===============
Custom firewall
===============

This is a custom firewall for bonds that is deployed via salt. It is only used
to add port forwarding rules at the moment.


Installing
==========

Run this on bondingadmin::

    make install


Adding a node
=============

First, create the pillar file for the node with the rules. For example, for
node 42::

    vi /etc/bondingadmin/salt-config/pillars/customfirewall/node-42.sls

The file contents will contain the definitions of the rules and any needed
additional addresses. For example to set up 2 forward rules and 2 additional
IP addresses::

    customfirewall:
      forwards:
        - ip: 192.168.4.7
          protocol: tcp
          port: 80
          destination: 10.1.2.3
        - ip: 172.18.27.2
          protocol: udp
          port: 53
          destination: 10.2.3.4
      addresses:
        - interface: eth1
          ip: 192.168.4.7/24
        - interface: eth1
          ip: 172.18.27.2/24

If you do not need any addresses, simply don't define the addresses section.

Next, match the pillar to the node in the pillar top file::

    vi /etc/bondingadmin/salt-config/pillars/top.sls

Make sure the definition is under the base pillar like this::

    base:
      'node-42':
        - customfirewall.node-42

Finally add the state for the node in the state top file::

    vi /etc/bondingadmin/salt-config/states/top.sls

Make sure the definition is under the partner root::
  partner:
    'node-42':
      - customfirewall