Saltstack Official FirewallD Formula
Du kan inte välja fler än 25 ämnen Ämnen måste starta med en bokstav eller siffra, kan innehålla bindestreck ('-') och vara max 35 tecken långa.

zone.xml 5.3KB

10 år sedan
10 år sedan
10 år sedan
10 år sedan
10 år sedan
10 år sedan
10 år sedan
10 år sedan
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152
  1. <?xml version="1.0" encoding="utf-8"?>
  2. <!--
  3. This file is managed/generated by salt.
  4. Do not edit this file manually, it will be overwritten!
  5. Modify the salt pillar for firewalld instead
  6. -->
  7. <zone{%- if 'target' in zone %} target="{{ zone.target }}"{%- endif %}>
  8. {% if 'short' in zone %}<short>{{ zone.short }}</short>{% else %}<short>{{ name }}</short>{% endif %}
  9. {% if 'description' in zone %}<description>{{ zone.description }}</description>{% endif %}
  10. {%- if 'interfaces' in zone %}
  11. {%- for v in zone.interfaces %}
  12. <interface name="{{ v }}" />
  13. {%- endfor %}
  14. {%- endif %}
  15. {%- if 'sources' in zone %}
  16. {%- for v in zone.sources %}
  17. {%- if 'comment' in v %}
  18. <!-- {{ v.comment }} -->
  19. <source address="{{ v.source }}" />
  20. {%- else %}
  21. <source address="{{ v }}" />
  22. {%- endif %}
  23. {%- endfor %}
  24. {%- endif %}
  25. {%- if 'ipsets' in zone %}
  26. {%- for v in zone.ipsets %}
  27. {%- if 'comment' in v %}
  28. <!-- {{ v.comment }} -->
  29. <source ipset="{{ v.ipset }}" />
  30. {%- else %}
  31. <source ipset="{{ v }}" />
  32. {%- endif %}
  33. {%- endfor %}
  34. {%- endif %}
  35. {%- if 'services' in zone %}
  36. {%- for v in zone.services %}
  37. <service name="{{ v }}" />
  38. {%- endfor %}
  39. {%- endif %}
  40. {%- if 'ports' in zone %}
  41. {%- for v in zone.ports %}
  42. {%- if 'comment' in v %}
  43. <!-- {{ v.comment }} -->
  44. {%- endif %}
  45. <port port="{{ v.port }}" protocol="{{ v.protocol }}"/>
  46. {%- endfor %}
  47. {%- endif %}
  48. {%- if 'protocols' in zone %}
  49. {%- for v in zone.protocols %}
  50. <protocol value="{{ v }}" />
  51. {%- endfor %}
  52. {%- endif %}
  53. {%- if 'icmp_blocks' in zone %}
  54. {%- for v in zone.icmp_blocks %}
  55. <icmp-block name="{{ v }}" />
  56. {%- endfor %}
  57. {%- endif %}
  58. {%- if 'icmp_block_inversion' in zone %}
  59. <icmp-block-inversion name="{{ zone.icmp_blok_inversion }}" />
  60. {%- endif %}
  61. {%- if 'masquerade' in zone %}
  62. {%- if zone.masquerade %}
  63. <masquerade/>
  64. {%- endif %}
  65. {%- endif %}
  66. {%- if 'forward_ports' in zone %}
  67. {%- for v in zone.forward_ports %}
  68. {%- if 'comment' in v %}
  69. <!-- {{ v.comment }} -->
  70. {%- endif %}
  71. <forward-port port="{{ v.portid }}" protocol="{{ v.protocol }}"{%- if 'to_port' in v %} to-port="{{ v.to_port }}"{%- endif %}{%- if 'to_addr' in v %} to-addr="{{ v.to_addr }}"{%- endif %} />
  72. {%- endfor %}
  73. {%- endif %}
  74. {%- if 'source_ports' in zone %}
  75. {%- for v in zone.source_ports %}
  76. {%- if 'comment' in v %}
  77. <!-- {{ v.comment }} -->
  78. {%- endif %}
  79. <source-port port="{{ v.port }}" protocol="{{ v.protocol }}"/>
  80. {%- endfor %}
  81. {%- endif %}
  82. {%- if 'rich_rules' in zone %}
  83. {%- for rule in zone.rich_rules %}
  84. {%- if 'family' in rule %}
  85. <rule family="{{ rule.family }}">
  86. {%- else %}
  87. <rule>
  88. {%- endif %}
  89. {%- if 'ipset' in rule %}
  90. <source ipset="{{ rule.ipset.name }}"/>
  91. {%- endif %}
  92. {%- if 'source' in rule %}
  93. <source address="{{ rule.source.address }}" {%- if 'invert' in rule.source %}invert="{{ rule.source.invert }}"{%- endif %}/>
  94. {%- endif %}
  95. {%- if 'destination' in rule %}
  96. <destination address="{{ rule.destination.address }}" {%- if 'invert' in rule.destination %}invert="{{ rule.destination.invert }}"{%- endif %}/>
  97. {%- endif %}
  98. {%- if 'service' in rule %}
  99. <service name="{{ rule.service }}"/>
  100. {%- endif %}
  101. {%- if 'port' in rule %}
  102. <port port="{{ rule.port.portid }}" protocol="{{ rule.port.protocol }}"/>
  103. {%- endif %}
  104. {%- if 'protocol' in rule %}
  105. <protocol value="{{ rule.protocol }}"/>
  106. {%- endif %}
  107. {%- if 'icmp_block' in rule %}
  108. <icmp-block name="{{ rule.icmp_block }}"/>
  109. {%- endif %}
  110. {%- if 'icmp_type' in rule %}
  111. <icmp-type name="{{ rule.icmp_type }}"/>
  112. {%- endif %}
  113. {%- if 'masquerade' in rule %}
  114. {%- if rule.masquerade %}<masquerade/>{%- endif %}
  115. {%- endif %}
  116. {%- if 'forward_port' in rule %}
  117. {%- if 'comment' in rule.forward_port %}
  118. <!-- {{ rule.forward_port.comment }} -->
  119. {%- endif %}
  120. <forward-port port="{{ rule.forward_port.portid }}" protocol="{{ rule.forward_port.protocol }}"{%- if 'to_port' in rule.forward_port %} to-port="{{ rule.forward_port.to_port }}"{%- endif %}{%- if 'to_addr' in rule.forward_port %} to-addr="{{ rule.forward_port.to_addr }}"{%- endif %} />
  121. {%- endif %}
  122. {%- if 'source_port' in rule %}
  123. {%- if 'comment' in rule.source_port %}
  124. <!-- {{ rule.source_port.comment }} -->
  125. {%- endif %}
  126. <source-port port="{{ rule.source_port.portid }}" protocol="{{ rule.source_port.protocol }}"{%- if 'to_port' in rule.source_port %} to-port="{{ rule.source_port.to_port }}"{%- endif %}{%- if 'to_addr' in rule.source_port %} to-addr="{{ rule.source_port.to_addr }}"{%- endif %} />
  127. {%- endif %}
  128. {%- if 'log' in rule %}
  129. <log{%- if 'prefix' in rule.log %} prefix="{{ rule.log.prefix }}"{%- endif %}{%- if 'level' in rule.log %} level="{{ rule.log.level }}"{%- endif %}>
  130. {%- if 'limit' in rule.log %}
  131. <limit value="{{ rule.log.limit }}"/>
  132. {%- endif %}
  133. </log>
  134. {%- endif %}
  135. {%- if 'audit' in rule %}
  136. <audit>{%- if 'limit' in rule.audit %} <limit value="{{ rule.audit.limit }}"/>{%- endif %}</audit>
  137. {%- endif %}
  138. {%- if 'accept' in rule %}
  139. <accept/>
  140. {%- endif %}
  141. {%- if 'reject' in rule %}
  142. <reject{%- if 'type' in rule.reject %} type="{{ rule.reject.type }}"{%- endif %}/>
  143. {%- endif %}
  144. {%- if 'drop' in rule %}
  145. <drop/>
  146. {%- endif %}
  147. </rule>
  148. {%- endfor %}
  149. {%- endif %}
  150. </zone>