zoukankan      html  css  js  c++  java
  • salt 添加iptables的sls例子

    {% for eachfw, fw_rule in pillar['firewall'].iteritems() %}
    # Add custom chain
    {{ eachfw }}-chain:
      iptables.chain_present:
    #    - save : True
        - table: filter
    # Custom chain rules
    {% if 'allow' in fw_rule %}
    # White Lists
    {% for each_allow in fw_rule['allow'] %}
    {{ eachfw }}_allow_{{ each_allow }}:
      iptables.insert:
        - table: filter
        - chain: {{ eachfw }}-chain
        - position: 1
        - source: {{ each_allow }}
        - jump: ACCEPT
        - require:
          - iptables: {{ eachfw }}-chain
        - require_in:
          - iptables: {{ eachfw }}_deny
        - save: True
    {% endfor %}
    # Deny all
    {{ eachfw }}_deny:
      iptables.append:
        - table: filter
        - chain: {{ eachfw }}-chain
        - jump: DROP
        - save: True
    
    {% elif 'deny' in fw_rule %}
    # Black Lists
    {% for each_deny in fw_rule['deny'] %}
    {{ eachfw }}_deny_{{ each_deny }}:
      iptables.insert:
        - table: filter
        - chain: {{ eachfw }}-chain
        - position: 1
        - source: {{ each_deny }}
        - jump: DROP
        - require:
          - iptables: {{ eachfw }}-chain
        - require_in:
          - iptables: {{ eachfw }}_allow
        - save: True
    {% endfor %}
    # Accept all
    {{ eachfw }}_allow:
      iptables.append:
        - table: filter
        - chain: {{ eachfw }}-chain
        - jump: ACCEPT
        - save: True
    {% endif %}
    
    # Export traffic to custom chain
    {{ eachfw }}-main:
      iptables.insert:
        - table: filter
        - chain: INPUT
        - position: 1
        - proto: tcp
        - dport: {{ fw_rule['port'] }}
        - jump: {{ eachfw }}-chain
    {% endfor %}

    忘记在哪看的的了,只有文件,先保留,

  • 相关阅读:
    网络管理工具:Wireshark
    WAP header 信息的意义
    Visual Studio 2005 发布网站提示发布成功 但指定文件夹下没任何文件问题的解决
    Hello Win
    [转]手把手教你卸载oracle 10g
    如何识别 SQL Server 的版本
    生成insert sql脚本的存储过程
    JQuery触发事件
    PHP事务的使用方法
    PHP session和cookie
  • 原文地址:https://www.cnblogs.com/LYCong/p/7978204.html
Copyright © 2011-2022 走看看