浏览代码

Merge pull request #52 from Sxderp/pr-add-priority

add priority to rich rules
tags/v1.3.0
Imran Iqbal 3 年前
父节点
当前提交
71e8d373d7
没有帐户链接到提交者的电子邮件
共有 21 个文件被更改,包括 140 次插入6 次删除
  1. +2
    -6
      firewalld/files/zone.xml
  2. +7
    -0
      pillar.example
  3. +5
    -0
      test/integration/default/controls/zones_spec.rb
  4. +7
    -0
      test/integration/default/files/_mapdata/amazonlinux-1.yaml
  5. +7
    -0
      test/integration/default/files/_mapdata/amazonlinux-2.yaml
  6. +7
    -0
      test/integration/default/files/_mapdata/arch-base-latest.yaml
  7. +7
    -0
      test/integration/default/files/_mapdata/centos-7.yaml
  8. +7
    -0
      test/integration/default/files/_mapdata/centos-8.yaml
  9. +7
    -0
      test/integration/default/files/_mapdata/debian-10.yaml
  10. +7
    -0
      test/integration/default/files/_mapdata/debian-9.yaml
  11. +7
    -0
      test/integration/default/files/_mapdata/fedora-31.yaml
  12. +7
    -0
      test/integration/default/files/_mapdata/fedora-32.yaml
  13. +7
    -0
      test/integration/default/files/_mapdata/fedora-33.yaml
  14. +7
    -0
      test/integration/default/files/_mapdata/fedora-34.yaml
  15. +7
    -0
      test/integration/default/files/_mapdata/opensuse-15.yaml
  16. +7
    -0
      test/integration/default/files/_mapdata/opensuse-tumbleweed.yaml
  17. +7
    -0
      test/integration/default/files/_mapdata/oraclelinux-7.yaml
  18. +7
    -0
      test/integration/default/files/_mapdata/oraclelinux-8.yaml
  19. +7
    -0
      test/integration/default/files/_mapdata/ubuntu-16.yaml
  20. +7
    -0
      test/integration/default/files/_mapdata/ubuntu-18.yaml
  21. +7
    -0
      test/integration/default/files/_mapdata/ubuntu-20.yaml

+ 2
- 6
firewalld/files/zone.xml 查看文件

@@ -4,12 +4,8 @@
Do not edit this file manually, it will be overwritten!
Modify the salt pillar for firewalld instead
-->
{%- macro rich_rule(rule) -%}
{%- if 'family' in rule %}
<rule family="{{ rule.family }}">
{%- else %}
<rule>
{%- endif %}
{%- macro rich_rule(rule) %}
<rule{% if 'family' in rule %} family="{{ rule.family }}"{% endif %}{% if 'priority' in rule %} priority="{{ rule.priority }}"{% endif %}>
{%- if 'ipset' in rule %}
<source ipset="{{ rule.ipset.name }}" />
{%- endif %}

+ 7
- 0
pillar.example 查看文件

@@ -167,6 +167,13 @@ firewalld:
# can be used. Special keys "ipsets" and "services", if defined, take precedence.
# They will be auto-expanded into separate rich rules per value in the list.
rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg:
accept: true
ipsets:

+ 5
- 0
test/integration/default/controls/zones_spec.rb 查看文件

@@ -63,6 +63,11 @@ control 'zones/rich_public.xml configuration' do
<zone>
<short>rich_public</short>
<description>Example</description>
<rule priority="15">
<source ipset="other-ipset" />
<service name="http" />
<accept></accept>
</rule>
<rule>
<source ipset="fail2ban-ssh" />
<service name="ssh" />

+ 7
- 0
test/integration/default/files/_mapdata/amazonlinux-1.yaml 查看文件

@@ -150,6 +150,13 @@ values:
rich_public:
description: Example
rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg:
accept: true
ipsets:

+ 7
- 0
test/integration/default/files/_mapdata/amazonlinux-2.yaml 查看文件

@@ -157,6 +157,13 @@ values:
rich_public:
description: Example
rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg:
accept: true
ipsets:

+ 7
- 0
test/integration/default/files/_mapdata/arch-base-latest.yaml 查看文件

@@ -157,6 +157,13 @@ values:
rich_public:
description: Example
rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg:
accept: true
ipsets:

+ 7
- 0
test/integration/default/files/_mapdata/centos-7.yaml 查看文件

@@ -157,6 +157,13 @@ values:
rich_public:
description: Example
rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg:
accept: true
ipsets:

+ 7
- 0
test/integration/default/files/_mapdata/centos-8.yaml 查看文件

@@ -157,6 +157,13 @@ values:
rich_public:
description: Example
rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg:
accept: true
ipsets:

+ 7
- 0
test/integration/default/files/_mapdata/debian-10.yaml 查看文件

@@ -157,6 +157,13 @@ values:
rich_public:
description: Example
rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg:
accept: true
ipsets:

+ 7
- 0
test/integration/default/files/_mapdata/debian-9.yaml 查看文件

@@ -157,6 +157,13 @@ values:
rich_public:
description: Example
rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg:
accept: true
ipsets:

+ 7
- 0
test/integration/default/files/_mapdata/fedora-31.yaml 查看文件

@@ -157,6 +157,13 @@ values:
rich_public:
description: Example
rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg:
accept: true
ipsets:

+ 7
- 0
test/integration/default/files/_mapdata/fedora-32.yaml 查看文件

@@ -157,6 +157,13 @@ values:
rich_public:
description: Example
rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg:
accept: true
ipsets:

+ 7
- 0
test/integration/default/files/_mapdata/fedora-33.yaml 查看文件

@@ -157,6 +157,13 @@ values:
rich_public:
description: Example
rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg:
accept: true
ipsets:

+ 7
- 0
test/integration/default/files/_mapdata/fedora-34.yaml 查看文件

@@ -157,6 +157,13 @@ values:
rich_public:
description: Example
rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg:
accept: true
ipsets:

+ 7
- 0
test/integration/default/files/_mapdata/opensuse-15.yaml 查看文件

@@ -157,6 +157,13 @@ values:
rich_public:
description: Example
rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg:
accept: true
ipsets:

+ 7
- 0
test/integration/default/files/_mapdata/opensuse-tumbleweed.yaml 查看文件

@@ -157,6 +157,13 @@ values:
rich_public:
description: Example
rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg:
accept: true
ipsets:

+ 7
- 0
test/integration/default/files/_mapdata/oraclelinux-7.yaml 查看文件

@@ -157,6 +157,13 @@ values:
rich_public:
description: Example
rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg:
accept: true
ipsets:

+ 7
- 0
test/integration/default/files/_mapdata/oraclelinux-8.yaml 查看文件

@@ -157,6 +157,13 @@ values:
rich_public:
description: Example
rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg:
accept: true
ipsets:

+ 7
- 0
test/integration/default/files/_mapdata/ubuntu-16.yaml 查看文件

@@ -157,6 +157,13 @@ values:
rich_public:
description: Example
rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg:
accept: true
ipsets:

+ 7
- 0
test/integration/default/files/_mapdata/ubuntu-18.yaml 查看文件

@@ -157,6 +157,13 @@ values:
rich_public:
description: Example
rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg:
accept: true
ipsets:

+ 7
- 0
test/integration/default/files/_mapdata/ubuntu-20.yaml 查看文件

@@ -157,6 +157,13 @@ values:
rich_public:
description: Example
rich_rules:
http-priority:
accept: true
ipsets:
- other-ipset
priority: 15
services:
- http
ssh-csg:
accept: true
ipsets:

正在加载...
取消
保存