ExternalMirrors
/
firewalld-formula
mirror of https://github.com/saltstack-formulas/firewalld-formula
Watch 1
Star 0
Fork 1
Code Issues 0 Releases 14 Wiki Activity
Saltstack Official FirewallD Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
100 Commits
1 Branch
Tree: d02f890fb4
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'd02f890fb4'
${ noResults }
firewalld-formula/firewalld/files/zone.xml

155 lines
5.3KB
Raw Blame History 

  1. <?xml version="1.0" encoding="utf-8"?>

  2. <!--

  3.   This file is managed/generated by salt.

  4.   Do not edit this file manually, it will be overwritten!

  5.   Modify the salt pillar for firewalld instead

  6. -->

  7. <zone{%- if 'target' in zone %} target="{{ zone.target }}"{%- endif %}>

  8.   {% if 'short' in zone %}<short>{{ zone.short }}</short>{% else %}<short>{{ name }}</short>{% endif %}

  9.   {% if 'description' in zone %}<description>{{ zone.description }}</description>{% endif %}

  10. 

  11. {%- if 'interfaces' in zone %}

  12.   {%- for v in zone.interfaces %}

  13.   <interface name="{{ v }}" />

  14.   {%- endfor %}

  15. {%- endif %}

  16. {%- if 'sources' in zone %}

  17.   {%- for v in zone.sources %}

  18.     {%- if 'comment' in v %}

  19.   <!-- {{ v.comment }} -->

  20.   <source address="{{ v.source }}" />

  21.     {%- else %}

  22.   <source address="{{ v }}" />

  23.     {%- endif %}

  24.   {%- endfor %}

  25. {%- endif %}

  26. {%- if 'ipsets' in zone %}

  27.   {%- for v in zone.ipsets %}

  28.     {%- if 'comment' in v %}

  29.   <!-- {{ v.comment }} -->

  30.   <source ipset="{{ v.ipset }}" />

  31.     {%- else %}

  32.   <source ipset="{{ v }}" />

  33.     {%- endif %}

  34.   {%- endfor %}

  35. {%- endif %}

  36. {%- for k,val in zone.items() %}

  37.   {%- if k.endswith("services") %}

  38.     {%- for v in val %}

  39.   <service name="{{ v }}" />

  40.     {%- endfor %}

  41.   {%- endif %}

  42. {%- endfor %}

  43. {%- if 'ports' in zone %}

  44.   {%- for v in zone.ports %}

  45.     {%- if 'comment' in v %}

  46.   <!-- {{ v.comment }} -->

  47.     {%- endif %}

  48.   <port port="{{ v.port }}" protocol="{{ v.protocol }}" />

  49.   {%- endfor %}

  50. {%- endif %}

  51. {%- if 'protocols' in zone %}

  52.   {%- for v in zone.protocols %}

  53.   <protocol value="{{ v }}" />

  54.   {%- endfor %}

  55. {%- endif %}

  56. {%- if 'icmp_blocks' in zone %}

  57.   {%- for v in zone.icmp_blocks %}

  58.   <icmp-block name="{{ v }}" />

  59.   {%- endfor %}

  60. {%- endif %}

  61. {%- if 'icmp_block_inversion' in zone and zone.icmp_block_inversion %}

  62.   <icmp-block-inversion />

  63. {%- endif %}

  64. {%- if 'masquerade' in zone %}

  65.   {%- if zone.masquerade %}

  66.   <masquerade/>

  67.   {%- endif %}

  68. {%- endif %}

  69. {%- if 'forward_ports' in zone %}

  70.   {%- for v in zone.forward_ports %}

  71.     {%- if 'comment' in v %}

  72.   <!-- {{ v.comment }} -->

  73.     {%- endif %}

  74.   <forward-port port="{{ v.portid }}" protocol="{{ v.protocol }}"{%- if 'to_port' in v %} to-port="{{ v.to_port }}"{%- endif %}{%- if 'to_addr' in v %} to-addr="{{ v.to_addr }}"{%- endif %} />

  75.   {%- endfor %}

  76. {%- endif %}

  77. {%- if 'source_ports' in zone %}

  78.   {%- for v in zone.source_ports %}

  79.     {%- if 'comment' in v %}

  80.   <!-- {{ v.comment }} -->

  81.     {%- endif %}

  82.   <source-port port="{{ v.port }}" protocol="{{ v.protocol }}" />

  83.   {%- endfor %}

  84. {%- endif %}

  85. 

  86. {%- if 'rich_rules' in zone %}

  87.   {%- for rule in zone.rich_rules %}

  88.   {%- if 'family' in rule %}

  89.   <rule family="{{ rule.family }}">

  90.   {%- else %}

  91.   <rule>

  92.   {%- endif %}    

  93.   {%- if 'ipset' in rule %}

  94.     <source ipset="{{ rule.ipset.name }}" />

  95.   {%- endif %}

  96.   {%- if 'source' in rule %}

  97.     <source address="{{ rule.source.address }}" {%- if 'invert' in rule.source %}invert="{{ rule.source.invert }}"{%- endif %} />

  98.   {%- endif %}    

  99.   {%- if 'destination' in rule %}

  100.     <destination address="{{ rule.destination.address }}" {%- if 'invert' in rule.destination %}invert="{{ rule.destination.invert }}"{%- endif %} />

  101.   {%- endif %}    

  102.   {%- if 'service' in rule %}

  103.     <service name="{{ rule.service }}" />

  104.   {%- endif %}    

  105.   {%- if 'port' in rule %}

  106.     <port port="{{ rule.port.portid }}" protocol="{{ rule.port.protocol }}" />

  107.   {%- endif %}    

  108.   {%- if 'protocol' in rule %}

  109.     <protocol value="{{ rule.protocol }}" />

  110.   {%- endif %}    

  111.   {%- if 'icmp_block' in rule %}

  112.     <icmp-block name="{{ rule.icmp_block }}" />

  113.   {%- endif %}    

  114.   {%- if 'icmp_type' in rule %}

  115.     <icmp-type name="{{ rule.icmp_type }}" />

  116.   {%- endif %}    

  117.   {%- if 'masquerade' in rule %}

  118.     {%- if rule.masquerade %}<masquerade/>{%- endif %}

  119.   {%- endif %}    

  120.   {%- if 'forward_port' in rule %}

  121.     {%- if 'comment' in rule.forward_port %}

  122.       <!-- {{ rule.forward_port.comment }} -->

  123.     {%- endif %}

  124.     <forward-port port="{{ rule.forward_port.portid }}" protocol="{{ rule.forward_port.protocol }}"{%- if 'to_port' in rule.forward_port %} to-port="{{ rule.forward_port.to_port }}"{%- endif %}{%- if 'to_addr' in rule.forward_port %} to-addr="{{ rule.forward_port.to_addr }}"{%- endif %} />

  125.   {%- endif %}    

  126.   {%- if 'source_port' in rule %}

  127.     {%- if 'comment' in rule.source_port %}

  128.       <!-- {{ rule.source_port.comment }} -->

  129.     {%- endif %}

  130.     <source-port port="{{ rule.source_port.portid }}" protocol="{{ rule.source_port.protocol }}"{%- if 'to_port' in rule.source_port %} to-port="{{ rule.source_port.to_port }}"{%- endif %}{%- if 'to_addr' in rule.source_port %} to-addr="{{ rule.source_port.to_addr }}"{%- endif %} />

  131.   {%- endif %}    

  132.   {%- if 'log' in rule %}

  133.     <log{%- if 'prefix' in rule.log %} prefix="{{ rule.log.prefix }}"{%- endif %}{%- if 'level' in rule.log %} level="{{ rule.log.level }}"{%- endif %}>

  134.     {%- if 'limit' in rule.log %}

  135.       <limit value="{{ rule.log.limit }}"/>

  136.     {%- endif %}

  137.     </log>

  138.   {%- endif %}    

  139.   {%- if 'audit' in rule %}

  140.     <audit>{%- if 'limit' in rule.audit %} <limit value="{{ rule.audit.limit }}"/>{%- endif %}</audit>

  141.   {%- endif %}    

  142.   {%- if 'accept' in rule %}

  143.     <accept/>

  144.   {%- endif %}

  145.   {%- if 'reject' in rule %}

  146.     <reject{%- if 'type' in rule.reject %} type="{{ rule.reject.type }}"{%- endif %} />

  147.   {%- endif %}    

  148.   {%- if 'drop' in rule %}

  149.     <drop/>

  150.   {%- endif %}    

  151.   </rule>

  152.   {%- endfor %}

  153. {%- endif %}

  154. </zone>