|
|
|
|
|
|
|
|
{%- if 'comment' in v %} |
|
|
{%- if 'comment' in v %} |
|
|
<!-- {{ v.comment }} --> |
|
|
<!-- {{ v.comment }} --> |
|
|
{%- endif %} |
|
|
{%- endif %} |
|
|
<port port="{{ v.port }}" protocol="{{ v.protocol }}"/> |
|
|
|
|
|
|
|
|
<port port="{{ v.port }}" protocol="{{ v.protocol }}" /> |
|
|
{%- endfor %} |
|
|
{%- endfor %} |
|
|
{%- endif %} |
|
|
{%- endif %} |
|
|
{%- if 'protocols' in zone %} |
|
|
{%- if 'protocols' in zone %} |
|
|
|
|
|
|
|
|
{%- if 'comment' in v %} |
|
|
{%- if 'comment' in v %} |
|
|
<!-- {{ v.comment }} --> |
|
|
<!-- {{ v.comment }} --> |
|
|
{%- endif %} |
|
|
{%- endif %} |
|
|
<source-port port="{{ v.port }}" protocol="{{ v.protocol }}"/> |
|
|
|
|
|
|
|
|
<source-port port="{{ v.port }}" protocol="{{ v.protocol }}" /> |
|
|
{%- endfor %} |
|
|
{%- endfor %} |
|
|
{%- endif %} |
|
|
{%- endif %} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<rule> |
|
|
<rule> |
|
|
{%- endif %} |
|
|
{%- endif %} |
|
|
{%- if 'ipset' in rule %} |
|
|
{%- if 'ipset' in rule %} |
|
|
<source ipset="{{ rule.ipset.name }}"/> |
|
|
|
|
|
|
|
|
<source ipset="{{ rule.ipset.name }}" /> |
|
|
{%- endif %} |
|
|
{%- endif %} |
|
|
{%- if 'source' in rule %} |
|
|
{%- if 'source' in rule %} |
|
|
<source address="{{ rule.source.address }}" {%- if 'invert' in rule.source %}invert="{{ rule.source.invert }}"{%- endif %}/> |
|
|
|
|
|
|
|
|
<source address="{{ rule.source.address }}" {%- if 'invert' in rule.source %}invert="{{ rule.source.invert }}"{%- endif %} /> |
|
|
{%- endif %} |
|
|
{%- endif %} |
|
|
{%- if 'destination' in rule %} |
|
|
{%- if 'destination' in rule %} |
|
|
<destination address="{{ rule.destination.address }}" {%- if 'invert' in rule.destination %}invert="{{ rule.destination.invert }}"{%- endif %}/> |
|
|
|
|
|
|
|
|
<destination address="{{ rule.destination.address }}" {%- if 'invert' in rule.destination %}invert="{{ rule.destination.invert }}"{%- endif %} /> |
|
|
{%- endif %} |
|
|
{%- endif %} |
|
|
{%- if 'service' in rule %} |
|
|
{%- if 'service' in rule %} |
|
|
<service name="{{ rule.service }}"/> |
|
|
|
|
|
|
|
|
<service name="{{ rule.service }}" /> |
|
|
{%- endif %} |
|
|
{%- endif %} |
|
|
{%- if 'port' in rule %} |
|
|
{%- if 'port' in rule %} |
|
|
<port port="{{ rule.port.portid }}" protocol="{{ rule.port.protocol }}"/> |
|
|
|
|
|
|
|
|
<port port="{{ rule.port.portid }}" protocol="{{ rule.port.protocol }}" /> |
|
|
{%- endif %} |
|
|
{%- endif %} |
|
|
{%- if 'protocol' in rule %} |
|
|
{%- if 'protocol' in rule %} |
|
|
<protocol value="{{ rule.protocol }}"/> |
|
|
|
|
|
|
|
|
<protocol value="{{ rule.protocol }}" /> |
|
|
{%- endif %} |
|
|
{%- endif %} |
|
|
{%- if 'icmp_block' in rule %} |
|
|
{%- if 'icmp_block' in rule %} |
|
|
<icmp-block name="{{ rule.icmp_block }}"/> |
|
|
|
|
|
|
|
|
<icmp-block name="{{ rule.icmp_block }}" /> |
|
|
{%- endif %} |
|
|
{%- endif %} |
|
|
{%- if 'icmp_type' in rule %} |
|
|
{%- if 'icmp_type' in rule %} |
|
|
<icmp-type name="{{ rule.icmp_type }}"/> |
|
|
|
|
|
|
|
|
<icmp-type name="{{ rule.icmp_type }}" /> |
|
|
{%- endif %} |
|
|
{%- endif %} |
|
|
{%- if 'masquerade' in rule %} |
|
|
{%- if 'masquerade' in rule %} |
|
|
{%- if rule.masquerade %}<masquerade/>{%- endif %} |
|
|
{%- if rule.masquerade %}<masquerade/>{%- endif %} |
|
|
|
|
|
|
|
|
<accept/> |
|
|
<accept/> |
|
|
{%- endif %} |
|
|
{%- endif %} |
|
|
{%- if 'reject' in rule %} |
|
|
{%- if 'reject' in rule %} |
|
|
<reject{%- if 'type' in rule.reject %} type="{{ rule.reject.type }}"{%- endif %}/> |
|
|
|
|
|
|
|
|
<reject{%- if 'type' in rule.reject %} type="{{ rule.reject.type }}"{%- endif %} /> |
|
|
{%- endif %} |
|
|
{%- endif %} |
|
|
{%- if 'drop' in rule %} |
|
|
{%- if 'drop' in rule %} |
|
|
<drop/> |
|
|
<drop/> |