|
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127 |
- <?xml version="1.0" encoding="utf-8"?>
- <!--
- This file is managed/generated by salt.
- Do not edit this file manually, it will be overwritten!
- Modify the salt pillar for firewalld instead
- -->
- <zone{%- if 'target' in zone %} target="{{ zone.target }}"{%- endif %}>
- {% if 'short' in zone %}<short>{{ zone.short }}</short>{% else %}<short>{{ name }}</short>{% endif %}
- {% if 'description' in zone %}<description>{{ zone.description }}</description>{% endif %}
-
- {%- if 'interfaces' in zone %}
- {%- for v in zone.interfaces %}
- <interface name="{{ v }}" />
- {%- endfor %}
- {%- endif %}
- {%- if 'sources' in zone %}
- {%- for v in zone.sources %}
- {%- if 'comment' in v %}
- <!-- {{ v.comment }} -->
- <source address="{{ v.source }}" />
- {%- else %}
- <source address="{{ v }}" />
- {%- endif %}
- {%- endfor %}
- {%- endif %}
- {%- if 'ipsets' in zone %}
- {%- for v in zone.ipsets %}
- {%- if 'comment' in v %}
- <!-- {{ v.comment }} -->
- <source ipset="{{ v.ipset }}" />
- {%- else %}
- <source ipset="{{ v }}" />
- {%- endif %}
- {%- endfor %}
- {%- endif %}
- {%- if 'services' in zone %}
- {%- for v in zone.services %}
- <service name="{{ v }}" />
- {%- endfor %}
- {%- endif %}
- {%- if 'ports' in zone %}
- {%- for v in zone.ports %}
- {%- if 'comment' in v %}
- <!-- {{ v.comment }} -->
- {%- endif %}
- <port port="{{ v.port }}" protocol="{{ v.protocol }}"/>
- {%- endfor %}
- {%- endif %}
- {%- if 'icmp_blocks' in zone %}
- {%- for v in zone.icmp_blocks %}
- <icmp-block name="{{ v }}" />
- {%- endfor %}
- {%- endif %}
- {%- if 'masquerade' in zone %}
- {%- if zone.masquerade %}
- <masquerade/>
- {%- endif %}
- {%- endif %}
- {%- if 'forward_ports' in zone %}
- {%- for v in zone.forward_ports %}
- {%- if 'comment' in v %}
- <!-- {{ v.comment }} -->
- {%- endif %}
- <forward-port port="{{ v.portid }}" protocol="{{ v.protocol }}"{%- if 'to_port' in v %} to-port="{{ v.to_port }}"{%- endif %}{%- if 'to_addr' in v %} to-addr="{{ v.to_addr }}"{%- endif %} />
- {%- endfor %}
- {%- endif %}
-
- {%- if 'rich_rules' in zone %}
- {%- for rule in zone.rich_rules %}
- {%- if 'family' in rule %}
- <rule family="{{ rule.family }}">
- {%- else %}
- <rule>
- {%- endif %}
- {%- if 'ipset' in rule %}
- <source ipset="{{ rule.ipset.name }}"/>
- {%- endif %}
- {%- if 'source' in rule %}
- <source address="{{ rule.source.address }}" {%- if 'invert' in rule.source %}invert="{{ rule.source.invert }}"{%- endif %}/>
- {%- endif %}
- {%- if 'destination' in rule %}
- <destination address="{{ rule.destination.address }}" {%- if 'invert' in rule.destination %}invert="{{ rule.destination.invert }}"{%- endif %}/>
- {%- endif %}
- {%- if 'service' in rule %}
- <service name="{{ rule.service }}"/>
- {%- endif %}
- {%- if 'port' in rule %}
- <port port="{{ rule.port.portid }}" protocol="{{ rule.port.protocol }}"/>
- {%- endif %}
- {%- if 'protocol' in rule %}
- <protocol value="{{ rule.protocol }}"/>
- {%- endif %}
- {%- if 'icmp_block' in rule %}
- <icmp_block name="{{ rule.icmp_block }}"/>
- {%- endif %}
- {%- if 'masquerade' in rule %}
- {%- if rule.masquerade %}<masquerade/>{%- endif %}
- {%- endif %}
- {%- if 'forward_port' in rule %}
- {%- if 'comment' in rule.forward_port %}
- <!-- {{ rule.forward_port.comment }} -->
- {%- endif %}
- <forward-port port="{{ rule.forward_port.portid }}" protocol="{{ rule.forward_port.protocol }}"{%- if 'to_port' in rule.forward_port %} to-port="{{ rule.forward_port.to_port }}"{%- endif %}{%- if 'to_addr' in rule.forward_port %} to-addr="{{ rule.forward_port.to_addr }}"{%- endif %} />
- {%- endif %}
- {%- if 'log' in rule %}
- <log{%- if 'prefix' in rule.log %} prefix="{{ rule.log.prefix }}"{%- endif %}{%- if 'level' in rule.log %} level="{{ rule.log.level }}"{%- endif %}>
- {%- if 'limit' in rule.log %}
- <limit value="{{ rule.log.limit }}"/>
- {%- endif %}
- </log>
- {%- endif %}
- {%- if 'audit' in rule %}
- <audit>{%- if 'limit' in rule.audit %} <limit value="{{ rule.audit.limit }}"/>{%- endif %}</audit>
- {%- endif %}
- {%- if 'accept' in rule %}
- <accept/>
- {%- endif %}
- {%- if 'reject' in rule %}
- <reject{%- if 'type' in rule.reject %} type="{{ rule.reject.type }}"{%- endif %}/>
- {%- endif %}
- {%- if 'drop' in rule %}
- <drop/>
- {%- endif %}
- </rule>
- {%- endfor %}
- {%- endif %}
- </zone>
|
