Refactor from the scratch
Customer-Found
Prod-Related: CEEMCP-19
Prod-Related: PROD-22620
Change-Id: Ib14838becc409c2f735d93b5fa8a8ead6ea1a5ec
diff --git a/tests/pillar/iptables.sls b/tests/pillar/iptables.sls
new file mode 100644
index 0000000..05fe015
--- /dev/null
+++ b/tests/pillar/iptables.sls
@@ -0,0 +1,71 @@
+iptables:
+ schema:
+ epoch: 1
+ service:
+ v4:
+ enabled: true
+ modules:
+ - nf_conntrack_ftp
+ - nf_conntrack_pptp
+ v6:
+ enabled: false
+ modules:
+ - nf_conntrack_ipv6
+ defaults:
+ v4:
+ metadata_rules: false
+ policy: ACCEPT
+ ruleset:
+ action: ACCEPT
+ params: ""
+ rule: ""
+ v6:
+ metadata_rules: false
+ policy: DROP
+ ruleset:
+ action: ACCEPT
+ params: ""
+ rule: ""
+ tables:
+ v4:
+ filter:
+ chains:
+ INPUT:
+ ruleset:
+ 5:
+ action: log_drop
+ 10:
+ rule: -s 192.168.0.0/24 -p tcp
+ log_drop:
+ policy: DROP
+ ruleset:
+ 10:
+ rule: ""
+ action: LOG
+ nat:
+ chains:
+ OUTPUT:
+ PREROUTING:
+ POSTROUTING:
+ policy: ACCEPT
+ ruleset:
+ 10:
+ rule: -s 192.168.0.0/24 -p tcp -o lo
+ action: SNAT
+ params: --to-source=127.0.0.1
+ config: v4
+ v6:
+ filter:
+ chains:
+ INPUT:
+ ruleset:
+ 5:
+ action: log_drop
+ 10:
+ rule: -s 200A:0:200C::1/64 -p tcp
+ log_drop:
+ policy: DROP
+ ruleset:
+ 10:
+ rule: ""
+ action: LOG