Merge pull request #13 from ppieprzycki/master
New parameters
diff --git a/README.rst b/README.rst
old mode 100644
new mode 100755
index 7fbd803..c0a25af
--- a/README.rst
+++ b/README.rst
@@ -90,6 +90,30 @@
jump: ACCEPT
comment: Blah
+Support logging with custom prefix and log level
+
+.. code-block:: yaml
+
+ parameters:
+ iptables:
+ service:
+ chain:
+ POSTROUTING:
+ rules:
+ - table: nat
+ protocol: tcp
+ match: multiport
+ destination_ports:
+ - 21
+ - 80
+ - 443
+ - 2220
+ source_network: '10.20.30.0/24'
+ log_level: 7
+ log_prefix: 'iptables-logging: '
+ jump: LOG
+
+
IPv6 is supported as well
.. code-block:: yaml
diff --git a/iptables/_rule.sls b/iptables/_rule.sls
old mode 100644
new mode 100755
index b08fbb0..3fea39c
--- a/iptables/_rule.sls
+++ b/iptables/_rule.sls
@@ -32,6 +32,12 @@
{%- if rule.destination_port is defined %}
- dport: {{ rule.destination_port }}
{%- endif %}
+ {%- if rule.destination_ports is defined %}
+ - dports:
+ {%- for port in rule.destination_ports %}
+ - {{ port }}
+ {% endfor %}
+ {%- endif %}
{%- if rule.source_port is defined %}
- sport: {{ rule.source_port }}
{%- endif %}
@@ -56,6 +62,15 @@
{%- if rule.destination_network is defined %}
- destination: {{ rule.destination_network }}
{%- endif %}
+ {%- if rule.log_prefix is defined %}
+ - log-prefix: '{{ rule.log_prefix }}'
+ {%- endif %}
+ {%- if rule.log_level is defined %}
+ - log-level: {{ rule.log_level }}
+ {%- endif %}
+ {%- if rule.limit is defined %}
+ - limit: '{{ rule.limit }}'
+ {%- endif %}
{%- if chain.policy is defined %}
- require_in:
- iptables: iptables_{{ chain_name }}_policy