salt.states.ipset¶
Management of ipsets¶
This is an ipset-specific module designed to manage IPSets for use in IPTables Firewalls.
setname:
ipset.set_present:
- set_type: bitmap:ip
- range: 192.168.0.0/16
- comment: True
setname:
ipset.set_absent:
- set_type: bitmap:ip
- range: 192.168.0.0/16
- comment: True
setname_entries:
ipset.present:
- set_name: setname
- entry: 192.168.0.3
- comment: Hello
- require:
- ipset: baz
setname_entries:
ipset.present:
- set_name: setname
- entry:
- 192.168.0.3
- 192.168.1.3
- comment: Hello
- require:
- ipset: baz
setname_entries:
ipset.absent:
- set_name: setname
- entry:
- 192.168.0.3
- 192.168.1.3
- comment: Hello
- require:
- ipset: baz
setname:
ipset.flush:
-
salt.states.ipset.absent(name, entry=None, entries=None, family='ipv4', **kwargs)¶ 2014.7.0 新版功能.
Remove a entry or entries from a chain
- name
- A user-defined name to call this entry by in another part of a state or formula. This should not be an actual entry.
- family
- Network family, ipv4 or ipv6.
-
salt.states.ipset.flush(name, family='ipv4', **kwargs)¶ 2014.7.0 新版功能.
Flush current ipset set
- family
- Networking family, either ipv4 or ipv6
-
salt.states.ipset.present(name, entry=None, family='ipv4', **kwargs)¶ 2014.7.0 新版功能.
Append a entry to a set
- name
- A user-defined name to call this entry by in another part of a state or formula. This should not be an actual entry.
- entry
- A single entry to add to a set or a list of entries to add to a set
- family
- Network family, ipv4 or ipv6.
-
salt.states.ipset.set_absent(name, family='ipv4', **kwargs)¶ 2014.7.0 新版功能.
Verify the set is absent.
- family
- Networking family, either ipv4 or ipv6
-
salt.states.ipset.set_present(name, set_type, family='ipv4', **kwargs)¶ 2014.7.0 新版功能.
Verify the chain is exist.
- name
- A user-defined set name.
- set_type
- The type for the set
- family
- Networking family, either ipv4 or ipv6
Version 2016.3.0-182-gbed98d8
