valitydev/salt
14
0
Fork 0
mirror of https://github.com/valitydev/salt.git synced 2024-11-08 09:23:56 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #24889 from thusoy/patch-2

Browse Source 
Add all iptables jump args from manpage
This commit is contained in:
Thomas S Hatch 2015-06-24 10:41:45 -06:00
commit d3b26fdae1
1 changed files with 103 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

129
salt/modules/iptables.py
View File

@ -268,53 +268,130 @@ def build_rule(table='filter', chain=None, command=None, position='', full=None,
# Jumps should appear last, except for any arguments that are passed to # Jumps should appear last, except for any arguments that are passed to
# jumps, which of course need to follow. # jumps, which of course need to follow.
after_jump = [] after_jump = []
# List of options fetched from http://www.iptables.info/en/iptables-targets-and-jumps.html # All jump arguments as extracted from man iptables-extensions, man iptables,
# man xtables-addons and http://www.iptables.info/en/iptables-targets-and-jumps.html
after_jump_arguments = ( after_jump_arguments = (
'j', # j and jump needs to be first 'j', # j and jump needs to be first
'jump', 'jump',
# IPTABLES
'add-set',
'and-mark',
'and-tos',
'checksum-fill',
'clamp-mss-to-pmtu', 'clamp-mss-to-pmtu',
'ecn-tcp-remove', # no arg
'mask', # only used with either save-mark or restore-mark
'nodst',
'queue-num',
'reject-with',
'restore', # no arg
'restore-mark', # no arg
#'save', # no arg, problematic name: How do we avoid collision with this?
'save-mark', # no arg
'selctx',
'set-dscp',
'set-dscp-class',
'set-mss',
'set-tos',
'ttl-dec',
'ttl-inc',
'ttl-set',
'ulog-cprange',
'ulog-nlgroup',
'ulog-prefix',
'ulog-qthreshold',
'clustermac', 'clustermac',
'hash-init,' 'ctevents',
'ctmask',
'del-set',
'ecn-tcp-remove',
'exist',
'expevents',
'gateway',
'hash-init',
'hashmode', 'hashmode',
'helper',
'label',
'local-node', 'local-node',
'log-ip-options', 'log-ip-options',
'log-level', 'log-level',
'log-prefix', 'log-prefix',
'log-tcp-options', 'log-tcp-options',
'log-tcp-sequence', 'log-tcp-sequence',
'new', # no arg 'log-uid',
'mask',
'new',
'nfmask',
'nflog-group',
'nflog-prefix',
'nflog-range',
'nflog-threshold',
'nodst',
'notrack',
'on-ip',
'on-port',
'or-mark',
'or-tos',
'persistent',
'queue-balance',
'queue-bypass',
'queue-num',
'random',
'rateest-ewmalog',
'rateest-interval',
'rateest-name',
'reject-with', 'reject-with',
'restore',
'restore-mark',
#'save', # no arg, problematic name: How do we avoid collision with this?
'save-mark',
'selctx',
'set-class', 'set-class',
'set-dscp',
'set-dscp-class',
'set-mark', 'set-mark',
'set-mss',
'set-tos',
'set-xmark', 'set-xmark',
'strip-options',
'timeout',
'to', 'to',
'to-destination', 'to-destination',
'to-port',
'to-ports', 'to-ports',
'to-source', 'to-source',
'total-nodes,'
'total-nodes', 'total-nodes',
'tproxy-mark',
'ttl-dec',
'ttl-inc',
'ttl-set',
'type',
'ulog-cprange',
'ulog-nlgroup',
'ulog-prefix',
'ulog-qthreshold',
'xor-mark',
'xor-tos',
'zone',
# IPTABLES-EXTENSIONS
'dst-pfx',
'hl-dec',
'hl-inc',
'hl-set',
'hmark-dport-mask',
'hmark-dst-prefix',
'hmark-mod',
'hmark-offset',
'hmark-proto-mask',
'hmark-rnd',
'hmark-spi-mask',
'hmark-sport-mask',
'hmark-src-prefix',
'hmark-tuple',
'led-always-blink',
'led-delay',
'led-trigger-id',
'queue-cpu-fanout',
'src-pfx',
# WEB
'to-port',
# XTABLES
'addr',
'and-mask',
'delude',
'honeypot',
'or-mask',
'prefix',
'reset',
'reuse',
'set-mac',
'shift',
'static',
'tarpit',
'tname',
'ttl',
) )
for after_jump_argument in after_jump_arguments: for after_jump_argument in after_jump_arguments:
if after_jump_argument in kwargs: if after_jump_argument in kwargs: