search

pyinfra-dev / pyinfra

pyinfra turns Python code into shell commands and runs them on your servers. Execute ad-hoc commands and write declarative operations. Target SSH servers, local machine and Docker containers. Fast and scales from one server to thousands.
https://pyinfra.com
MIT License
3.87k stars 378 forks source link

Expanding the iptables module #68

Closed Fizzadar closed 8 years ago

Fizzadar commented 8 years ago

The current module provides a basic iptables.nat implementation (thank you @hoh!). Iptables is a massive and complex beast, and I don't think the module will ever cover every use case (complicated iptables setups are best left as scripts, IMO) - but the module can certainly cover the basics.

Facts:

Modules:

Fizzadar commented 8 years ago

Majority of this is implemented @ https://github.com/Fizzadar/pyinfra/commit/ba793f934d7f2770c1618ba3417aba7cc9f989a7

Leave open for tests/any final tweaks before release.

hoh commented 8 years ago

Good to see. Shortcuts for specific use cases would definitely be appreciated by users.

Fizzadar commented 8 years ago

@hoh I'm a bit wary of adding specific use case shortcuts - the issue I foresee is that there are so many different use cases/arg-combinations which make it hard (beyond simple table shortcuts) to build more extensive shortcuts.

Perhaps something like:

def nat(type=[destination, source, port], target, **rule_kwargs)

Where type defines DNAT, SNAT or REDIRECT for the jump and target specifies the relevant --to-destination, --to-source or --to-ports?

Similarly there could be a logging shortcut:

def log(log_prefix, **rule_kwargs)

That sets jump=LOG and so on.

hoh commented 8 years ago

@Fizzadar an alternative would be to put that "sugar" in other packages, for example pip install pyinfra-easytable...

Fizzadar commented 8 years ago

@hoh I really like that idea, which leaves the pyinfra state management "clean" :) I'll close this issue now then.