Browse Source
Add support for using ipsets as sources in a zone
I wanted to be able to add an ipset as a source in the zone without using a rich rule. I believe this change accomplishes that. Tested and working on CentOS 7 (salt master and minion).tags/v0.6.2
Paul Williams
7 years ago
1 changed files with 10 additions and 0 deletions
+ 10
- 0
firewalld/files/zone.xml
View File
| {%- endif %} | {%- endif %} | ||||
| {%- endfor %} | {%- endfor %} | ||||
| {%- endif %} | {%- endif %} | ||||
| {%- if 'ipsets' in zone %} | |||||
| {%- for v in zone.ipsets %} | |||||
| {%- if 'comment' in v %} | |||||
| <!-- {{ v.comment }} --> | |||||
| <source ipset="{{ v.ipset }}" /> | |||||
| {%- else %} | |||||
| <source ipset="{{ v }}" /> | |||||
| {%- endif %} | |||||
| {%- endfor %} | |||||
| {%- endif %} | |||||
| {%- if 'services' in zone %} | {%- if 'services' in zone %} | ||||
| {%- for v in zone.services %} | {%- for v in zone.services %} | ||||
| <service name="{{ v }}" /> | <service name="{{ v }}" /> |
Loading…