Skip to content
/ ufw-formula Public
forked from saltstack-formulas/ufw-formula

Manages your firewall using ufw with pillar configured rules

License

Apache-2.0 license
0 stars 61 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

myii/ufw-formula

BranchesTags
 
 

Repository files navigation

ufw-formula

Travis CI Build Status Semantic Release

Formula to set up and configure ufw

Table of Contents

General notes

See the full SaltStack Formulas installation and usage instructions.

If you are interested in writing or contributing to formulas, please pay attention to the Writing Formula Section.

If you want to use this formula, please pay attention to the FORMULA file and/or git tag, which contains the currently released version. This formula is versioned according to Semantic Versioning.

See Formula Versioning Section for more details.

Contributing to this repo

Commit message formatting is significant!!

Please see :ref:`How to contribute <CONTRIBUTING>` for more details.

Available states

ufw

Installs and configures the ufw package.

ufw.package

Installs the ufw package.

ufw.config

This state manages the file ufw.conf under /etc/ufw (template found in "ufw/files"). The configuration is populated by values in "ufw/map.jinja" based on the package's default values (and RedHat, Debian, Suse and Arch family distribution specific values), which can then be overridden by values of the same name in pillar.

Usage

All the configuration for the firewall is done via pillar (pillar.example).

Enable firewall, applying default configuration:

ufw:
  enabled: True

Allow 80/tcp (http) traffic from only two remote addresses:

ufw:
  services:
    http:
      protocol: tcp
      from_addr:
        - 10.0.2.15
        - 10.0.2.16

Allow 443/tcp (https) traffic from network 10.0.0.0/8 to an specific local ip:

ufw:
  services:
    https:
      protocol: tcp
      from_addr:
        - 10.0.0.0/8
      to_addr: 10.0.2.1

Allow from a service port:

ufw:
  services:
    smtp:
      protocol: tcp

Allow from an specific port, by number:

ufw:
  services:
    139:
      protocol: tcp

Allow from a range of ports, udp:

ufw:
  services:
    "10000:20000":
      protocol: udp

Allow from a range of ports, tcp and udp

ufw:
  services:
    "10000:20000/tcp":
      to_port: "10000:20000"
      protocol: tcp
    "10000:20000/udp":
      to_port: "10000:20000"
      protocol: udp

Allow from two specific ports, udp:

ufw:
  services:
    "30000,40000":
      protocol: udp

Allow an application defined at /etc/ufw/applications.d/:

ufw:
  applications:
    - OpenSSH

Testing

Linux testing is done with kitchen-salt.

kitchen converge

Creates the docker instance and runs the template main state, ready for testing.

kitchen verify

Runs the inspec tests on the actual instance.

kitchen destroy

Removes the docker instance.

kitchen test

Runs all of the stages above in one go: i.e. destroy + converge + verify + destroy.

kitchen login

Gives you SSH access to the instance for manual testing.

About

Manages your firewall using ufw with pillar configured rules

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 30.8%
  • HTML 24.2%
  • SaltStack 17.9%
  • JavaScript 16.6%
  • Ruby 7.1%
  • Shell 3.4%