NetFilter Persistent

Installation

IPTables Persistent installieren.

apt install iptables-persistent

Falls das Paket nicht verfügbar ist NetFilter Persistent installieren.

apt install netfilter-persistent

Konfiguration

Paketfilter mit Regeln füttern.

TODO: iptables durchschauen. Befehle anzeigen.

Die Regeln speichern damit Sie beim System Neustart wieder hergestellt werden.

TODO: iptables-persistent save? Nachprüfen wie das nochmal ging.

Salt State File

netfilter.sls

# NetFilter Persistent

{% set iptables = salt['grains.filter_by']({
  'Ubuntu': {'pkg': 'iptables-persistent', 'srv': 'iptables-persistent'},
}, default='Ubuntu') %}

{{ iptables.pkg }}:
  pkg.installed:
    - name: {{ iptables.pkg }}

{% set netfilter = salt['grains.filter_by']({
  'Ubuntu': {'pkg': 'netfilter-persistent', 'srv': 'netfilter-persistent'},
}, default='Ubuntu') %}

{{ netfilter.pkg }}:
  pkg.installed:
    - name: {{ netfilter.pkg }}
  {% if pillar['netfilter'] is defined %}
  service.running:
    - name: {{ netfilter.srv }}
    - enable: True
    - require:
      - pkg: {{ netfilter.pkg }}
  {% endif %}

{% if pillar['netfilter'] is defined %}
netfilter-persistent-save:
  cmd.run:
    - name: netfilter-persistent save
    - require:
      - pkg: {{ netfilter.pkg }}

{% if pillar['netfilter']['tables'] is defined %}
{% for table, rules in pillar['netfilter']['tables'].items() %}
{% for rule in rules %}
table-{{ table }}-rule-{{ rule }}:
  cmd.run:
    - name: iptables --table {{ table }} {{ rule }}
    - unless: iptables --list-rules --table {{ table }} | grep -e  "{{ rule }}"
    - onchanges_in:
      - cmd: netfilter-persistent-save
{% endfor %}
{% endfor %}
{% endif %}
{% endif %}

# Pillar Example
# --------------
# Todo: Provide Pillar Sample Data