upstream iptables

6 years ago · f813bc781b
parent 4d97712d6e
commit f813bc781b
2 changed files with 16 additions and 0 deletions
--- a/salt/upstream/dhcp.sls
+++ b/salt/upstream/dhcp.sls
@ -17,3 +17,13 @@ iptables:
    - mode: 744
    - require:
        - pkg: iptables
+
+/etc/network/if-pre-up.d/iptables:
+  file.managed:
+    - source: salt://upstream/iptables
+    - template: 'jinja'
+    - context:
+        upstream_iface: {{ dhcp_iface }}
+    - mode: 744
+    - require:
+        - pkg: iptables
--- a/salt/upstream/iptables
+++ b/salt/upstream/iptables
@ -0,0 +1,6 @@
+#!/bin/sh
+
+if [ "$IFACE" = "{{ upstream_iface }}" ]; then
+   iptables -A INPUT -i "$IFACE" -j DROP
+   iptables -P INPUT ACCEPT
+fi