65 lines
1.5 KiB
Plaintext
65 lines
1.5 KiB
Plaintext
===============
|
|
Custom firewall
|
|
===============
|
|
|
|
This is a custom firewall for bonds that is deployed via salt. It is only used
|
|
to add port forwarding rules at the moment.
|
|
|
|
|
|
Installing
|
|
==========
|
|
|
|
Run this on bondingadmin::
|
|
|
|
make install
|
|
|
|
|
|
Adding a node
|
|
=============
|
|
|
|
First, create the pillar file for the node with the rules. For example, for
|
|
node 42::
|
|
|
|
vi /etc/bondingadmin/salt-config/pillars/customfirewall/node-42.sls
|
|
|
|
The file contents will contain the definitions of the rules and any needed
|
|
additional addresses. For example to set up 2 forward rules and 2 additional
|
|
IP addresses::
|
|
|
|
customfirewall:
|
|
forwards:
|
|
- ip: 192.168.4.7
|
|
protocol: tcp
|
|
port: 80
|
|
destination: 10.1.2.3
|
|
- ip: 172.18.27.2
|
|
protocol: udp
|
|
port: 53
|
|
destination: 10.2.3.4
|
|
addresses:
|
|
- interface: eth1
|
|
ip: 192.168.4.7/24
|
|
- interface: eth1
|
|
ip: 172.18.27.2/24
|
|
|
|
If you do not need any addresses, simply don't define the addresses section.
|
|
|
|
Next, match the pillar to the node in the pillar top file::
|
|
|
|
vi /etc/bondingadmin/salt-config/pillars/top.sls
|
|
|
|
Make sure the definition is under the base pillar like this::
|
|
|
|
base:
|
|
'node-42':
|
|
- customfirewall.node-42
|
|
|
|
Finally add the state for the node in the state top file::
|
|
|
|
vi /etc/bondingadmin/salt-config/states/top.sls
|
|
|
|
Make sure the definition is under the partner root::
|
|
partner:
|
|
'node-42':
|
|
- customfirewall
|