Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / iptables / 28e08dfe7ece724b5be0b44234bfa60ba49e1abc / . / README.rst
blob: 5bedae3205bd7121a42933012be88a990dc18230 [file] [log] [blame]
Dzmitry Stremkouskie353ce32018-08-30 17:22:32 +0200[diff] [blame]1=====================
2iptables salt formula
3=====================
Filip Pytlounab43e7b2015-10-06 16:28:32 +0200[diff] [blame]4
Filip Pytloun60062562016-07-27 14:41:15 +0200[diff] [blame]5Iptables is used to set up, maintain, and inspect the tables of IPv4 packet
6filter rules in the Linux kernel. Several different tables may be defined.
7Each table contains a number of built-in chains and may also contain
8user-defined chains. Each chain is a list of rules which can match a set of
9packets. Each rule specifies what to do with a packet that matches. This is
10called a `target`, which may be a jump to a user-defined chain in the same
11table.
Filip Pytlounab43e7b2015-10-06 16:28:32 +0200[diff] [blame]12
Dzmitry Stremkouskie353ce32018-08-30 17:22:32 +0200[diff] [blame]13This version of a formula guarantees that manually added rules or rules which
14has been added in runtime would be removed.
15
16In order to ensure architecture, proper epoch value should be specified.
17Refer to an example.
18
Filip Pytlounab43e7b2015-10-06 16:28:32 +0200[diff] [blame]19Sample pillars
20==============
21
Filip Pytlounab43e7b2015-10-06 16:28:32 +0200[diff] [blame]22.. code-block:: yaml
23
Nitin Madhok574663a2017-03-28 10:08:26 -0400[diff] [blame]24 parameters:
Filip Pytloun60062562016-07-27 14:41:15 +0200[diff] [blame]25 iptables:
Dzmitry Stremkouskie353ce32018-08-30 17:22:32 +0200[diff] [blame]26 schema:
27 epoch: 1
Filip Pytloun60062562016-07-27 14:41:15 +0200[diff] [blame]28 service:
Dzmitry Stremkouskie353ce32018-08-30 17:22:32 +0200[diff] [blame]29 v4:
30 enabled: true
Dzmitry Stremkouski1ca901c2018-11-05 13:20:52 +0100[diff] [blame]31 persistent_config: /etc/iptables/rules.v4
Dzmitry Stremkouskie353ce32018-08-30 17:22:32 +0200[diff] [blame]32 modules:
33 - nf_conntrack_ftp
34 - nf_conntrack_pptp
35 v6:
36 enabled: false
Dzmitry Stremkouski1ca901c2018-11-05 13:20:52 +0100[diff] [blame]37 persistent_config: /etc/iptables/rules.v6
Dzmitry Stremkouskie353ce32018-08-30 17:22:32 +0200[diff] [blame]38 modules:
39 - nf_conntrack_ipv6
40 defaults:
41 v4:
42 metadata_rules: false
43 policy: ACCEPT
44 ruleset:
45 action: ACCEPT
46 params: ""
47 rule: ""
48 v6:
49 metadata_rules: false
50 policy: DROP
51 ruleset:
52 action: ACCEPT
53 params: ""
54 rule: ""
55 tables:
56 v4:
57 filter:
58 chains:
59 INPUT:
60 ruleset:
61 5:
62 action: log_drop
63 10:
64 rule: -s 192.168.0.0/24 -p tcp
65 log_drop:
Dzmitry Stremkouskie353ce32018-08-30 17:22:32 +0200[diff] [blame]66 ruleset:
67 10:
68 action: LOG
Dzmitry Stremkouskie353ce32018-08-30 17:22:32 +0200[diff] [blame]69 nat:
70 chains:
Dzmitry Stremkouski1ca901c2018-11-05 13:20:52 +0100[diff] [blame]71 OUTPUT: {}
72 PREROUTING: {}
Dzmitry Stremkouskie353ce32018-08-30 17:22:32 +0200[diff] [blame]73 POSTROUTING:
74 policy: ACCEPT
75 ruleset:
76 10:
77 rule: -s 192.168.0.0/24 -p tcp -o lo
78 action: SNAT
79 params: --to-source=127.0.0.1
Filip Pytloun60062562016-07-27 14:41:15 +0200[diff] [blame]80
Dzmitry Stremkouski1a1e8c72018-03-07 00:51:45 +0100[diff] [blame]81
Filip Pytlounab43e7b2015-10-06 16:28:32 +0200[diff] [blame]82Read more
83=========
84
85* http://docs.saltstack.com/en/latest/ref/states/all/salt.states.iptables.html
86* https://help.ubuntu.com/community/IptablesHowTo
87* http://wiki.centos.org/HowTos/Network/IPTables
Filip Pytlounb817b352017-02-02 13:02:03 +0100[diff] [blame]88
89Documentation and Bugs
90======================
91
92To learn how to install and update salt-formulas, consult the documentation
93available online at:
94
95 http://salt-formulas.readthedocs.io/
96
97In the unfortunate event that bugs are discovered, they should be reported to
98the appropriate issue tracker. Use Github issue tracker for specific salt
99formula:
100
101 https://github.com/salt-formulas/salt-formula-iptables/issues
102
Filip Pytlounb817b352017-02-02 13:02:03 +0100[diff] [blame]103
104Developers wishing to work on the salt-formulas projects should always base
105their work on master branch and submit pull request against specific formula.
106
107 https://github.com/salt-formulas/salt-formula-iptables
108