34 lines
630 B
Text
34 lines
630 B
Text
|
ufw not installed:
|
||
|
pkg.removed:
|
||
|
- name: ufw
|
||
|
|
||
|
firewalld installed:
|
||
|
pkg.installed:
|
||
|
- name: firewalld
|
||
|
|
||
|
firewalld service running:
|
||
|
service.running:
|
||
|
- name: firewalld
|
||
|
|
||
|
fail2ban installed:
|
||
|
pkg.installed:
|
||
|
- name: fail2ban
|
||
|
|
||
|
fail2ban service running:
|
||
|
service.running:
|
||
|
- name: fail2ban
|
||
|
|
||
|
firewalld public zone setup:
|
||
|
firewalld.present:
|
||
|
- name: public
|
||
|
- block_icmp:
|
||
|
- echo-reply
|
||
|
- echo-request
|
||
|
- default: True
|
||
|
- masquerade: True
|
||
|
- ports:
|
||
|
{% for port, protocol in salt['pillar.get']('basics:firewall:ports').items() %}
|
||
|
- {{ port }}/{{ protocol }}
|
||
|
{% endfor %}
|
||
|
|