码迷,mamicode.com
首页 > 其他好文 > 详细

salt 添加iptables的sls例子

时间:2017-12-04 19:10:26      阅读:145      评论:0      收藏:0      [点我收藏+]

标签:table   app   prot   UI   each   drop   traffic   end   deny   

{% for eachfw, fw_rule in pillar[firewall].iteritems() %}
# Add custom chain
{{ eachfw }}-chain:
  iptables.chain_present:
#    - save : True
    - table: filter
# Custom chain rules
{% if allow in fw_rule %}
# White Lists
{% for each_allow in fw_rule[allow] %}
{{ eachfw }}_allow_{{ each_allow }}:
  iptables.insert:
    - table: filter
    - chain: {{ eachfw }}-chain
    - position: 1
    - source: {{ each_allow }}
    - jump: ACCEPT
    - require:
      - iptables: {{ eachfw }}-chain
    - require_in:
      - iptables: {{ eachfw }}_deny
    - save: True
{% endfor %}
# Deny all
{{ eachfw }}_deny:
  iptables.append:
    - table: filter
    - chain: {{ eachfw }}-chain
    - jump: DROP
    - save: True

{% elif deny in fw_rule %}
# Black Lists
{% for each_deny in fw_rule[deny] %}
{{ eachfw }}_deny_{{ each_deny }}:
  iptables.insert:
    - table: filter
    - chain: {{ eachfw }}-chain
    - position: 1
    - source: {{ each_deny }}
    - jump: DROP
    - require:
      - iptables: {{ eachfw }}-chain
    - require_in:
      - iptables: {{ eachfw }}_allow
    - save: True
{% endfor %}
# Accept all
{{ eachfw }}_allow:
  iptables.append:
    - table: filter
    - chain: {{ eachfw }}-chain
    - jump: ACCEPT
    - save: True
{% endif %}

# Export traffic to custom chain
{{ eachfw }}-main:
  iptables.insert:
    - table: filter
    - chain: INPUT
    - position: 1
    - proto: tcp
    - dport: {{ fw_rule[port] }}
    - jump: {{ eachfw }}-chain
{% endfor %}

忘记在哪看的的了,只有文件,先保留,

salt 添加iptables的sls例子

标签:table   app   prot   UI   each   drop   traffic   end   deny   

原文地址:http://www.cnblogs.com/LYCong/p/7978204.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!