salt
/
iptables-formula
forked from ExternalMirrors/iptables-formula
Watch 1
Star 0
Fork 0
Code Releases 6 Activity
Browse Source

Refactor to allow both explicit position and append

tags/2016.12
Filip Pytloun 8 years ago
parent
bd5d136886
commit
cb65f8a096
2 changed files with 60 additions and 54 deletions
Split View Show Diff Stats
  1. +54
    -0
      iptables/_rule.sls
  2. +6
    -54
      iptables/rules.sls

+ 54
- 0
iptables/_rule.sls View File

@@ -0,0 +1,54 @@
iptables_{{ chain_name }}_{{ rule_name }}:
{%- if rule.position is defined %}
iptables.insert:
- position: {{ rule.position }}
{%- else %}
iptables.append:
{%- if loop.index != 1 %}
- require:
- iptables: iptables_{{ chain_name }}_{{ loop.index - 1 }}
{%- endif %}
{%- endif %}
- table: {{ rule.get('table', 'filter') }}
- chain: {{ chain_name }}
{%- if rule.jump is defined %}
- jump: {{ rule.jump }}
{%- endif %}
{%- if rule.match is defined %}
- match: {{ rule.match }}
{%- endif %}
{%- if rule.connection_state is defined %}
- connstate: {{ rule.connection_state }}
{%- endif %}
{%- if rule.protocol is defined %}
- proto: {{ rule.protocol }}
{%- endif %}
{%- if rule.destination_port is defined %}
- dport: {{ rule.destination_port }}
{%- endif %}
{%- if rule.source_port is defined %}
- sport: {{ rule.source_port }}
{%- endif %}
{%- if rule.in_interface is defined %}
- in-interface: {{ rule.in_interface }}
{%- endif %}
{%- if rule.out_interface is defined %}
- out-interface: {{ rule.out_interface }}
{%- endif %}
{%- if rule.to_destination is defined %}
- to-destination: {{ rule.to_destination }}
{%- endif %}
{%- if rule.to_source is defined %}
- to-source: {{ rule.to_source }}
{%- endif %}
{%- if rule.source_network is defined %}
- source: {{ rule.source_network }}
{%- endif %}
{%- if rule.destination_network is defined %}
- destination: {{ rule.destination_network }}
{%- endif %}
{%- if chain.policy is defined %}
- require_in:
- iptables: iptables_{{ chain_name }}_policy
{%- endif %}
- save: True

+ 6
- 54
iptables/rules.sls View File

@@ -10,61 +10,13 @@ iptables_{{ chain_name }}_policy:
- table: filter
{%- endif %}

{%- for rule_name, rule in chain.get('rule', {}).iteritems() %}

iptables_{{ chain_name }}_{{ rule_name }}:
{%- if rule.position is defined %}
iptables.insert:
- position: {{ rule.position }}
{%- else %}
iptables.append:
{%- endif %}
{%- if rule.table is defined %}
- table: {{ rule.table }}
{%- endif %}
- chain: {{ chain_name }}
{%- if rule.jump is defined %}
- jump: {{ rule.jump }}
{%- endif %}
{%- if rule.match is defined %}
- match: {{ rule.match }}
{%- endif %}
{%- if rule.connection_state is defined %}
- connstate: {{ rule.connection_state }}
{%- endif %}
{%- if rule.protocol is defined %}
- proto: {{ rule.protocol }}
{%- endif %}
{%- if rule.destination_port is defined %}
- dport: {{ rule.destination_port }}
{%- endif %}
{%- if rule.source_port is defined %}
- sport: {{ rule.source_port }}
{%- endif %}
{%- if rule.in_interface is defined %}
- in-interface: {{ rule.in_interface }}
{%- endif %}
{%- if rule.out_interface is defined %}
- out-interface: {{ rule.out_interface }}
{%- endif %}
{%- if rule.to_destination is defined %}
- to-destination: {{ rule.to_destination }}
{%- endif %}
{%- if rule.to_source is defined %}
- to-source: {{ rule.to_source }}
{%- endif %}
{%- if rule.source_network is defined %}
- source: {{ rule.source_network }}
{%- endif %}
{%- if rule.destination_network is defined %}
- destination: {{ rule.destination_network }}
{%- endif %}
{%- if chain.policy is defined %}
- require_in:
- iptables: iptables_{{ chain_name }}_policy:
{%- endif %}
- save: True
{%- for rule in chain.get('rules', []) %}
{%- set rule_name = loop.index %}
{% include "iptables/_rule.sls" %}
{%- endfor %}

{%- for rule_name, rule in chain.get('rule', {}).iteritems() %}
{% include "iptables/_rule.sls" %}
{%- endfor %}

{%- endfor %}

Write Preview
Loading…
Cancel
Save