Saltstack Official UFW Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

README.md 2.0KB

6 anni fa
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106
  1. # Ufw Salt Formula
  2. [![Build Status](https://travis-ci.org/aanriot/ufw-formula.svg?branch=master)](https://travis-ci.org/aanriot/ufw-formula)
  3. This module manages your firewall using ufw with pillar configured rules.
  4. See the full [Salt Formulas installation and usage instructions](http://docs.saltstack.com/topics/development/conventions/formulas.html).
  5. ## Usage
  6. All the configuration for the firewall is done via pillar (pillar.example).
  7. Enable firewall, applying default configuration:
  8. ```javascript
  9. ufw:
  10. enabled: True
  11. ```
  12. Allow 80/tcp (http) traffic from only two remote addresses:
  13. ```
  14. ufw:
  15. services:
  16. http:
  17. protocol: tcp
  18. from_addr:
  19. - 10.0.2.15
  20. - 10.0.2.16
  21. ```
  22. Allow 443/tcp (https) traffic from network 10.0.0.0/8 to an specific local ip:
  23. ```
  24. ufw:
  25. services:
  26. https:
  27. protocol: tcp
  28. from_addr:
  29. - 10.0.0.0/8
  30. to_addr: 10.0.2.1
  31. ```
  32. Allow from a service port:
  33. ```
  34. ufw:
  35. services:
  36. smtp:
  37. protocol: tcp
  38. ```
  39. Allow from an specific port, by number:
  40. ```
  41. ufw:
  42. services:
  43. 139:
  44. protocol: tcp
  45. ```
  46. Allow from a range of ports, udp:
  47. ```
  48. ufw:
  49. services:
  50. "10000:20000":
  51. protocol: udp
  52. ```
  53. Allow from a range of ports, tcp and udp
  54. ```
  55. ufw:
  56. services:
  57. "10000:20000/tcp":
  58. to_port: "10000:20000"
  59. protocol: tcp
  60. "10000:20000/udp":
  61. to_port: "10000:20000"
  62. protocol: udp
  63. ```
  64. Allow from two specific ports, udp:
  65. ```
  66. ufw:
  67. services:
  68. "30000,40000":
  69. protocol: udp
  70. ```
  71. Allow an application defined at /etc/ufw/applications.d/:
  72. ```
  73. ufw:
  74. applications:
  75. - OpenSSH
  76. ```
  77. ## Run tests
  78. This formula is tested with [Kitchen](https://kitchen.ci/) and [Inspec](https://www.inspec.io/) in a Docker container.
  79. To run tests you need to
  80. * install Ruby dependencies : `bundle install`
  81. * run Kitchen : `kitchen test`
  82. ## Authors
  83. Original state and module based on the work from [Yigal Duppen](https://github.com/publysher/infra-example-nginx/tree/develop).
  84. Salt formula originally developed by Mario del Pozo.