Saltstack Official IPTables Formula
Вы не можете выбрать более 25 тем Темы должны начинаться с буквы или цифры, могут содержать дефисы(-) и должны содержать не более 35 символов.

64 lines
1.2KB

  1. {% from "iptables/map.jinja" import service with context %}
  2. {%- if service.enabled %}
  3. include:
  4. - iptables.rules
  5. iptables_packages:
  6. pkg.installed:
  7. - names: {{ service.pkgs }}
  8. iptables_services:
  9. {%- if grains.init == 'systemd' %}
  10. service.running:
  11. {%- else %}
  12. service.dead:
  13. {%- endif %}
  14. - enable: true
  15. - name: {{ service.service }}
  16. - sig: test -e /etc/iptables/rules.v4
  17. - require:
  18. - pkg: iptables_packages
  19. {%- else %}
  20. iptables_services:
  21. service.dead:
  22. - enable: false
  23. - name: {{ service.service }}
  24. {%- for chain_name in ['INPUT', 'OUTPUT', 'FORWARD'] %}
  25. iptables_{{ chain_name }}_policy:
  26. iptables.set_policy:
  27. - chain: {{ chain_name }}
  28. - policy: ACCEPT
  29. - table: filter
  30. - require_in:
  31. - iptables: iptables_flush
  32. {%- if grains.ipv6|default(False) and service.ipv6|default(True) %}
  33. iptables_{{ chain_name }}_ipv6_policy:
  34. iptables.set_policy:
  35. - chain: {{ chain_name }}
  36. - family: ipv6
  37. - policy: ACCEPT
  38. - table: filter
  39. - require_in:
  40. - iptables: ip6tables_flush
  41. {%- endif %}
  42. {%- endfor %}
  43. iptables_flush:
  44. iptables.flush
  45. {%- if grains.ipv6|default(False) and service.ipv6|default(True) %}
  46. ip6tables_flush:
  47. iptables.flush:
  48. - family: ipv6
  49. {%- endif %}
  50. {%- endif %}