Table of Contents
This cdist type allows you to manage iptable rules in a distribution independent manner.
# Deploy some policies __iptables_rule policy-in --rule "-P INPUT DROP" __iptables_rule policy-out --rule "-P OUTPUT ACCEPT" __iptables_rule policy-fwd --rule "-P FORWARD DROP" # The usual established rule __iptables_rule established --rule "-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT" # Some service rules __iptables_rule http --rule "-A INPUT -p tcp --dport 80 -j ACCEPT" __iptables_rule ssh --rule "-A INPUT -p tcp --dport 80 -j ACCEPT" __iptables_rule https --rule "-A INPUT -p tcp --dport 443 -j ACCEPT" # Ensure some rules are not present anymore __iptables_rule munin --rule "-A INPUT -p tcp --dport 4949 -j ACCEPT" \ --state absent