Bläddra i källkod
fix(config): update firewalld.conf to be inline with 1.2.1 version
Added CleanupModulesOnExit Removed MinimalMark deprecated option Added some Notespull/55/head
Niels Abspoel
2 år sedan
1 ändrade filer med 13 tillägg och 8 borttagningar
+ 13
- 8
firewalld/files/firewalld.conf
Visa fil
| # Default: public | # Default: public | ||||
| DefaultZone={{ firewalld.default_zone|default('public') }} | DefaultZone={{ firewalld.default_zone|default('public') }} | ||||
| # Minimal mark | |||||
| # Marks up to this minimum are free for use for example in the direct | |||||
| # interface. If more free marks are needed, increase the minimum | |||||
| # Default: 100 | |||||
| MinimalMark={{ firewalld.minimal_mark|default('100') }} | |||||
| # Clean up on exit | # Clean up on exit | ||||
| # If set to no or false the firewall configuration will not get cleaned up | # If set to no or false the firewall configuration will not get cleaned up | ||||
| # on exit or stop of firewalld | |||||
| # on exit or stop of firewalld. | |||||
| # Default: yes | # Default: yes | ||||
| CleanupOnExit={{ firewalld.cleanup_on_exit|default('yes') }} | CleanupOnExit={{ firewalld.cleanup_on_exit|default('yes') }} | ||||
| # Clean up kernel modules on exit | |||||
| # If set to yes or true the firewall related kernel modules will be | |||||
| # unloaded on exit or stop of firewalld. This might attempt to unload | |||||
| # modules not originally loaded by firewalld. | |||||
| # Default: no | |||||
| CleanupModulesOnExit={{ firewalld.cleanup_module_on_exit|default('no') }} | |||||
| # Lockdown | # Lockdown | ||||
| # If set to enabled, firewall changes with the D-Bus interface will be limited | # If set to enabled, firewall changes with the D-Bus interface will be limited | ||||
| # to applications that are listed in the lockdown whitelist. | # to applications that are listed in the lockdown whitelist. | ||||
| # IPv6_rpfilter | # IPv6_rpfilter | ||||
| # Performs a reverse path filter test on a packet for IPv6. If a reply to the | # Performs a reverse path filter test on a packet for IPv6. If a reply to the | ||||
| # packet would be sent via the same interface that the packet arrived on, the | |||||
| # packet would be sent via the same interface that the packet arrived on, the | |||||
| # packet will match and be accepted, otherwise dropped. | # packet will match and be accepted, otherwise dropped. | ||||
| # The rp_filter for IPv4 is controlled using sysctl. | # The rp_filter for IPv4 is controlled using sysctl. | ||||
| # Note: This feature has a performance impact. See man page FIREWALLD.CONF(5) | |||||
| # for details. | |||||
| # Default: yes | # Default: yes | ||||
| IPv6_rpfilter={{ firewalld.IPv6_rpfilter|default('yes') }} | IPv6_rpfilter={{ firewalld.IPv6_rpfilter|default('yes') }} | ||||
| {%- if firewalld.get('IndividualCalls', False) %} | {%- if firewalld.get('IndividualCalls', False) %} | ||||
| # Choices are: | # Choices are: | ||||
| # - nftables (default) | # - nftables (default) | ||||
| # - iptables (iptables, ip6tables, ebtables and ipset) | # - iptables (iptables, ip6tables, ebtables and ipset) | ||||
| # Note: The iptables backend is deprecated. It will be removed in a future | |||||
| # release. | |||||
| FirewallBackend={{ firewalld.FirewallBackend|default('nftables') }} | FirewallBackend={{ firewalld.FirewallBackend|default('nftables') }} | ||||
| {%- endif %} | {%- endif %} | ||||
| {%- if firewalld.get('FlushAllOnReload', False) %} | {%- if firewalld.get('FlushAllOnReload', False) %} |
Laddar…