放在base环境下面
root@salt-master:/srv/salt/base# tree iptables/ -L 2
iptables/├── files
│ └── rules.v4
└── init.sls
rules.v4设置防火墙内容,当然可以结合grains,pillar设置更加具体化的规则。
init.sls 内容
iptables-dir:
cmd.run:
- name: mkdir -p /etc/iptables
- unless: test -d /etc/iptables #如果没有这个文件夹就创建
iptables-file:
file.managed:
- name: /etc/iptables/rules.v4
- source: salt://iptables/files/rules.v4
- user: root
- group: root
- mode: 644
- require:
- cmd: iptables-dir
cmd.run:
- name: iptables-restore < /etc/iptables/rules.v4
- require:
- file: iptables-file
命令:
salt '*' state.sls iptables base