Browse Source
fix(yamllint): fix all errors
```bash firewalld-formula$ yamllint -s . ./pillar.example 2:1 warning missing document start "---" (document-start) 3:12 warning truthy value should be one of [false, true] (truthy) 12:13 warning truthy value should be one of [false, true] (truthy) 15:89 error line too long (108 > 88 characters) (line-length) 19:13 warning truthy value should be one of [false, true] (truthy) 30:89 error line too long (363 > 88 characters) (line-length) 96:89 error line too long (170 > 88 characters) (line-length) 108:15 error wrong indentation: expected 12 but found 14 (indentation) 115:13 error empty value in block mapping (empty-values) 116:2 error syntax error: found character '%' that cannot start any token 152:89 error line too long (112 > 88 characters) (line-length) ./firewalld/defaults.yaml 3:1 warning missing document start "---" (document-start) ```tags/v0.7.0
Imran Iqbal
5 years ago
2 changed files with 35 additions and 14 deletions
+ 1
- 0
firewalld/defaults.yaml
View File
| # -*- coding: utf-8 -*- | # -*- coding: utf-8 -*- | ||||
| # vim: ft=yaml | # vim: ft=yaml | ||||
| --- | |||||
| firewalld: | firewalld: | ||||
| enabled: true | enabled: true | ||||
| package: firewalld | package: firewalld |
+ 34
- 14
pillar.example
View File
| # -*- coding: utf-8 -*- | |||||
| # vim: ft=yaml | |||||
| --- | |||||
| # FirewallD pillar examples: | # FirewallD pillar examples: | ||||
| firewalld: | firewalld: | ||||
| enabled: True | |||||
| enabled: true | |||||
| IndividualCalls: 'no' | IndividualCalls: 'no' | ||||
| LogDenied: 'off' | LogDenied: 'off' | ||||
| AutomaticHelpers: 'system' | AutomaticHelpers: 'system' | ||||
| RFC3964_IPv4: 'yes' | RFC3964_IPv4: 'yes' | ||||
| ipset: | ipset: | ||||
| manage: True | |||||
| manage: true | |||||
| pkg: ipset | pkg: ipset | ||||
| # ipset: # Deprecated. Support for this format will be removed in future releases | |||||
| # ipsetpackag: ipset # Deprecated. Will be removed in future releases | |||||
| # ipset: # Deprecated. Will be removed in future releases | |||||
| # ipsetpackag: ipset # Deprecated. Will be removed in future releases | |||||
| backend: | backend: | ||||
| manage: True | |||||
| manage: true | |||||
| pkg: nftables | pkg: nftables | ||||
| # installbackend: True # Deprecated. Will be removed in future releases | |||||
| # backendpackage: nftables # Deprecated. Will be removed in future releases | |||||
| # installbackend: true # Deprecated. Will be removed in future releases | |||||
| # backendpackage: nftables # Deprecated. Will be removed in future releases | |||||
| default_zone: public | default_zone: public | ||||
| services: | services: | ||||
| sshcustom: | sshcustom: | ||||
| short: sshcustom | short: sshcustom | ||||
| description: SSH on port 3232 and 5252. Secure Shell (SSH) is a protocol for logging into and executing commands on remote machines. It provides secure encrypted communications. If you plan on accessing your machine remotely via SSH over a firewalled interface, enable this option. You need the openssh-server package installed for this option to be useful. | |||||
| description: >- | |||||
| SSH on port 3232 and 5252. Secure Shell (SSH) is a protocol for logging | |||||
| into and executing commands on remote machines. It provides secure | |||||
| encrypted communications. If you plan on accessing your machine | |||||
| remotely via SSH over a firewalled interface, enable this option. You | |||||
| need the openssh-server package installed for this option to be useful. | |||||
| ports: | ports: | ||||
| tcp: | tcp: | ||||
| - 3232 | - 3232 | ||||
| zones: | zones: | ||||
| public: | public: | ||||
| short: Public | short: Public | ||||
| description: "For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted." | |||||
| description: >- | |||||
| For use in public areas. You do not trust the other computers on | |||||
| networks to not harm your computer. Only selected incoming connections | |||||
| are accepted. | |||||
| services: | services: | ||||
| - http | - http | ||||
| - zabbixcustom | - zabbixcustom | ||||
| rich_rules: | rich_rules: | ||||
| - family: ipv4 | - family: ipv4 | ||||
| source: | source: | ||||
| address: 8.8.8.8/24 | |||||
| address: 8.8.8.8/24 | |||||
| accept: true | accept: true | ||||
| - family: ipv4 | - family: ipv4 | ||||
| ipset: | ipset: | ||||
| reject: | reject: | ||||
| type: icmp-port-unreachable | type: icmp-port-unreachable | ||||
| ports: | ports: | ||||
| {% if grains['id'] == 'salt.example.com' %} | |||||
| # {%- if grains['id'] == 'salt.example.com' %} | |||||
| - comment: salt-master | - comment: salt-master | ||||
| port: 4505 | port: 4505 | ||||
| protocol: tcp | protocol: tcp | ||||
| - comment: salt-python | - comment: salt-python | ||||
| port: 4506 | port: 4506 | ||||
| protocol: tcp | protocol: tcp | ||||
| {% endif %} | |||||
| # {%- endif %} | |||||
| - comment: zabbix-agent | - comment: zabbix-agent | ||||
| port: 10050 | port: 10050 | ||||
| protocol: tcp | protocol: tcp | ||||
| table: filter | table: filter | ||||
| chain: FORWARD | chain: FORWARD | ||||
| priority: "0" | priority: "0" | ||||
| args: "-i iintern -o iextern -s 192.168.1.0/24 -m conntrack --ctstate NEW,RELATED,ESTABLISHED -j ACCEPT" | |||||
| args: >- | |||||
| -i iintern | |||||
| -o iextern | |||||
| -s 192.168.1.0/24 | |||||
| -m conntrack | |||||
| --ctstate NEW,RELATED,ESTABLISHED | |||||
| -j ACCEPT | |||||
| passthrough: | passthrough: | ||||
| MYPASSTHROUGH: | MYPASSTHROUGH: | ||||
| ipv: ipv4 | ipv: ipv4 | ||||
| args: "-t raw -A MYCHAIN -j DROP" | |||||
| args: >- | |||||
| -t raw | |||||
| -A MYCHAIN | |||||
| -j DROP |
Loading…