Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature request: iptables-save: filter out lines via regex #31661

Closed
dkiser opened this issue Mar 3, 2016 · 4 comments
Closed

Feature request: iptables-save: filter out lines via regex #31661

dkiser opened this issue Mar 3, 2016 · 4 comments
Labels
Execution-Module Feature new functionality including changes to functionality and code refactors, etc. fixed-pls-verify fix is linked, bug author to confirm fix Platform Relates to OS, containers, platform-based utilities like FS, system based apps State-Module
Milestone
Approved

Comments

@dkiser
Copy link
Contributor

dkiser commented Mar 3, 2016

Description of Issue/Question

As a Salt user, I Should Be Able To configure a list of regex strings So That I Can perform an iptables.save module call (directly or via the iptables state) without saving certain entries persistently in order to prevent ephemeral rules created by systems such as Docker from adversely affecting iptables state on service restarts.

^^ run-on sentence much?

Acceptance Criteria

GIVEN an iptables.save_filters list in yaml format within minion config/pillars/grains or master config
WHEN I perform a iptables.save module call
THEN the /etc/sysconfig/iptables file is saved with lines redacted matching regex strings in the configured filter.
@dkiser dkiser mentioned this issue Mar 3, 2016
Merged
2 tasks
@beardedeagle
Copy link

+1

@jfindlay jfindlay added Feature new functionality including changes to functionality and code refactors, etc. Execution-Module State-Module Platform Relates to OS, containers, platform-based utilities like FS, system based apps labels Mar 4, 2016
@jfindlay jfindlay added this to the Approved milestone Mar 4, 2016
@jfindlay jfindlay added the fixed-pls-verify fix is linked, bug author to confirm fix label Mar 4, 2016
@jfindlay
Copy link
Contributor

jfindlay commented Mar 4, 2016

@dkiser, thanks for working on this.

@dkiser
Copy link
Contributor Author

dkiser commented Mar 4, 2016

@jfindlay No worries, maybe see if other folks find this useful. For now I'm just sticking the change into _modules for myself. FYI this would need backporting to earlier versions like 2015.8.3 and 2015.8.5 as I found out earlier today but should be fine if its rolled into develop for some future release. iptables.py had other shared lib mods to shlex that are not backwards compatible from what was on develop and whats on 2015.8

cachedout pushed a commit that referenced this issue Dec 5, 2016
@dkiser
Proposed feature implementation for #31661
b31d3f5 
Feature: allow configurable regex filters to redact iptabes-save output
cachedout pushed a commit that referenced this issue Dec 5, 2016
Merge pull request #31662 from dkiser/ipt_flex_out
dd60542 
Proposed feature implementation for #31661
@cachedout
Copy link
Contributor

Closed via #31662

gitebra pushed a commit to gitebra/salt that referenced this issue Dec 6, 2016
@jojohans
Merge remote-tracking branch 'upstream/develop' into develop
a444f91 
* upstream/develop:
  Add deprecation notices to nitrogen release notes (saltstack#38082)
  Added tests for utils.vmware.get_datacenter
  Updated utils.vmware.get_datacenter to use utils.vmware.get_datacenters
  Added tests for utils.vmware.get_datacenters
  Added utils.vmware.get_datacenters which returns all datacenters in a vCenter
  Remove trailing whitespace
  Allow NSG to be assigned to a new NIC for Azure ARM * Add support for attaching network security group to a new network interface * Add check for security_group in the configuration file
  Lint fixing for saltstack#31662.
  LINT fix for commit #b31d3f5e1f0d3558f592bd9e50959592af9c6165
  Proposed feature implementation for saltstack#31661
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Execution-Module Feature new functionality including changes to functionality and code refactors, etc. fixed-pls-verify fix is linked, bug author to confirm fix Platform Relates to OS, containers, platform-based utilities like FS, system based apps State-Module
Projects
None yet
Milestone
Approved
Development

No branches or pull requests
4 participants
@cachedout @jfindlay @beardedeagle @dkiser