Saltstack Official IPTables Formula
Du kannst nicht mehr als 25 Themen auswählen Themen müssen entweder mit einem Buchstaben oder einer Ziffer beginnen. Sie können Bindestriche („-“) enthalten und bis zu 35 Zeichen lang sein.

95 Zeilen
2.9KB

  1. {%- set table = rule.get('table', 'filter') %}
  2. iptables_{{ table }}_{{ chain_name }}_{{ rule_name }}:
  3. {%- if rule.position is defined %}
  4. iptables.insert:
  5. - position: {{ rule.position }}
  6. {%- else %}
  7. iptables.append:
  8. - require:
  9. {%- if loop.index != 1 %}
  10. - iptables: iptables_{{ table }}_{{ chain_name }}_{% if service_name is defined %}{{ service_name }}_{% endif %}{{ loop.index - 1 }}
  11. {%- else %}
  12. {%- for chain in chains %}
  13. - iptables: iptables_{{ table }}_{{ chain }}
  14. {%- endfor %}
  15. {%- endif %}
  16. {%- endif %}
  17. - table: {{ table }}
  18. - chain: {{ chain_name }}
  19. {%- if rule.family is defined %}
  20. - family: {{ rule.family }}
  21. {%- endif %}
  22. {%- if rule.jump is defined %}
  23. - jump: {{ rule.jump }}
  24. {%- endif %}
  25. {%- if rule.match is defined %}
  26. - match: {{ rule.match }}
  27. {%- endif %}
  28. {%- if rule.comment is defined %}
  29. - comment: {{ rule.comment }}
  30. {%- endif %}
  31. {%- if rule.connection_state is defined %}
  32. - connstate: {{ rule.connection_state }}
  33. {%- endif %}
  34. {%- if rule.protocol is defined %}
  35. - proto: {{ rule.protocol }}
  36. {%- endif %}
  37. {%- if rule.destination_port is defined %}
  38. - dport: {{ rule.destination_port }}
  39. {%- endif %}
  40. {%- if rule.destination_ports is defined %}
  41. - dports:
  42. {%- for port in rule.destination_ports %}
  43. - {{ port }}
  44. {% endfor %}
  45. {%- endif %}
  46. {%- if rule.source_port is defined %}
  47. - sport: {{ rule.source_port }}
  48. {%- endif %}
  49. {%- if rule.in_interface is defined %}
  50. - in-interface: {{ rule.in_interface }}
  51. {%- endif %}
  52. {%- if rule.out_interface is defined %}
  53. - out-interface: {{ rule.out_interface }}
  54. {%- endif %}
  55. {%- if rule.to_destination is defined %}
  56. - to-destination: {{ rule.to_destination }}
  57. {%- endif %}
  58. {%- if rule.to_port is defined %}
  59. - to-port: {{ rule.to_port }}
  60. {%- endif %}
  61. {%- if rule.to_source is defined %}
  62. - to-source: {{ rule.to_source }}
  63. {%- endif %}
  64. {%- if rule.source_network is defined %}
  65. - source: {{ rule.source_network }}
  66. {%- endif %}
  67. {%- if rule.destination_network is defined %}
  68. - destination: {{ rule.destination_network }}
  69. {%- endif %}
  70. {%- if rule.log_prefix is defined %}
  71. - log-prefix: '{{ rule.log_prefix }}'
  72. {%- endif %}
  73. {%- if rule.log_level is defined %}
  74. - log-level: {{ rule.log_level }}
  75. {%- endif %}
  76. {%- if rule.limit is defined %}
  77. - limit: '{{ rule.limit }}'
  78. {%- endif %}
  79. {%- if chain.policy is defined %}
  80. {%- if chain.policy is string %}
  81. - require_in:
  82. - iptables: iptables_filter_{{ chain_name }}_policy
  83. {%- else %}
  84. {%- if table in chain.policy %}
  85. - require_in:
  86. - iptables: iptables_{{ table }}_{{ chain_name }}_policy
  87. {%- endif %}
  88. {%- endif %}
  89. {%- endif %}
  90. {%- if grains.get('virtual_subtype', None) not in ['Docker', 'LXC'] %}
  91. - require:
  92. - iptables: iptables_{{ table}}_{{ chain_name }}{% if rule.family is defined %}_{{ rule.family }}{% endif %}
  93. {%- endif %}
  94. - save: True