Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/lkubb/salt-nftables-formula

Manage nftables with Salt.
https://github.com/lkubb/salt-nftables-formula

devops firewall nftables salt salt-formula saltstack saltstack-formula

Last synced: 1 day ago
JSON representation

Manage nftables with Salt.

Host: GitHub
URL: https://github.com/lkubb/salt-nftables-formula
Owner: lkubb
License: other
Created: 2024-01-16T19:21:48.000Z (12 months ago)
Default Branch: master
Last Pushed: 2024-11-13T23:25:14.000Z (about 2 months ago)
Last Synced: 2024-12-22T17:27:32.849Z (11 days ago)
Topics: devops, firewall, nftables, salt, salt-formula, saltstack, saltstack-formula
Language: Jinja
Homepage:
Size: 81.1 KB
Stars: 1
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: docs/README.rst
- License: LICENSE

Awesome Lists containing this project

README

        .. _readme:

nftables Formula

================

|img_sr| |img_pc|

.. |img_sr| image:: https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg

   :alt: Semantic Release

   :scale: 100%

   :target: https://github.com/semantic-release/semantic-release

.. |img_pc| image:: https://img.shields.io/badge/pre--commit-enabled-brightgreen?logo=pre-commit&logoColor=white

   :alt: pre-commit

   :scale: 100%

   :target: https://github.com/pre-commit/pre-commit

Manage nftables with Salt.

.. contents:: **Table of Contents**

   :depth: 1

General notes

-------------

See the full `SaltStack Formulas installation and usage instructions

`_.

If you are interested in writing or contributing to formulas, please pay attention to the `Writing Formula Section

`_.

If you want to use this formula, please pay attention to the ``FORMULA`` file and/or ``git tag``,

which contains the currently released version. This formula is versioned according to `Semantic Versioning `_.

See `Formula Versioning Section `_ for more details.

If you need (non-default) configuration, please refer to:

- `how to configure the formula with map.jinja `_

- the ``pillar.example`` file

- the `Special notes`_ section

Special notes

-------------

Configuration

-------------

An example pillar is provided, please see `pillar.example`. Note that you do not need to specify everything by pillar. Often, it's much easier and less resource-heavy to use the ``parameters//.yaml`` files for non-sensitive settings. The underlying logic is explained in `map.jinja`.

Available states

----------------

The following states are found in this formula:

.. contents::

   :local:

``nftables``

^^^^^^^^^^^^

*Meta-state*.

This installs the nftables package,

manages the nftables configuration file

and then starts the associated nftables service.

``nftables.package``

^^^^^^^^^^^^^^^^^^^^

Installs the nftables package only.

``nftables.config``

^^^^^^^^^^^^^^^^^^^

Manages the nftables service configuration.

Has a dependency on `nftables.package`_.

``nftables.service``

^^^^^^^^^^^^^^^^^^^^

Starts the nftables service and enables it at boot time.

Has a dependency on `nftables.config`_.

``nftables.clean``

^^^^^^^^^^^^^^^^^^

*Meta-state*.

Undoes everything performed in the ``nftables`` meta-state

in reverse order, i.e.

stops the service,

removes the configuration file and then

uninstalls the package.

``nftables.package.clean``

^^^^^^^^^^^^^^^^^^^^^^^^^^

Removes the nftables package.

Has a dependency on `nftables.config.clean`_.

``nftables.config.clean``

^^^^^^^^^^^^^^^^^^^^^^^^^

Removes the configuration of the nftables service and has a

dependency on `nftables.service.clean`_.

``nftables.service.clean``

^^^^^^^^^^^^^^^^^^^^^^^^^^

Stops the nftables service and disables it at boot time.

Contributing to this repo

-------------------------

Commit messages

^^^^^^^^^^^^^^^

**Commit message formatting is significant!**

Please see `How to contribute `_ for more details.

pre-commit

^^^^^^^^^^

`pre-commit `_ is configured for this formula, which you may optionally use to ease the steps involved in submitting your changes.

First install  the ``pre-commit`` package manager using the appropriate `method `_, then run ``bin/install-hooks`` and

now ``pre-commit`` will run automatically on each ``git commit``. ::

  $ bin/install-hooks

  pre-commit installed at .git/hooks/pre-commit

  pre-commit installed at .git/hooks/commit-msg

State documentation

~~~~~~~~~~~~~~~~~~~

There is a script that semi-autodocuments available states: ``bin/slsdoc``.

If a ``.sls`` file begins with a Jinja comment, it will dump that into the docs. It can be configured differently depending on the formula. See the script source code for details currently.

This means if you feel a state should be documented, make sure to write a comment explaining it.

References

----------

General

^^^^^^^

* https://wiki.nftables.org/wiki-nftables/index.php/Main_Page

* https://wiki.nftables.org/wiki-nftables/index.php/Quick_reference-nftables_in_10_minutes

* https://wiki.archlinux.org/title/nftables

* https://github.com/ipr-cnrs/nftables

* https://github.com/ansibleguy/infra_nftables

Example setups

^^^^^^^^^^^^^^

* https://wiki.gentoo.org/wiki/Nftables/Examples

* https://alexforsale.github.io/posts/nftables.html

* https://paulgorman.org/technical/linux-nftables.txt.html

* https://stosb.com/blog/explaining-my-configs-nftables/

* https://cryptsus.com/blog/setting-up-nftables-firewall.html

* https://dataswamp.org/~solene/2023-02-06-nftables.html

* https://pablotron.org/articles/nftables-examples/

* https://gitlab.com/postmarketOS/pmaports/-/tree/master/main/postmarketos-config-nftables/rules

* https://wiki.codeemo.com/secure/nftables.html

* https://www.going-flying.com/blog/nftables-vs-firewalld.html