Blame - README.rst - salt-formulas/iptables

blob: 8605ae009e0f700eb9980424aeccee567a9a1106 [file] [log] [blame]

Filip Pytloun	ab43e7b	2015-10-06 16:28:32 +0200	[diff] [blame]	1
				2	================
				3	iptables formula
				4	================
				5
Filip Pytloun	6006256	2016-07-27 14:41:15 +0200	[diff] [blame]	6	Iptables is used to set up, maintain, and inspect the tables of IPv4 packet
				7	filter rules in the Linux kernel. Several different tables may be defined.
				8	Each table contains a number of built-in chains and may also contain
				9	user-defined chains. Each chain is a list of rules which can match a set of
				10	packets. Each rule specifies what to do with a packet that matches. This is
				11	called a `target`, which may be a jump to a user-defined chain in the same
				12	table.
Filip Pytloun	ab43e7b	2015-10-06 16:28:32 +0200	[diff] [blame]	13
				14	Sample pillars
				15	==============
				16
Filip Pytloun	6006256	2016-07-27 14:41:15 +0200	[diff] [blame]	17	Most common rules - allow traffic on localhost, accept related,established and
				18	ping
Filip Pytloun	ab43e7b	2015-10-06 16:28:32 +0200	[diff] [blame]	19
				20	.. code-block:: yaml
				21
Filip Pytloun	6006256	2016-07-27 14:41:15 +0200	[diff] [blame]	22	parametetrs:
				23	iptables:
				24	service:
Filip Pytloun	ab43e7b	2015-10-06 16:28:32 +0200	[diff] [blame]	25	chain:
				26	INPUT:
Filip Pytloun	6006256	2016-07-27 14:41:15 +0200	[diff] [blame]	27	rules:
				28	- in_interface: lo
Filip Pytloun	ab43e7b	2015-10-06 16:28:32 +0200	[diff] [blame]	29	jump: ACCEPT
Filip Pytloun	6006256	2016-07-27 14:41:15 +0200	[diff] [blame]	30	- connection_state: RELATED,ESTABLISHED
Filip Pytloun	ab43e7b	2015-10-06 16:28:32 +0200	[diff] [blame]	31	match: state
Filip Pytloun	6006256	2016-07-27 14:41:15 +0200	[diff] [blame]	32	jump: ACCEPT
				33	- protocol: icmp
				34	jump: ACCEPT
				35
				36	Accept connections on port 22
				37
				38	.. code-block:: yaml
				39
				40	parametetrs:
				41	iptables:
				42	service:
				43	chain:
				44	INPUT:
				45	rules:
				46	- destination_port: 22
Filip Pytloun	ab43e7b	2015-10-06 16:28:32 +0200	[diff] [blame]	47	protocol: tcp
Filip Pytloun	6006256	2016-07-27 14:41:15 +0200	[diff] [blame]	48	jump: ACCEPT
				49
				50	Set drop policy on INPUT chain:
				51
				52	.. code-block:: yaml
				53
				54	parametetrs:
				55	iptables:
				56	service:
				57	chain:
				58	INPUT:
				59	policy: DROP
				60
				61	Redirect privileged port 443 to 8081
				62
				63	.. code-block:: yaml
				64
				65	parameters:
				66	iptables:
				67	service:
				68	chain:
				69	PREROUTING:
				70	filter: nat
				71	destination_port: 443
				72	to_port: 8081
				73	protocol: tcp
				74	jump: REDIRECT
				75
				76	Allow access from local network
				77
				78	.. code-block:: yaml
				79
				80	parameters:
				81	iptables:
				82	service:
				83	chain:
				84	INPUT:
				85	rules:
				86	- protocol: tcp
				87	destination_port: 22
				88	source_network: 192.168.1.0/24
				89	jump: ACCEPT
Filip Pytloun	ab43e7b	2015-10-06 16:28:32 +0200	[diff] [blame]	90
				91	Read more
				92	=========
				93
				94	* http://docs.saltstack.com/en/latest/ref/states/all/salt.states.iptables.html
				95	* https://help.ubuntu.com/community/IptablesHowTo
				96	* http://wiki.centos.org/HowTos/Network/IPTables