================ iptables formula ================ Iptables is used to set up, maintain, and inspect the tables of IPv4 packet filter rules in the Linux kernel. Several different tables may be defined. Each table contains a number of built-in chains and may also contain user-defined chains. Each chain is a list of rules which can match a set of packets. Each rule specifies what to do with a packet that matches. This is called a `target`, which may be a jump to a user-defined chain in the same table. Sample pillars ============== Most common rules - allow traffic on localhost, accept related,established and ping .. code-block:: yaml parametetrs: iptables: service: chain: INPUT: rules: - in_interface: lo jump: ACCEPT - connection_state: RELATED,ESTABLISHED match: state jump: ACCEPT - protocol: icmp jump: ACCEPT Accept connections on port 22 .. code-block:: yaml parametetrs: iptables: service: chain: INPUT: rules: - destination_port: 22 protocol: tcp jump: ACCEPT Set drop policy on INPUT chain: .. code-block:: yaml parametetrs: iptables: service: chain: INPUT: policy: DROP Redirect privileged port 443 to 8081 .. code-block:: yaml parameters: iptables: service: chain: PREROUTING: filter: nat destination_port: 443 to_port: 8081 protocol: tcp jump: REDIRECT Allow access from local network .. code-block:: yaml parameters: iptables: service: chain: INPUT: rules: - protocol: tcp destination_port: 22 source_network: 192.168.1.0/24 jump: ACCEPT Read more ========= * http://docs.saltstack.com/en/latest/ref/states/all/salt.states.iptables.html * https://help.ubuntu.com/community/IptablesHowTo * http://wiki.centos.org/HowTos/Network/IPTables