ソースを参照
feat(zone.xml): allow more services definition inside zone
Now multiple sections ending with `services` can be defined for each in pillar and all of them will get merged into one service block in the zone. The goal is to keep backward compatibility while allowing different services to be defined in different pillars. So basically have various parts of the pillar affecting the firewall without need to define everything centrally. Helpful for the exceptions to the rules.tags/v0.9.0
Michal Hrusecky
4年前
+ 6
- 4
firewalld/files/zone.xml
ファイルの表示
| @@ -33,11 +33,13 @@ | |||
| {%- endif %} | |||
| {%- endfor %} | |||
| {%- endif %} | |||
| {%- if 'services' in zone %} | |||
| {%- for v in zone.services %} | |||
| {%- for k,val in zone.items() %} | |||
| {%- if k.endswith("services") %} | |||
| {%- for v in val %} | |||
| <service name="{{ v }}" /> | |||
| {%- endfor %} | |||
| {%- endif %} | |||
| {%- endfor %} | |||
| {%- endif %} | |||
| {%- endfor %} | |||
| {%- if 'ports' in zone %} | |||
| {%- for v in zone.ports %} | |||
| {%- if 'comment' in v %} | |||
+ 3
- 1
pillar.example
ファイルの表示
| @@ -107,10 +107,12 @@ firewalld: | |||
| are accepted. | |||
| services: | |||
| - http | |||
| - zabbixcustom | |||
| - https | |||
| - ssh | |||
| - salt-minion | |||
| # Anything in zone definition ending with services will get merged into services | |||
| other_services: | |||
| - zabbixcustom | |||
| protocols: | |||
| - igmp | |||
| rich_rules: | |||
読み込み中…