29 lines
627 B
Text
29 lines
627 B
Text
network_firewall_pkgs:
|
|
pkg.installed:
|
|
- pkgs:
|
|
- nftables
|
|
|
|
network_firewall_rules:
|
|
file.managed:
|
|
- name: /etc/nftables.d/noveria.nft
|
|
- source: salt://{{ tpldir }}/files/firewall_rules.nft.jinja
|
|
- template: jinja
|
|
- context:
|
|
sls: {{ sls }}
|
|
ALLOWED_PORTS: [80, 443, 25565, 51871]
|
|
- user: root
|
|
- group: root
|
|
- mode: '0600'
|
|
- makedirs: True
|
|
- require:
|
|
- network_firewall_pkgs
|
|
|
|
network_firewall_service_reload:
|
|
service.running:
|
|
- name: nftables
|
|
- enable: True
|
|
- watch:
|
|
- network_firewall_rules
|
|
- require:
|
|
- network_firewall_pkgs
|
|
|