salt 添加iptables的sls例子

Posted 2020-10-16 LYCong

tags:

篇首语：本文由小常识网(cha138.com)小编为大家整理，主要介绍了salt 添加iptables的sls例子相关的知识，希望对你有一定的参考价值。

{% for eachfw, fw_rule in pillar[‘firewall‘].iteritems() %}
# Add custom chain
{{ eachfw }}-chain:
  iptables.chain_present:
#    - save : True
    - table: filter
# Custom chain rules
{% if ‘allow‘ in fw_rule %}
# White Lists
{% for each_allow in fw_rule[‘allow‘] %}
{{ eachfw }}_allow_{{ each_allow }}:
  iptables.insert:
    - table: filter
    - chain: {{ eachfw }}-chain
    - position: 1
    - source: {{ each_allow }}
    - jump: ACCEPT
    - require:
      - iptables: {{ eachfw }}-chain
    - require_in:
      - iptables: {{ eachfw }}_deny
    - save: True
{% endfor %}
# Deny all
{{ eachfw }}_deny:
  iptables.append:
    - table: filter
    - chain: {{ eachfw }}-chain
    - jump: DROP
    - save: True

{% elif ‘deny‘ in fw_rule %}
# Black Lists
{% for each_deny in fw_rule[‘deny‘] %}
{{ eachfw }}_deny_{{ each_deny }}:
  iptables.insert:
    - table: filter
    - chain: {{ eachfw }}-chain
    - position: 1
    - source: {{ each_deny }}
    - jump: DROP
    - require:
      - iptables: {{ eachfw }}-chain
    - require_in:
      - iptables: {{ eachfw }}_allow
    - save: True
{% endfor %}
# Accept all
{{ eachfw }}_allow:
  iptables.append:
    - table: filter
    - chain: {{ eachfw }}-chain
    - jump: ACCEPT
    - save: True
{% endif %}

# Export traffic to custom chain
{{ eachfw }}-main:
  iptables.insert:
    - table: filter
    - chain: INPUT
    - position: 1
    - proto: tcp
    - dport: {{ fw_rule[‘port‘] }}
    - jump: {{ eachfw }}-chain
{% endfor %}

忘记在哪看的的了，只有文件，先保留，

以上是关于salt 添加iptables的sls例子的主要内容，如果未能解决你的问题，请参考以下文章

SaltStack 批量管理任务计划

saltstack/salt的state.sls和pillar定义以及使用

SaltStack master file_roots 变量与 salt 命令执行的关系

Saltstack--------部署keepalived，Job管理，salt-ssh，salt-syndic，salt-api

Saltstack的sls

salt 安装zabbix agent