25 lines
734 B
Django/Jinja
25 lines
734 B
Django/Jinja
*filter
|
|
:INPUT DROP [0:0]
|
|
:FORWARD ACCEPT [0:0]
|
|
:OUTPUT ACCEPT [0:0]
|
|
-A INPUT -i lo -j ACCEPT
|
|
-A INPUT -i tun+ -j ACCEPT
|
|
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
|
|
-A INPUT -p icmp -j ACCEPT
|
|
{%- for pub_port in salt['pillar.get']('public_ports') %}
|
|
-A INPUT -p {{ pub_port.proto }} -m {{ pub_port.proto }} --dport {{ pub_port.port }} -j ACCEPT
|
|
{%- endfor %}
|
|
{%- for net in salt['pillar.get']('ipv4_networks') %}
|
|
-A INPUT -s {{ net.ip }}/{{ net.mask }} -j ACCEPT
|
|
{%- endfor %}
|
|
-A INPUT -j LOG
|
|
COMMIT
|
|
*nat
|
|
:PREROUTING ACCEPT [0:0]
|
|
:INPUT ACCEPT [0:0]
|
|
:OUTPUT ACCEPT [0:0]
|
|
:POSTROUTING ACCEPT [0:0]
|
|
{%- for net in salt['pillar.get']('nats') %}
|
|
-A POSTROUTING -s {{ net.ip }}/{{ net.mask }} -j MASQUERADE
|
|
{%- endfor %}
|
|
COMMIT |