Saltstack Official UFW Formula
Nie możesz wybrać więcej, niż 25 tematów Tematy muszą się zaczynać od litery lub cyfry, mogą zawierać myślniki ('-') i mogą mieć do 35 znaków.

59 lines
1.2KB

  1. # UFW management module
  2. {%- set ufw = pillar.get('ufw', {}) %}
  3. {%- if ufw.get('enabled', False) %}
  4. ufw:
  5. pkg:
  6. - installed
  7. service.running:
  8. - enable: True
  9. ufw:
  10. - enabled
  11. - require:
  12. - pkg: ufw
  13. {%- for service_name, service_details in ufw.get('services', {}).items() %}
  14. {%- for from_addr in service_details.get('from_addr', [None]) %}
  15. {%- set protocol = service_details.get('protocol', None) %}
  16. {%- set from_port = service_details.get('from_port', None) %}
  17. {%- set to_addr = service_details.get('to_addr', None) %}
  18. ufw-svc-{{service_name}}-{{from_addr}}:
  19. ufw.allowed:
  20. - protocol: {{protocol}}
  21. {%- if from_addr != None %}
  22. - from_addr: {{from_addr}}
  23. {%- endif %}
  24. {%- if from_port != None %}
  25. - from_port: "{{from_port}}"
  26. {%- endif %}
  27. {%- if to_addr != None %}
  28. - to_addr: {{to_addr}}
  29. {%- endif %}
  30. - to_port: "{{service_name}}"
  31. - require:
  32. - pkg: ufw
  33. {%- endfor %}
  34. {%- endfor %}
  35. # Applications
  36. {%- for app_name in ufw.get('applications', []) %}
  37. ufw-app-{{app_name}}:
  38. ufw.allowed:
  39. - app: {{app_name}}
  40. - require:
  41. - pkg: ufw
  42. {%- endfor %}
  43. {% else %}
  44. #ufw:
  45. #ufw:
  46. #- disabled
  47. {% endif %}