Merge pull request #11771 from garethgreenaway/develop

Updating the iptables module to allow specifying states as a list in additional to a comma delimited string
2024-11-08 17:33:54 +00:00 · 2014-04-04 13:03:03 -06:00 · 2014-04-04 13:03:03 -06:00 · fdeacc1b5f
commit fdeacc1b5f
parent 56da0b2d94 47889fd818
2 changed files with 26 additions and 3 deletions
--- a/salt/modules/iptables.py
+++ b/salt/modules/iptables.py
@ -132,6 +132,10 @@ def build_rule(table=None, chain=None, command=None, position='', full=None, fam
        rule += '-p {0} '.format(kwargs['proto'])

    if 'match' in kwargs:
+        if isinstance(kwargs['match'], list):
+            for match in kwargs['match']:
+                rule += '-m {0} '.format(match)
+        else:
            kwargs['match'].replace(' ', '')
            for match in kwargs['match'].split(','):
                rule += '-m {0} '.format(match)
@ -168,6 +172,10 @@ def build_rule(table=None, chain=None, command=None, position='', full=None, fam
        rule += '--sports {0} '.format(kwargs['sports'])
        del kwargs['sports']

+    if 'comment' in kwargs:
+        rule += '--comment "{0}" '.format(kwargs['comment'])
+        del kwargs['comment']
+
    # Jumps should appear last, except for any arguments that are passed to
    # jumps, which of course need to follow.
    after_jump = []
--- a/salt/states/iptables.py
+++ b/salt/states/iptables.py
@ -21,6 +21,21 @@ at some point be deprecated in favor of a more generic `firewall` state.
        - sport: 1025:65535
        - save: True

+    httpd:
+      iptables.append:
+        - table: filter
+        - chain: INPUT
+        - jump: ACCEPT
+        - match:
+            - state
+            - comment
+        - comment: "Allow HTTP"
+        - connstate: NEW
+        - dport: 80
+        - proto: tcp
+        - sport: 1025:65535
+        - save: True
+
    httpd:
      iptables.append:
        - table: filter