标签:table app prot UI each drop traffic end deny
{% for eachfw, fw_rule in pillar[‘firewall‘].iteritems() %} # Add custom chain {{ eachfw }}-chain: iptables.chain_present: # - save : True - table: filter # Custom chain rules {% if ‘allow‘ in fw_rule %} # White Lists {% for each_allow in fw_rule[‘allow‘] %} {{ eachfw }}_allow_{{ each_allow }}: iptables.insert: - table: filter - chain: {{ eachfw }}-chain - position: 1 - source: {{ each_allow }} - jump: ACCEPT - require: - iptables: {{ eachfw }}-chain - require_in: - iptables: {{ eachfw }}_deny - save: True {% endfor %} # Deny all {{ eachfw }}_deny: iptables.append: - table: filter - chain: {{ eachfw }}-chain - jump: DROP - save: True {% elif ‘deny‘ in fw_rule %} # Black Lists {% for each_deny in fw_rule[‘deny‘] %} {{ eachfw }}_deny_{{ each_deny }}: iptables.insert: - table: filter - chain: {{ eachfw }}-chain - position: 1 - source: {{ each_deny }} - jump: DROP - require: - iptables: {{ eachfw }}-chain - require_in: - iptables: {{ eachfw }}_allow - save: True {% endfor %} # Accept all {{ eachfw }}_allow: iptables.append: - table: filter - chain: {{ eachfw }}-chain - jump: ACCEPT - save: True {% endif %} # Export traffic to custom chain {{ eachfw }}-main: iptables.insert: - table: filter - chain: INPUT - position: 1 - proto: tcp - dport: {{ fw_rule[‘port‘] }} - jump: {{ eachfw }}-chain {% endfor %}
忘记在哪看的的了,只有文件,先保留,
标签:table app prot UI each drop traffic end deny
原文地址:http://www.cnblogs.com/LYCong/p/7978204.html