zoukankan      html  css  js  c++  java
  • salt 添加iptables的sls例子

    {% for eachfw, fw_rule in pillar['firewall'].iteritems() %}
    # Add custom chain
    {{ eachfw }}-chain:
      iptables.chain_present:
    #    - save : True
        - table: filter
    # Custom chain rules
    {% if 'allow' in fw_rule %}
    # White Lists
    {% for each_allow in fw_rule['allow'] %}
    {{ eachfw }}_allow_{{ each_allow }}:
      iptables.insert:
        - table: filter
        - chain: {{ eachfw }}-chain
        - position: 1
        - source: {{ each_allow }}
        - jump: ACCEPT
        - require:
          - iptables: {{ eachfw }}-chain
        - require_in:
          - iptables: {{ eachfw }}_deny
        - save: True
    {% endfor %}
    # Deny all
    {{ eachfw }}_deny:
      iptables.append:
        - table: filter
        - chain: {{ eachfw }}-chain
        - jump: DROP
        - save: True
    
    {% elif 'deny' in fw_rule %}
    # Black Lists
    {% for each_deny in fw_rule['deny'] %}
    {{ eachfw }}_deny_{{ each_deny }}:
      iptables.insert:
        - table: filter
        - chain: {{ eachfw }}-chain
        - position: 1
        - source: {{ each_deny }}
        - jump: DROP
        - require:
          - iptables: {{ eachfw }}-chain
        - require_in:
          - iptables: {{ eachfw }}_allow
        - save: True
    {% endfor %}
    # Accept all
    {{ eachfw }}_allow:
      iptables.append:
        - table: filter
        - chain: {{ eachfw }}-chain
        - jump: ACCEPT
        - save: True
    {% endif %}
    
    # Export traffic to custom chain
    {{ eachfw }}-main:
      iptables.insert:
        - table: filter
        - chain: INPUT
        - position: 1
        - proto: tcp
        - dport: {{ fw_rule['port'] }}
        - jump: {{ eachfw }}-chain
    {% endfor %}

    忘记在哪看的的了,只有文件,先保留,

  • 相关阅读:
    HTML5边玩边学
    全面理解javascript的caller,callee,call,apply概念
    什么是HTTP Headers?
    Jquery的$命名冲突:
    jQuery 核心 noConflict() 方法
    js 两个小括号 ()() 的用法
    前端工程师的编码遭遇战
    Canvas之图像与文字
    Internet Explorer 9.0 新功能介绍
    firebug1.7调试实用技巧指南—web前端开发七武器
  • 原文地址:https://www.cnblogs.com/LYCong/p/7978204.html
Copyright © 2011-2022 走看看