30 lines
637 B
Text
30 lines
637 B
Text
network_firewall_pkgs:
|
|
pkg.installed:
|
|
- pkgs:
|
|
- nftables
|
|
|
|
network_firewall_rules:
|
|
file.managed:
|
|
- name: /etc/nftables.d/noveria.nft
|
|
- source: salt://{{ tpldir }}/files/firewall_rules.nft.jinja
|
|
- template: jinja
|
|
- context:
|
|
STATE: {{ sls }}
|
|
ALLOWED_PORTS: [443, 25565]
|
|
- user: root
|
|
- group: root
|
|
- mode: '0600'
|
|
- makedirs: true
|
|
- require:
|
|
- network_firewall_pkgs
|
|
|
|
network_firewall_service_reload:
|
|
service.running:
|
|
- name: nftables
|
|
- enable: true
|
|
- reload: true
|
|
- watch:
|
|
- network_firewall_rules
|
|
- require:
|
|
- network_firewall_pkgs
|
|
|