Hi. I'd like to contribute the following to the COPBL. Could
somebody try it out for me please and let me know if you run into any
issues?
#####################################################################################
# add_to_iptables_ACL is used to edit Linux iptables config files.
#
# Purpose: make it easier to add white-list rules to iptables host firewall.
#
# Aleksey Tsalolikhin, 13 Sep 2012
#
# Example of how to use it:
#
# files:
# "/etc/sysconfig/iptables"
#
# edit_line => add_to_iptables_ACL("-A RH-Firewall-1-INPUT
-m state --state NEW -m tcp -p tcp --dport 5432 -s 1.2.3.4/32 -j
ACCEPT -m comment --comment \"Allow Web server to connect to
Postgres\""),
# classes => if_repaired("restart_iptables"),
# comment => "Allow Web server to connect to Postgres database";
bundle edit_line add_to_iptables_ACL(line) {
insert_lines:
"$(line)"
select_region => between_ACCEPT_established_and_REJECT_everything_else;
}
body select_region between_ACCEPT_established_and_REJECT_everything_else
{
select_start => "-A RH-Firewall-1-INPUT -m state --state
ESTABLISHED,RELATED -j ACCEPT";
select_end => "-A RH-Firewall-1-INPUT -j REJEC.*";
}
####################################################################################
Best,
Aleksey
--
Upcoming Trainings:
"Time Management for System Administrators" 28 Sep 2012 at Ohio Linux
Fest (http://ohiolinux.org/register)
"Editing with vi" 28 Sep 2012 at Ohio Linux Fest (http://ohiolinux.org/register)
"Automating System Administration with CFEngine 3" 22-25 Oct 2012 in
Palo Alto, CA (http://www.eventbrite.com/event/3388161081)
_______________________________________________
Help-cfengine mailing list
[email protected]
https://cfengine.org/mailman/listinfo/help-cfengine
