Linux technical support - [email protected]


salt stack iptables example

delete_firewalld:
  pkg.removed:
    - pkgs:
      - firewalld

install_iptables:
  pkg.installed:
    - pkgs:
      - iptables-services

iptables:
  service.running:
      - enable: True

default_to_accept:
  iptables.set_policy:
    - table: filter
    - chain: INPUT
    - policy: ACCEPT

allow-established:
  iptables.append:
    - table: filter
    - chain: INPUT
    - jump: ACCEPT
    - match: state
    - connstate: RELATED,ESTABLISHED
    - source: '0.0.0.0/0'
    - proto: all
    - save: True

allow-localhost:
  iptables.append:
    - in-interface: lo
    - table: filter
    - chain: INPUT
    - jump: ACCEPT
    - save: True

deny-log:
  iptables.append:
    - table: filter
    - chain: INPUT
    - jump: LOG
    - log-prefix: "iptables-dropped: "
    - log-level: 4
    - match: limit
    - limit: 2/min
    - source: '0.0.0.0/0'
    - destination: '0.0.0.0/0'
    - save: True

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>