<?xml version="1.0" encoding="utf-8"?> <!-- This file is managed/generated by salt. Do not edit this file manually, it will be overwritten! Modify the salt pillar for firewalld instead --> <zone{%- if 'target' in zone %} target="{{ zone.target }}"{%- endif %}> {% if 'short' in zone %}<short>{{ zone.short }}</short>{% else %}<short>{{ name }}</short>{% endif %} {% if 'description' in zone %}<description>{{ zone.description }}</description>{% endif %} {%- if 'interfaces' in zone %} {%- for v in zone.interfaces %} <interface name="{{ v }}" /> {%- endfor %} {%- endif %} {%- if 'sources' in zone %} {%- for v in zone.sources %} {%- if 'comment' in v %} <!-- {{ v.comment }} --> <source address="{{ v.source }}" /> {%- else %} <source address="{{ v }}" /> {%- endif %} {%- endfor %} {%- endif %} {%- if 'ipsets' in zone %} {%- for v in zone.ipsets %} {%- if 'comment' in v %} <!-- {{ v.comment }} --> <source ipset="{{ v.ipset }}" /> {%- else %} <source ipset="{{ v }}" /> {%- endif %} {%- endfor %} {%- endif %} {%- if 'services' in zone %} {%- for v in zone.services %} <service name="{{ v }}" /> {%- endfor %} {%- endif %} {%- if 'ports' in zone %} {%- for v in zone.ports %} {%- if 'comment' in v %} <!-- {{ v.comment }} --> {%- endif %} <port port="{{ v.port }}" protocol="{{ v.protocol }}"/> {%- endfor %} {%- endif %} {%- if 'protocols' in zone %} {%- for v in zone.protocols %} <protocol value="{{ v }}" /> {%- endfor %} {%- endif %} {%- if 'icmp_blocks' in zone %} {%- for v in zone.icmp_blocks %} <icmp-block name="{{ v }}" /> {%- endfor %} {%- endif %} {%- if 'icmp_block_inversion' in zone %} <icmp-block-inversion name="{{ zone.icmp_blok_inversion }}" /> {%- endif %} {%- if 'masquerade' in zone %} {%- if zone.masquerade %} <masquerade/> {%- endif %} {%- endif %} {%- if 'forward_ports' in zone %} {%- for v in zone.forward_ports %} {%- if 'comment' in v %} <!-- {{ v.comment }} --> {%- endif %} <forward-port port="{{ v.portid }}" protocol="{{ v.protocol }}"{%- if 'to_port' in v %} to-port="{{ v.to_port }}"{%- endif %}{%- if 'to_addr' in v %} to-addr="{{ v.to_addr }}"{%- endif %} /> {%- endfor %} {%- endif %} {%- if 'source_ports' in zone %} {%- for v in zone.source_ports %} {%- if 'comment' in v %} <!-- {{ v.comment }} --> {%- endif %} <source-port port="{{ v.port }}" protocol="{{ v.protocol }}"/> {%- endfor %} {%- endif %} {%- if 'rich_rules' in zone %} {%- for rule in zone.rich_rules %} {%- if 'family' in rule %} <rule family="{{ rule.family }}"> {%- else %} <rule> {%- endif %} {%- if 'ipset' in rule %} <source ipset="{{ rule.ipset.name }}"/> {%- endif %} {%- if 'source' in rule %} <source address="{{ rule.source.address }}" {%- if 'invert' in rule.source %}invert="{{ rule.source.invert }}"{%- endif %}/> {%- endif %} {%- if 'destination' in rule %} <destination address="{{ rule.destination.address }}" {%- if 'invert' in rule.destination %}invert="{{ rule.destination.invert }}"{%- endif %}/> {%- endif %} {%- if 'service' in rule %} <service name="{{ rule.service }}"/> {%- endif %} {%- if 'port' in rule %} <port port="{{ rule.port.portid }}" protocol="{{ rule.port.protocol }}"/> {%- endif %} {%- if 'protocol' in rule %} <protocol value="{{ rule.protocol }}"/> {%- endif %} {%- if 'icmp_block' in rule %} <icmp-block name="{{ rule.icmp_block }}"/> {%- endif %} {%- if 'icmp_type' in rule %} <icmp-type name="{{ rule.icmp_type }}"/> {%- endif %} {%- if 'masquerade' in rule %} {%- if rule.masquerade %}<masquerade/>{%- endif %} {%- endif %} {%- if 'forward_port' in rule %} {%- if 'comment' in rule.forward_port %} <!-- {{ rule.forward_port.comment }} --> {%- endif %} <forward-port port="{{ rule.forward_port.portid }}" protocol="{{ rule.forward_port.protocol }}"{%- if 'to_port' in rule.forward_port %} to-port="{{ rule.forward_port.to_port }}"{%- endif %}{%- if 'to_addr' in rule.forward_port %} to-addr="{{ rule.forward_port.to_addr }}"{%- endif %} /> {%- endif %} {%- if 'source_port' in rule %} {%- if 'comment' in rule.source_port %} <!-- {{ rule.source_port.comment }} --> {%- endif %} <source-port port="{{ rule.source_port.portid }}" protocol="{{ rule.source_port.protocol }}"{%- if 'to_port' in rule.source_port %} to-port="{{ rule.source_port.to_port }}"{%- endif %}{%- if 'to_addr' in rule.source_port %} to-addr="{{ rule.source_port.to_addr }}"{%- endif %} /> {%- endif %} {%- if 'log' in rule %} <log{%- if 'prefix' in rule.log %} prefix="{{ rule.log.prefix }}"{%- endif %}{%- if 'level' in rule.log %} level="{{ rule.log.level }}"{%- endif %}> {%- if 'limit' in rule.log %} <limit value="{{ rule.log.limit }}"/> {%- endif %} </log> {%- endif %} {%- if 'audit' in rule %} <audit>{%- if 'limit' in rule.audit %} <limit value="{{ rule.audit.limit }}"/>{%- endif %}</audit> {%- endif %} {%- if 'accept' in rule %} <accept/> {%- endif %} {%- if 'reject' in rule %} <reject{%- if 'type' in rule.reject %} type="{{ rule.reject.type }}"{%- endif %}/> {%- endif %} {%- if 'drop' in rule %} <drop/> {%- endif %} </rule> {%- endfor %} {%- endif %} </zone>