ExternalMirrors
/
firewalld-formula
mirror of https://github.com/saltstack-formulas/firewalld-formula
Watch 1
Star 0
Fork 1
Code Issues 0 Releases 14 Wiki Activity
Saltstack Official FirewallD Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
44 Commits
1 Branch
Tree: 1ddb09137c
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '1ddb09137c'
${ noResults }
firewalld-formula/firewalld/files/firewalld.conf

58 lines
2.1KB
Raw Blame History 

  1. {% set firewalld  = pillar.get('firewalld', {}) -%}

  2. #

  3. #  This file is managed/generated by salt.

  4. #  Do not edit this file manually, it will be overwritten!

  5. #  Modify the salt pillar for firewalld instead

  6. #

  7. # firewalld config file

  8. 

  9. # default zone

  10. # The default zone used if an empty zone string is used.

  11. # Default: public

  12. DefaultZone={{ firewalld.default_zone|default('public') }}

  13. 

  14. # Minimal mark

  15. # Marks up to this minimum are free for use for example in the direct 

  16. # interface. If more free marks are needed, increase the minimum

  17. # Default: 100

  18. MinimalMark={{ firewalld.minimal_mark|default('100') }}

  19. 

  20. # Clean up on exit

  21. # If set to no or false the firewall configuration will not get cleaned up

  22. # on exit or stop of firewalld

  23. # Default: yes

  24. CleanupOnExit={{ firewalld.cleanup_on_exit|default('yes') }}

  25. 

  26. # Lockdown

  27. # If set to enabled, firewall changes with the D-Bus interface will be limited

  28. # to applications that are listed in the lockdown whitelist.

  29. # The lockdown whitelist file is lockdown-whitelist.xml

  30. # Default: no

  31. Lockdown={{ firewalld.lockdown|default('no') }}

  32. 

  33. # IPv6_rpfilter

  34. # Performs a reverse path filter test on a packet for IPv6. If a reply to the

  35. # packet would be sent via the same interface that the packet arrived on, the 

  36. # packet will match and be accepted, otherwise dropped.

  37. # The rp_filter for IPv4 is controlled using sysctl.

  38. # Default: yes

  39. IPv6_rpfilter={{ firewalld.IPv6_rpfilter|default('yes') }}

  40. {%- if firewalld.get('IndividualCalls', False) %}

  41. 

  42. # IndividualCalls

  43. # Do not use combined -restore calls, but individual calls. This increases the

  44. # time that is needed to apply changes and to start the daemon, but is good for

  45. # debugging.

  46. # Default: no

  47. IndividualCalls={{ firewalld.IndividualCalls|default('no') }}

  48. {%- endif %}

  49. {%- if firewalld.get('LogDenied', False) %}

  50. 

  51. # LogDenied

  52. # Add logging rules right before reject and drop rules in the INPUT, FORWARD

  53. # and OUTPUT chains for the default rules and also final reject and drop rules

  54. # in zones. Possible values are: all, unicast, broadcast, multicast and off.

  55. # Default: off

  56. LogDenied={{ firewalld.LogDenied|default('off') }}

  57. {%- endif %}