cdist−type__iptables_rule − Deploy iptable rulesets
This cdist type allows you to manage iptable rules in a distribution independent manner.
rule |
The rule to apply. Essentially an iptables command line without iptables in front of it. |
state |
'present' or 'absent', defaults to 'present' |
# Deploy some policies __iptables_rule policy−in −−rule "−P INPUT DROP" __iptables_rule policy−out −−rule "−P OUTPUT ACCEPT" __iptables_rule policy−fwd −−rule "−P FORWARD DROP" # The usual established rule __iptables_rule established −−rule "−A INPUT −m state −−state RELATED,ESTABLISHED −j ACCEPT" # Some service rules __iptables_rule http −−rule "−A INPUT −p tcp −−dport 80 −j ACCEPT" __iptables_rule ssh −−rule "−A INPUT −p tcp −−dport 22 −j ACCEPT" __iptables_rule https −−rule "−A INPUT −p tcp −−dport 443 −j ACCEPT" # Ensure some rules are not present anymore __iptables_rule munin −−rule "−A INPUT −p tcp −−dport 4949 −j ACCEPT" \ −−state absent
cdist−type__iptables_apply(7), iptables(8)
Nico Schottelius <nico−cdist−−@−−schottelius.org>
Copyright (C) 2013 Nico Schottelius. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.