Saltstack Official FirewallD Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

zone.xml 5.3KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152
  1. <?xml version="1.0" encoding="utf-8"?>
  2. <!--
  3. This file is managed/generated by salt.
  4. Do not edit this file manually, it will be overwritten!
  5. Modify the salt pillar for firewalld instead
  6. -->
  7. <zone{%- if 'target' in zone %} target="{{ zone.target }}"{%- endif %}>
  8. {% if 'short' in zone %}<short>{{ zone.short }}</short>{% else %}<short>{{ name }}</short>{% endif %}
  9. {% if 'description' in zone %}<description>{{ zone.description }}</description>{% endif %}
  10. {%- if 'interfaces' in zone %}
  11. {%- for v in zone.interfaces %}
  12. <interface name="{{ v }}" />
  13. {%- endfor %}
  14. {%- endif %}
  15. {%- if 'sources' in zone %}
  16. {%- for v in zone.sources %}
  17. {%- if 'comment' in v %}
  18. <!-- {{ v.comment }} -->
  19. <source address="{{ v.source }}" />
  20. {%- else %}
  21. <source address="{{ v }}" />
  22. {%- endif %}
  23. {%- endfor %}
  24. {%- endif %}
  25. {%- if 'ipsets' in zone %}
  26. {%- for v in zone.ipsets %}
  27. {%- if 'comment' in v %}
  28. <!-- {{ v.comment }} -->
  29. <source ipset="{{ v.ipset }}" />
  30. {%- else %}
  31. <source ipset="{{ v }}" />
  32. {%- endif %}
  33. {%- endfor %}
  34. {%- endif %}
  35. {%- if 'services' in zone %}
  36. {%- for v in zone.services %}
  37. <service name="{{ v }}" />
  38. {%- endfor %}
  39. {%- endif %}
  40. {%- if 'ports' in zone %}
  41. {%- for v in zone.ports %}
  42. {%- if 'comment' in v %}
  43. <!-- {{ v.comment }} -->
  44. {%- endif %}
  45. <port port="{{ v.port }}" protocol="{{ v.protocol }}"/>
  46. {%- endfor %}
  47. {%- endif %}
  48. {%- if 'protocols' in zone %}
  49. {%- for v in zone.protocols %}
  50. <protocol value="{{ v }}" />
  51. {%- endfor %}
  52. {%- endif %}
  53. {%- if 'icmp_blocks' in zone %}
  54. {%- for v in zone.icmp_blocks %}
  55. <icmp-block name="{{ v }}" />
  56. {%- endfor %}
  57. {%- endif %}
  58. {%- if 'icmp_block_inversion' in zone %}
  59. <icmp-block-inversion name="{{ zone.icmp_blok_inversion }}" />
  60. {%- endif %}
  61. {%- if 'masquerade' in zone %}
  62. {%- if zone.masquerade %}
  63. <masquerade/>
  64. {%- endif %}
  65. {%- endif %}
  66. {%- if 'forward_ports' in zone %}
  67. {%- for v in zone.forward_ports %}
  68. {%- if 'comment' in v %}
  69. <!-- {{ v.comment }} -->
  70. {%- endif %}
  71. <forward-port port="{{ v.portid }}" protocol="{{ v.protocol }}"{%- if 'to_port' in v %} to-port="{{ v.to_port }}"{%- endif %}{%- if 'to_addr' in v %} to-addr="{{ v.to_addr }}"{%- endif %} />
  72. {%- endfor %}
  73. {%- endif %}
  74. {%- if 'source_ports' in zone %}
  75. {%- for v in zone.source_ports %}
  76. {%- if 'comment' in v %}
  77. <!-- {{ v.comment }} -->
  78. {%- endif %}
  79. <source-port port="{{ v.port }}" protocol="{{ v.protocol }}"/>
  80. {%- endfor %}
  81. {%- endif %}
  82. {%- if 'rich_rules' in zone %}
  83. {%- for rule in zone.rich_rules %}
  84. {%- if 'family' in rule %}
  85. <rule family="{{ rule.family }}">
  86. {%- else %}
  87. <rule>
  88. {%- endif %}
  89. {%- if 'ipset' in rule %}
  90. <source ipset="{{ rule.ipset.name }}"/>
  91. {%- endif %}
  92. {%- if 'source' in rule %}
  93. <source address="{{ rule.source.address }}" {%- if 'invert' in rule.source %}invert="{{ rule.source.invert }}"{%- endif %}/>
  94. {%- endif %}
  95. {%- if 'destination' in rule %}
  96. <destination address="{{ rule.destination.address }}" {%- if 'invert' in rule.destination %}invert="{{ rule.destination.invert }}"{%- endif %}/>
  97. {%- endif %}
  98. {%- if 'service' in rule %}
  99. <service name="{{ rule.service }}"/>
  100. {%- endif %}
  101. {%- if 'port' in rule %}
  102. <port port="{{ rule.port.portid }}" protocol="{{ rule.port.protocol }}"/>
  103. {%- endif %}
  104. {%- if 'protocol' in rule %}
  105. <protocol value="{{ rule.protocol }}"/>
  106. {%- endif %}
  107. {%- if 'icmp_block' in rule %}
  108. <icmp-block name="{{ rule.icmp_block }}"/>
  109. {%- endif %}
  110. {%- if 'icmp_type' in rule %}
  111. <icmp-type name="{{ rule.icmp_type }}"/>
  112. {%- endif %}
  113. {%- if 'masquerade' in rule %}
  114. {%- if rule.masquerade %}<masquerade/>{%- endif %}
  115. {%- endif %}
  116. {%- if 'forward_port' in rule %}
  117. {%- if 'comment' in rule.forward_port %}
  118. <!-- {{ rule.forward_port.comment }} -->
  119. {%- endif %}
  120. <forward-port port="{{ rule.forward_port.portid }}" protocol="{{ rule.forward_port.protocol }}"{%- if 'to_port' in rule.forward_port %} to-port="{{ rule.forward_port.to_port }}"{%- endif %}{%- if 'to_addr' in rule.forward_port %} to-addr="{{ rule.forward_port.to_addr }}"{%- endif %} />
  121. {%- endif %}
  122. {%- if 'source_port' in rule %}
  123. {%- if 'comment' in rule.source_port %}
  124. <!-- {{ rule.source_port.comment }} -->
  125. {%- endif %}
  126. <source-port port="{{ rule.source_port.portid }}" protocol="{{ rule.source_port.protocol }}"{%- if 'to_port' in rule.source_port %} to-port="{{ rule.source_port.to_port }}"{%- endif %}{%- if 'to_addr' in rule.source_port %} to-addr="{{ rule.source_port.to_addr }}"{%- endif %} />
  127. {%- endif %}
  128. {%- if 'log' in rule %}
  129. <log{%- if 'prefix' in rule.log %} prefix="{{ rule.log.prefix }}"{%- endif %}{%- if 'level' in rule.log %} level="{{ rule.log.level }}"{%- endif %}>
  130. {%- if 'limit' in rule.log %}
  131. <limit value="{{ rule.log.limit }}"/>
  132. {%- endif %}
  133. </log>
  134. {%- endif %}
  135. {%- if 'audit' in rule %}
  136. <audit>{%- if 'limit' in rule.audit %} <limit value="{{ rule.audit.limit }}"/>{%- endif %}</audit>
  137. {%- endif %}
  138. {%- if 'accept' in rule %}
  139. <accept/>
  140. {%- endif %}
  141. {%- if 'reject' in rule %}
  142. <reject{%- if 'type' in rule.reject %} type="{{ rule.reject.type }}"{%- endif %}/>
  143. {%- endif %}
  144. {%- if 'drop' in rule %}
  145. <drop/>
  146. {%- endif %}
  147. </rule>
  148. {%- endfor %}
  149. {%- endif %}
  150. </zone>