salt
/
ufw-formula
forkattu lähteestä ExternalMirrors/ufw-formula
Tarkkaile 2
Äänestä 0
Fork 0
Koodi Julkaisut 8 Activity
Saltstack Official UFW Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
53 Commitit
1 Haara
Puu: 9bb5aa2cc5
Branchit Tagit
${ item.name }
Create branch ${ searchTerm }
from '9bb5aa2cc5'
${ noResults }
ufw-formula/pillar.example

pillar.example 2.4KB
Raaka Normal View Historia

Formula initial version
10 vuotta sitten
add webscale changes
8 vuotta sitten
Handle loglevel
6 vuotta sitten
add webscale changes
8 vuotta sitten
Formula initial version
10 vuotta sitten
Added support for comments in all forms and added in example.
7 vuotta sitten
Formula initial version
10 vuotta sitten
Added support for comments in all forms and added in example.
7 vuotta sitten
Formula initial version
10 vuotta sitten
Added support for comments in all forms and added in example.
7 vuotta sitten
Formula initial version
10 vuotta sitten
Adds ability to limit or deny services and applications. The "limit" and "deny" parameters have been added to both the services and applications sections. Setting "limit: True" will use the "ufw limit" command instead of "ufw allow". Likewise, setting "deny: True" will use the "ufw deny" command.
6 vuotta sitten
Formula initial version
10 vuotta sitten
Added support for comments in all forms and added in example.
7 vuotta sitten
Formula initial version
10 vuotta sitten
Adds ability to limit or deny services and applications. The "limit" and "deny" parameters have been added to both the services and applications sections. Setting "limit: True" will use the "ufw limit" command instead of "ufw allow". Likewise, setting "deny: True" will use the "ufw deny" command.
6 vuotta sitten
Update README and pillar.example with new to_port property
6 vuotta sitten
Adds ability to limit or deny services and applications. The "limit" and "deny" parameters have been added to both the services and applications sections. Setting "limit: True" will use the "ufw limit" command instead of "ufw allow". Likewise, setting "deny: True" will use the "ufw deny" command.
6 vuotta sitten
Formula initial version
10 vuotta sitten
Added support for comments in all forms and added in example.
7 vuotta sitten
Formula initial version
10 vuotta sitten
Added support for comments in all forms and added in example.
7 vuotta sitten
Formula initial version
10 vuotta sitten
Adds ability to limit or deny services and applications. The "limit" and "deny" parameters have been added to both the services and applications sections. Setting "limit: True" will use the "ufw limit" command instead of "ufw allow". Likewise, setting "deny: True" will use the "ufw deny" command.
6 vuotta sitten
Formula initial version
10 vuotta sitten
add webscale changes
8 vuotta sitten
Added support for comments in all forms and added in example.
7 vuotta sitten
Add support for allowing entire interface
9 vuotta sitten
Adds ability to limit or deny services and applications. The "limit" and "deny" parameters have been added to both the services and applications sections. Setting "limit: True" will use the "ufw limit" command instead of "ufw allow". Likewise, setting "deny: True" will use the "ufw deny" command.
6 vuotta sitten
Add support for allowing entire interface
9 vuotta sitten
Added support for comments in all forms and added in example.
7 vuotta sitten
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115 
  1. ufw:

  2. 

  3.   enabled: True

  4. 

  5.   settings:

  6.     loglevel: low

  7.     ipv6: True

  8.     default_input_policy: 'DROP'

  9.     default_output_policy: 'ACCEPT'

  10.     default_forward_policy: 'DROP'

  11.     default_application_policy: 'SKIP'

  12.     manage_builtins: False

  13.     ipt_sysctl: '/etc/ufw/sysctl.conf'

  14.     ipt_modules:

  15.       - nf_conntrack_ftp

  16.       - nf_nat_ftp

  17.       - nf_conntrack_netbios_ns

  18. 

  19.   sysctl:

  20.     forwarding: 1

  21.     rp_filter: 1

  22.     accept_source_route: 0

  23.     accept_redirects: 0

  24.     icmp_echo_ignore_broadcasts: 1

  25.     icmp_ignore_bogus_error_responses: 1

  26.     icmp_echo_ignore_all: 0

  27.     log_martians: 0

  28.     tcp_syncookies: 0

  29.     tcp_sack: 1

  30.     ipv6_autoconf: 1

  31.     use_tempaddr: 1

  32. 

  33.   services:

  34. 

  35.     # Allow 80/tcp (http) traffic from only two remote addresses.

  36.     http:

  37.       protocol: tcp

  38.       from_addr:

  39.         - 10.0.2.15

  40.         - 10.0.2.16

  41.       comment: Upstream loadbalancers

  42. 

  43.     # Allow 443/tcp (https) traffic from network 10.0.0.0/8 to an specific local ip.

  44.     https:

  45.       protocol: tcp

  46.       from_addr:

  47.         - 10.0.0.0/8

  48.       to_addr: 10.0.2.1

  49.       comment: Intraweb portal

  50. 

  51.     # Allow from a service port.

  52.     smtp:

  53.       protocol: tcp

  54.       comment: Mail relay

  55. 

  56.     # Allow from a specific port, by number.

  57.     139:

  58.       protocol: tcp

  59.       comment: Netbios

  60. 

  61.     # Deny from a specific port, by number.

  62.     140:

  63.       protocol: tcp

  64.       deny: True

  65. 

  66.     # Deny everything from a specific ip address

  67.     '*':

  68.       protocol: tcp

  69.       deny: True

  70.       from_addr: 10.0.0.1

  71. 

  72.     # Deny everything from multiple ip addresses and avoid

  73.     # conflicts with already defined service '*'

  74.     '*/multiple':

  75.       to_port: '*'

  76.       protocol: tcp

  77.       deny: True

  78.       from_addr:

  79.         - 10.0.0.2

  80.         - 10.0.0.3

  81. 

  82.     # Limit a specific port, by number.

  83.     170:

  84.       limit: True

  85.       protocol: tcp

  86.       comment: Print service

  87. 

  88.     # Allow from a range of ports, udp.

  89.     "10000:20000":

  90.       protocol: udp

  91.       comment: We need ports, lots of ports

  92. 

  93.     # Allow from two specific ports, udp.

  94.     "30000,40000":

  95.       protocol: udp

  96.       comment: Game server and admin

  97. 

  98.   # Allow applications defined at /etc/ufw/applications.d/

  99.   applications:

  100.     OpenSSH:

  101.       enabled: True

  102.       comment: We are using fail2ban anyway

  103. 

  104.     # Limit access to salt master

  105.     Saltmaster:

  106.       limit: True

  107. 

  108.     # Deny access to Postgresql

  109.     Postgresql:

  110.       deny: True

  111. 

  112.   # Allow all traffic in on the specified interface

  113.   interfaces:

  114.     eth1:

  115.       comment: Honey pot