Saltstack Official UFW Formula

пре 10 година
пре 10 година
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869
  1. # UFW management module
  2. {%- set ufw = pillar.get('ufw', {}) %}
  3. {%- if ufw.get('enabled', False) %}
  4. ufw:
  5. pkg:
  6. - installed
  7. service.running:
  8. - enable: True
  9. ufw:
  10. - enabled
  11. - require:
  12. - pkg: ufw
  13. {%- for service_name, service_details in ufw.get('services', {}).items() %}
  14. {%- for from_addr in service_details.get('from_addr', [None]) %}
  15. {%- set protocol = service_details.get('protocol', None) %}
  16. {%- set from_port = service_details.get('from_port', None) %}
  17. {%- set to_addr = service_details.get('to_addr', None) %}
  18. ufw-svc-{{service_name}}-{{from_addr}}:
  19. ufw.allowed:
  20. - protocol: {{protocol}}
  21. {%- if from_addr != None %}
  22. - from_addr: {{from_addr}}
  23. {%- endif %}
  24. {%- if from_port != None %}
  25. - from_port: "{{from_port}}"
  26. {%- endif %}
  27. {%- if to_addr != None %}
  28. - to_addr: {{to_addr}}
  29. {%- endif %}
  30. - to_port: "{{service_name}}"
  31. - require:
  32. - pkg: ufw
  33. {%- endfor %}
  34. {%- endfor %}
  35. # Applications
  36. {%- for app_name in ufw.get('applications', []) %}
  37. ufw-app-{{app_name}}:
  38. ufw.allowed:
  39. - app: {{app_name}}
  40. - require:
  41. - pkg: ufw
  42. {%- endfor %}
  43. # Interfaces
  44. {%- for interface in ufw.get('interfaces', []) %}
  45. ufw-interface-{{interface}}:
  46. ufw.allowed:
  47. - interface: {{interface}}
  48. - require:
  49. - pkg: ufw
  50. {%- endfor %}
  51. {% else %}
  52. #ufw:
  53. #ufw:
  54. #- disabled
  55. {% endif %}