This is an iptables-specific module designed to manage Linux firewalls. It is expected that this state module, and other system-specific firewall states, may at some point be deprecated in favor of a more generic firewall state.
httpd:
iptables.append:
- table: filter
- chain: INPUT
- jump: ACCEPT
- match: state
- connstate: NEW
- dport: 80
- proto: tcp
- sport: 1025:65535
- save: True
httpd:
iptables.append:
- table: filter
- family: ipv6
- chain: INPUT
- jump: ACCEPT
- match: state
- connstate: NEW
- dport: 80
- proto: tcp
- sport: 1025:65535
- save: True
httpd:
iptables.insert:
- position: 1
- table: filter
- chain: INPUT
- jump: ACCEPT
- match: state
- connstate: NEW
- dport: 80
- proto: tcp
- sport: 1025:65535
- save: True
httpd:
iptables.insert:
- position: 1
- table: filter
- family: ipv6
- chain: INPUT
- jump: ACCEPT
- match: state
- connstate: NEW
- dport: 80
- proto: tcp
- sport: 1025:65535
- save: True
httpd:
iptables.delete:
- table: filter
- chain: INPUT
- jump: ACCEPT
- match: state
- connstate: NEW
- dport: 80
- proto: tcp
- sport: 1025:65535
- save: True
httpd:
iptables.delete:
- position: 1
- table: filter
- chain: INPUT
- jump: ACCEPT
- match: state
- connstate: NEW
- dport: 80
- proto: tcp
- sport: 1025:65535
- save: True
httpd:
iptables.delete:
- table: filter
- family: ipv6
- chain: INPUT
- jump: ACCEPT
- match: state
- connstate: NEW
- dport: 80
- proto: tcp
- sport: 1025:65535
- save: True
salt.states.iptables.append(name, family='ipv4', **kwargs)¶New in version 0.17.0.
Append a rule to a chain
All other arguments are passed in with the same name as the long option that would normally be used for iptables, with one exception: --state is specified as connstate instead of state (not to be confused with ctstate).
salt.states.iptables.chain_absent(name, table='filter', family='ipv4')¶New in version 2014.1.0: (Hydrogen)
Verify the chain is absent.
salt.states.iptables.chain_present(name, table='filter', family='ipv4')¶New in version 2014.1.0: (Hydrogen)
Verify the chain is exist.
salt.states.iptables.delete(name, family='ipv4', **kwargs)¶New in version 2014.1.0: (Hydrogen)
Delete a rule to a chain
All other arguments are passed in with the same name as the long option that would normally be used for iptables, with one exception: --state is specified as connstate instead of state (not to be confused with ctstate).
salt.states.iptables.flush(name, family='ipv4', **kwargs)¶New in version 2014.1.0: (Hydrogen)
Flush current iptables state
salt.states.iptables.insert(name, family='ipv4', **kwargs)¶New in version 2014.1.0: (Hydrogen)
Insert a rule into a chain
All other arguments are passed in with the same name as the long option that would normally be used for iptables, with one exception: --state is specified as connstate instead of state (not to be confused with ctstate).
salt.states.iptables.set_policy(name, family='ipv4', **kwargs)¶New in version 2014.1.0: (Hydrogen)
Sets the default policy for iptables firewall tables
Current Salt release: 2014.1.7
Docs for previous releases on salt.rtfd.org.