Merge 680e7fb191f9e29af74dcbae5b3b76dd569b2625 into 331493194ac1401dabebcdf3d82cef244b948cbe

2025-04-20 00:22:07 +02:00 · 2015-07-30 19:33:32 +00:00 · 2015-07-30 19:33:32 +00:00 · 23831e2239
commit 23831e2239
parent 331493194a 680e7fb191
1 changed files with 28 additions and 0 deletions
--- a/openssh/iptables-input.sls
+++ b/openssh/iptables-input.sls
@ -0,0 +1,28 @@
+{% from "openssh/map.jinja" import openssh with context %}
+{% set listen_port = salt['pillar.get']('openssh:listen_port', '22') %}
+
+sshd.iptables.chain:
+  iptables.chain_present:
+    - name: sshd_input
+
+#ideally this should be flushed in case the port changes so it will not accumulate ports:
+sshd.iptables.input:
+  iptables.insert:
+    - table: filter
+    - position: 1
+    - chain: INPUT
+    - jump: sshd_input
+
+sshd.iptables.listenrule:
+  iptables.insert:
+    - table: filter
+    - chain: sshd_input
+    - position: 1
+    - match: state
+    - connstate: NEW,ESTABLISHED
+    - dport: {{ listen_port }}
+    - proto: tcp
+    - jump: ACCEPT
+    - save: True
+
+#TODO: Should persist rules or depend on iptables-persistent or something, so that rules will be present after a boot