iptables/rules.sls - salt-formulas/iptables - Gitiles

 {% from "iptables/map.jinja" import service with context %}
 {%- if grains.get('virtual_subtype', None) not in ['Docker', 'LXC'] %}

 {%- for chain_name, chain in service.get('chain', {}).iteritems() %}

 iptables_{{ chain_name }}:
   iptables.chain_present:
     - family: ipv4
     - name: {{ chain_name }}
     - table: filter
     - require:
       - pkg: iptables_packages

 {%-   if grains.ipv6|default(False) and service.ipv6|default(True) %}
 iptables_{{ chain_name }}_ipv6:
   iptables.chain_present:
     - family: ipv6
     - name: {{ chain_name }}
     - table: filter
     - require:
       - pkg: iptables_packages
 {%-     if chain.policy is defined %}
     - require_in:
       - iptables: iptables_{{ chain_name }}_ipv6_policy
 {%-     endif  %}
 {%-   endif %}

 {%- if chain.policy is defined %}
 iptables_{{ chain_name }}_policy:
   iptables.set_policy:
     - family: ipv4
     - chain: {{ chain_name }}
     - policy: {{ chain.policy }}
     - table: filter
     - require:
       - iptables: iptables_{{ chain_name }}

 {%-   if grains.ipv6|default(False) and service.ipv6|default(True) %}
 iptables_{{ chain_name }}_ipv6_policy:
   iptables.set_policy:
     - family: ipv6
     - chain: {{ chain_name }}
     - policy: {{ chain.policy }}
     - table: filter
     - require:
       - iptables: iptables_{{ chain_name }}_ipv6
 {%-   endif %}
 {%- endif %}

 {%- for service_name, service in pillar.items() %}
 {%- if service is mapping %}
 {%- if service.get('_support', {}).get('iptables', {}).get('enabled', False) %}

 {%- set grains_fragment_file = service_name+'/meta/iptables.yml' %}
 {%- macro load_grains_file() %}{% include grains_fragment_file %}{% endmacro %}
 {%- set grains_yaml = load_grains_file()|load_yaml %}

 {%- for rule in grains_yaml.iptables.rules %}
 {%- set rule_name = service_name+'_'+loop.index|string %}
 {% include "iptables/_rule.sls" %}
 {%- endfor %}

 {%- endif %}
 {%- endif %}
 {%- endfor %}

 {%- for rule in chain.get('rules', []) %}
 {%- set rule_name = loop.index %}
 {% include "iptables/_rule.sls" %}
 {%- endfor %}

 {%- endfor %}
 {%- endif %}
	{% from "iptables/map.jinja" import service with context %}
	{%- if grains.get('virtual_subtype', None) not in ['Docker', 'LXC'] %}

	{%- for chain_name, chain in service.get('chain', {}).iteritems() %}

	iptables_{{ chain_name }}:
	iptables.chain_present:
	- family: ipv4
	- name: {{ chain_name }}
	- table: filter
	- require:
	- pkg: iptables_packages

	{%- if grains.ipv6\|default(False) and service.ipv6\|default(True) %}
	iptables_{{ chain_name }}_ipv6:
	iptables.chain_present:
	- family: ipv6
	- name: {{ chain_name }}
	- table: filter
	- require:
	- pkg: iptables_packages
	{%- if chain.policy is defined %}
	- require_in:
	- iptables: iptables_{{ chain_name }}_ipv6_policy
	{%- endif %}
	{%- endif %}

	{%- if chain.policy is defined %}
	iptables_{{ chain_name }}_policy:
	iptables.set_policy:
	- family: ipv4
	- chain: {{ chain_name }}
	- policy: {{ chain.policy }}
	- table: filter
	- require:
	- iptables: iptables_{{ chain_name }}

	{%- if grains.ipv6\|default(False) and service.ipv6\|default(True) %}
	iptables_{{ chain_name }}_ipv6_policy:
	iptables.set_policy:
	- family: ipv6
	- chain: {{ chain_name }}
	- policy: {{ chain.policy }}
	- table: filter
	- require:
	- iptables: iptables_{{ chain_name }}_ipv6
	{%- endif %}
	{%- endif %}

	{%- for service_name, service in pillar.items() %}
	{%- if service is mapping %}
	{%- if service.get('_support', {}).get('iptables', {}).get('enabled', False) %}

	{%- set grains_fragment_file = service_name+'/meta/iptables.yml' %}
	{%- macro load_grains_file() %}{% include grains_fragment_file %}{% endmacro %}
	{%- set grains_yaml = load_grains_file()\|load_yaml %}

	{%- for rule in grains_yaml.iptables.rules %}
	{%- set rule_name = service_name+'_'+loop.index\|string %}
	{% include "iptables/_rule.sls" %}
	{%- endfor %}

	{%- endif %}
	{%- endif %}
	{%- endfor %}

	{%- for rule in chain.get('rules', []) %}
	{%- set rule_name = loop.index %}
	{% include "iptables/_rule.sls" %}
	{%- endfor %}

	{%- endfor %}
	{%- endif %}