salt.states.ipset¶
Management of ipsets¶
This is an ipset-specific module designed to manage IPSets for use in IPTables Firewalls.
setname:
ipset.set_present:
- set_type: bitmap:ip
- range: 192.168.0.0/16
- comment: True
setname:
ipset.set_absent:
- set_type: bitmap:ip
- range: 192.168.0.0/16
- comment: True
setname_entries:
ipset.present:
- set_name: setname
- entry: 192.168.0.3
- comment: Hello
- require:
- ipset: baz
setname_entries:
ipset.present:
- set_name: setname
- entry:
- 192.168.0.3
- 192.168.1.3
- comment: Hello
- require:
- ipset: baz
setname_entries:
ipset.absent:
- set_name: setname
- entry:
- 192.168.0.3
- 192.168.1.3
- comment: Hello
- require:
- ipset: baz
setname:
ipset.flush:
- salt.states.ipset.absent(name, entry=None, entries=None, family='ipv4', **kwargs)¶
New in version 2014.7.0.
Remove a entry or entries from a chain
- name
A user-defined name to call this entry by in another part of a state or formula. This should not be an actual entry.
- family
Network family, ipv4 or ipv6.
- salt.states.ipset.flush(name, family='ipv4', **kwargs)¶
New in version 2014.7.0.
Flush current ipset set
- family
Networking family, either ipv4 or ipv6
- salt.states.ipset.present(name, entry=None, family='ipv4', **kwargs)¶
New in version 2014.7.0.
Append a entry to a set
- name
A user-defined name to call this entry by in another part of a state or formula. This should not be an actual entry.
- entry
A single entry to add to a set or a list of entries to add to a set
- family
Network family, ipv4 or ipv6.
- salt.states.ipset.set_absent(name, family='ipv4', **kwargs)¶
New in version 2014.7.0.
Verify the set is absent.
- family
Networking family, either ipv4 or ipv6
- salt.states.ipset.set_present(name, set_type, family='ipv4', **kwargs)¶
New in version 2014.7.0.
Verify the set exists.
- name
A user-defined set name.
- set_type
The type for the set.
- family
Networking family, either ipv4 or ipv6
