Re: editing iptables under Linux.... tested on CentOS 5... can somebody give it a whirl, please?

Diego Zamboni Thu, 13 Sep 2012 17:39:57 -0700

Hi Aleksey,

Thank you very much for the contribution!


I think this might be a better fit for the Design Center than to the COPBL, 
given that it performs a specific, higher-level task (rather than a generic, 
lower-level task, which is what we try to keep in the stdlib).

We are in the process of redefining the structure that a sketch must have for 
the design center, but once this is done, it should be fairly simple to convert 
this bundle to a sketch.

Cheers,
--Diego


On Sep 13, 2012, at 7:17 PM, Aleksey Tsalolikhin <atsaloli.t...@gmail.com> 
wrote:

> Hi.  I'd like to contribute the following to the COPBL.  Could
> somebody try it out for me please and let me know if you run into any
> issues?
> 
> #####################################################################################
> 
> # add_to_iptables_ACL is used to edit Linux iptables config files.
> #
> # Purpose: make it easier to add white-list rules to iptables host firewall.
> #
> # Aleksey Tsalolikhin, 13 Sep 2012
> #
> # Example of how to use it:
> #
> # files:
> #        "/etc/sysconfig/iptables"
> #
> #             edit_line => add_to_iptables_ACL("-A RH-Firewall-1-INPUT
> -m state --state NEW -m tcp -p tcp --dport 5432 -s 1.2.3.4/32 -j
> ACCEPT -m comment --comment \"Allow Web server to connect to
> Postgres\""),
> #             classes => if_repaired("restart_iptables"),
> #             comment => "Allow Web server to connect to Postgres database";
> 
> 
> bundle edit_line add_to_iptables_ACL(line) {
> 
> insert_lines:
> 
>  "$(line)"
> 
>      select_region => between_ACCEPT_established_and_REJECT_everything_else;
> 
> }
> 
> 
> body select_region between_ACCEPT_established_and_REJECT_everything_else
> {
> select_start => "-A RH-Firewall-1-INPUT -m state --state
> ESTABLISHED,RELATED -j ACCEPT";
> select_end   => "-A RH-Firewall-1-INPUT -j REJEC.*";
> }
> 
> ####################################################################################
> 
> Best,
> Aleksey
> 
> 
> -- 
> Upcoming Trainings:
> "Time Management for System Administrators" 28 Sep 2012 at Ohio Linux
> Fest (http://ohiolinux.org/register)
> "Editing with vi" 28 Sep 2012 at Ohio Linux Fest 
> (http://ohiolinux.org/register)
> "Automating System Administration with CFEngine 3" 22-25 Oct 2012 in
> Palo Alto, CA (http://www.eventbrite.com/event/3388161081)
> _______________________________________________
> Help-cfengine mailing list
> Help-cfengine@cfengine.org
> https://cfengine.org/mailman/listinfo/help-cfengine

_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine

Re: editing iptables under Linux.... tested on CentOS 5... can somebody give it a whirl, please?

Reply via email to