Navigation

salt.modules.iptables

Support for iptables

salt.modules.iptables.append(table='filter', chain=None, rule=None)

Append a rule to the specified table/chain.

This function accepts a rule in a standard iptables command format,
starting with the chain. Trying to force users to adapt to a new method of creating rules would be irritating at best, and we already have a parser that can handle it.

CLI Example:

salt '*' iptables.append filter INPUT '-m state --state RELATED,ESTABLISHED -j ACCEPT'
salt.modules.iptables.delete(table, chain, position=None, rule=None)
Delete a rule from the specified table/chain, specifying either the rule
in its entirety, or the rule's position in the chain.
This function accepts a rule in a standard iptables command format,
starting with the chain. Trying to force users to adapt to a new method of creating rules would be irritating at best, and we already have a parser that can handle it.

CLI Examples:

salt '*' iptables.delete filter INPUT position=3
salt '*' iptables.delete filter INPUT rule='-m state --state RELATED,ESTABLISHED -j ACCEPT'
salt.modules.iptables.flush(table='filter')

Flush all chains in the specified table.

CLI Example:

salt '*' iptables.flush filter
salt.modules.iptables.get_policy(table='filter', chain=None)

Return the current policy for the specified table/chain

CLI Example:

salt '*' iptables.get_policy filter INPUT
salt.modules.iptables.get_rules()

Return a data structure of the current, in-memory rules

CLI Example:

salt '*' iptables.get_rules
salt.modules.iptables.get_saved_policy(table='filter', chain=None, conf_file=None)

Return the current policy for the specified table/chain

CLI Examples:

salt '*' iptables.get_saved_policy filter INPUT
salt '*' iptables.get_saved_policy filter INPUT conf_file=/etc/iptables.saved
salt.modules.iptables.get_saved_rules(conf_file=None)

Return a data structure of the rules in the conf file

CLI Example:

salt '*' iptables.get_saved_rules
salt.modules.iptables.insert(table='filter', chain=None, position=None, rule=None)

Insert a rule into the specified table/chain, at the specified position.

This function accepts a rule in a standard iptables command format,
starting with the chain. Trying to force users to adapt to a new method of creating rules would be irritating at best, and we already have a parser that can handle it.

CLI Examples:

salt '*' iptables.insert filter INPUT rule='-m state --state RELATED,ESTABLISHED -j ACCEPT'
salt '*' iptables.insert filter INPUT position=3 rule='-m state --state RELATED,ESTABLISHED -j ACCEPT'
salt.modules.iptables.save(filename=None)

Save the current in-memory rules to disk

CLI Example:

salt '*' iptables.save /etc/sysconfig/iptables
salt.modules.iptables.set_policy(table='filter', chain=None, policy=None)

Set the current policy for the specified table/chain

CLI Example:

salt '*' iptables.set_policy filter INPUT ACCEPT
salt.modules.iptables.version()

Return version from iptables --version

CLI Example:

salt '*' iptables.version

Parent topic

Previous topic

salt.modules.hosts

Next topic

salt.modules.keyboard

Navigation

© Copyright 2013, Thomas S. Hatch. Last updated on Oct 11, 2013. Created using Sphinx 1.1.3.



Brought to you by Read the Docs