-
-
Save SEJeff/5462109 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Firewall configuration written by system-config-firewall | |
| # Manual customization of this file is not recommended. | |
| *filter | |
| :INPUT ACCEPT [0:0] | |
| :FORWARD ACCEPT [0:0] | |
| :OUTPUT ACCEPT [0:0] | |
| -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT | |
| -A INPUT -p icmp -j ACCEPT | |
| -A INPUT -i lo -j ACCEPT | |
| -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT | |
| {% for ipaddr in ipaddrs %} | |
| -A INPUT -p tcp -s {{ ipaddr[0] }} --sport 1024:65535 -d {{ dbserver }} --dport 3306 -m state --state NEW,ESTABLISHED -j ACCEPT | |
| -A OUTPUT -p tcp -s {{ dbserver }} --sport 3306 -d {{ ipaddr[0] }} --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT | |
| {% endfor %} | |
| -A INPUT -j REJECT --reject-with icmp-host-prohibited | |
| -A FORWARD -j REJECT --reject-with icmp-host-prohibited | |
| COMMIT |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /etc/sysconfig/iptables: | |
| file.managed: | |
| - source: salt://dbserver/iptables | |
| - user: root | |
| - group: root | |
| - mode: 600 | |
| - template: jinja | |
| - dbserver: {{ salt['publish.publish']('dbserver', 'network.ip_addrs', 'eth1')['dbserver'].pop() }} | |
| - ipaddrs: {{ salt['publish.publish']('*web*', 'network.ip_addrs', 'eth1').values() }} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment