config-mgmt/salt-states
0
0
Fork 0
Code Releases Activity

add restic env, firewall

Browse Source
This commit is contained in:
root
2020-05-15 19:49:32 -04:00
parent d41cfa1ac0
commit e500c425ec
10 changed files with 84 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
firewall/files/iptables.jinja Normal file
View File

@@ -0,0 +1,22 @@
{% import_yaml 'firewall/defaults.yaml' as defaults -%}
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
{% for tcp_port, comment in salt.pillar.get('firewall:ig_tcp', defaults['ig_tcp']).items() -%}
-A INPUT -p tcp -m state --state NEW -m tcp --dport {{ tcp_port }} -m comment --comment "{{ comment }}" -j ACCEPT
{% endfor -%}
{% set ig_tcp_hosts = salt.pillar.get('firewall:ig_tcp_hosts', {}) -%}
{% for tcp_port in ig_tcp_hosts.keys() -%}
{% for host, comment in ig_tcp_hosts[tcp_port].items() -%}
-A INPUT -p tcp -m state --state NEW -s "{{ host }}" -m tcp --dport {{ tcp_port }} -m comment --comment "{{ comment }}" -j ACCEPT
{% endfor -%}
{% endfor -%}
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
-A INPUT -j DROP
-A FORWARD -j DROP
COMMIT