salt.modules.iptables¶

Support for iptables

salt.modules.iptables.append(table='filter', chain=None, rule=None)¶

Append a rule to the specified table/chain.

This function accepts a rule in a standard iptables command format,

starting with the chain. Trying to force users to adapt to a new method of creating rules would be irritating at best, and we already have a parser that can handle it.

CLI Example:

salt '*' iptables.append filter INPUT rule='-m state --state RELATED,ESTABLISHED -j ACCEPT'

salt.modules.iptables.delete(table, chain=None, position=None, rule=None)¶

Delete a rule from the specified table/chain, specifying either the rule

in its entirety, or the rule's position in the chain.

This function accepts a rule in a standard iptables command format,

starting with the chain. Trying to force users to adapt to a new method of creating rules would be irritating at best, and we already have a parser that can handle it.

CLI Examples:

salt '*' iptables.delete filter INPUT position=3
salt '*' iptables.delete filter INPUT rule='-m state --state RELATED,ESTABLISHED -j ACCEPT'

salt.modules.iptables.flush(table='filter')¶

Flush all chains in the specified table.

CLI Example:

salt '*' iptables.flush filter

salt.modules.iptables.get_policy(table='filter', chain=None)¶

Return the current policy for the specified table/chain

CLI Example:

salt '*' iptables.get_policy filter INPUT

salt.modules.iptables.get_rules()¶

Return a data structure of the current, in-memory rules

CLI Example:

salt '*' iptables.get_rules

salt.modules.iptables.get_saved_policy(table='filter', chain=None, conf_file=None)¶

Return the current policy for the specified table/chain

CLI Examples:

salt '*' iptables.get_saved_policy filter INPUT
salt '*' iptables.get_saved_policy filter INPUT conf_file=/etc/iptables.saved

salt.modules.iptables.get_saved_rules(conf_file=None)¶

Return a data structure of the rules in the conf file

CLI Example:

salt '*' iptables.get_saved_rules

salt.modules.iptables.insert(table='filter', chain=None, position=None, rule=None)¶

Insert a rule into the specified table/chain, at the specified position.

This function accepts a rule in a standard iptables command format,

starting with the chain. Trying to force users to adapt to a new method of creating rules would be irritating at best, and we already have a parser that can handle it.

CLI Examples:

salt '*' iptables.insert filter INPUT position=3 rule='-m state --state RELATED,ESTABLISHED -j ACCEPT'

salt.modules.iptables.save(filename=None)¶

Save the current in-memory rules to disk

CLI Example:

salt '*' iptables.save /etc/sysconfig/iptables

salt.modules.iptables.set_policy(table='filter', chain=None, policy=None)¶

Set the current policy for the specified table/chain

CLI Example:

salt '*' iptables.set_policy filter INPUT ACCEPT

salt.modules.iptables.version()¶

Return version from iptables --version

CLI Example:

salt '*' iptables.version