | |||
| {%- if chain.policy is defined %} | |||
| - require_in: | |||
| - iptables: iptables_{{ chain_name }}_policy | |||
Načítá se…