states/glocker/init.sls

   1 glocker chain:
   2   iptables.chain_present:
   3     - name: glocker
   4     - table: filter
   5
   6 accept glocker-except:
   7   iptables.insert:
   8     - table: filter
   9     - chain: glocker
  10     - jump: ACCEPT
  11     - match-set: glocker-except dst
  12     - position: 1
  13
  14 allow uid 40000-50000:
  15   iptables.insert:
  16     - table: filter
  17     - chain: glocker
  18     - jump: ACCEPT
  19     - match: owner
  20     - uid-owner: 40000-50000
  21     - position: 2
  22
  23 reject glocker:
  24   iptables.insert:
  25     - table: filter
  26     - chain: glocker
  27     - jump: REJECT
  28     - reject-with: icmp-port-unreachable
  29     - match-set: glocker dst
  30     - position: 3
  31
  32 jump to glocker:
  33   iptables.insert:
  34     - table: filter
  35     - chain: OUTPUT
  36     - jump: glocker
  37     - position: 1
  38
  39 glocker cron job:
  40   file.managed:
  41     - name: /etc/cron.hourly/glocker
  42     - source: salt://glocker/files/cronjob
  43     - user: root
  44     - group: root
  45     - mode: 750
  46
  47 ensure allowed_hosts file exists:
  48   file.touch:
  49     - name: /etc/glocker/allowed_hosts
  50     - makedirs: True