Saltstack Official FirewallD Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

zone.xml 3.8KB

10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107
  1. <?xml version="1.0" encoding="utf-8"?>
  2. <zone{%- if 'target' in zone %} target="{{ zone.target }}"{%- endif %}>
  3. {% if 'short' in zone %}<short>{{ zone.short }}</short>{% else %}<short>{{ name }}</short>{% endif %}
  4. {% if 'description' in zone %}<description>{{ zone.description }}</description>{% endif %}
  5. {%- if 'interfaces' in zone %}
  6. {%- for v in zone.interfaces %}
  7. <interface name="{{ v }}" />
  8. {%- endfor %}
  9. {%- endif %}
  10. {%- if 'sources' in zone %}
  11. {%- for v in zone.sources %}
  12. <source address="{{ v }}" />
  13. {%- endfor %}
  14. {%- endif %}
  15. {%- if 'services' in zone %}
  16. {%- for v in zone.services %}
  17. <service name="{{ v }}" />
  18. {%- endfor %}
  19. {%- endif %}
  20. {%- if 'ports' in zone %}
  21. {%- for v in zone.ports %}
  22. {%- if 'comment' in v %}
  23. <!-- {{ v.comment }} -->
  24. {%- endif %}
  25. <port port="{{ v.port }}" protocol="{{ v.protocol }}"/>
  26. {%- endfor %}
  27. {%- endif %}
  28. {%- if 'icmp_blocks' in zone %}
  29. {%- for v in zone.icmp_blocks %}
  30. <icmp-block name="{{ v }}" />
  31. {%- endfor %}
  32. {%- endif %}
  33. {%- if 'masquerade' in zone %}
  34. {%- if zone.masquerade %}
  35. <masquerade/>
  36. {%- endif %}
  37. {%- endif %}
  38. {%- if 'forward_ports' in zone %}
  39. {%- for v in zone.forward_ports %}
  40. {%- if 'comment' in v %}
  41. <!-- {{ v.comment }} -->
  42. {%- endif %}
  43. <forward-port port="{{ v.portid }}" protocol="{{ v.protocol }}"{%- if 'to_port' in v %} to-port="{{ v.to_port }}"{%- endif %}{%- if 'to_addr' in v %} to-addr="{{ v.to_addr }}"{%- endif %} />
  44. {%- endfor %}
  45. {%- endif %}
  46. {%- if 'rich_rules' in zone %}
  47. {%- for rule in zone.rich_rules %}
  48. {%- if 'family' in rule %}
  49. <rule family="{{ rule.family }}">
  50. {%- else %}
  51. <rule>
  52. {%- endif %}
  53. {%- if 'ipset' in rule %}
  54. <source ipset="{{ rule.ipset.name }}"/>
  55. {%- endif %}
  56. {%- if 'source' in rule %}
  57. <source address="{{ rule.source.address }}" {%- if 'invert' in rule.source %}invert="{{ rule.source.invert }}"{%- endif %}/>
  58. {%- endif %}
  59. {%- if 'destination' in rule %}
  60. <destination address="{{ rule.destination.address }}" {%- if 'invert' in rule.destination %}invert="{{ rule.destination.invert }}"{%- endif %}/>
  61. {%- endif %}
  62. {%- if 'service' in rule %}
  63. <service name="{{ rule.service }}"/>
  64. {%- endif %}
  65. {%- if 'port' in rule %}
  66. <port port="{{ rule.port.portid }}" protocol="{{ rule.port.protocol }}"/>
  67. {%- endif %}
  68. {%- if 'protocol' in rule %}
  69. <protocol value="{{ rule.protocol }}"/>
  70. {%- endif %}
  71. {%- if 'icmp_block' in rule %}
  72. <icmp_block name="{{ rule.icmp_block }}"/>
  73. {%- endif %}
  74. {%- if 'masquerade' in rule %}
  75. {%- if rule.masquerade %}<masquerade/>{%- endif %}
  76. {%- endif %}
  77. {%- if 'forward_port' in rule %}
  78. {%- if 'comment' in rule.forward_port %}
  79. <!-- {{ rule.forward_port.comment }} -->
  80. {%- endif %}
  81. <forward-port port="{{ rule.forward_port.portid }}" protocol="{{ rule.forward_port.protocol }}"{%- if 'to_port' in rule.forward_port %} to-port="{{ rule.forward_port.to_port }}"{%- endif %}{%- if 'to_addr' in rule.forward_port %} to-addr="{{ rule.forward_port.to_addr }}"{%- endif %} />
  82. {%- endif %}
  83. {%- if 'log' in rule %}
  84. <log{%- if 'prefix' in rule.log %} prefix="{{ rule.log.prefix }}"{%- endif %}{%- if 'level' in rule.log %} level="{{ rule.log.level }}"{%- endif %}>
  85. {%- if 'limit' in rule.log %}
  86. <limit value="{{ rule.log.limit }}"/>
  87. {%- endif %}
  88. </log>
  89. {%- endif %}
  90. {%- if 'audit' in rule %}
  91. <audit>{%- if 'limit' in rule.audit %} <limit value="{{ rule.audit.limit }}"/>{%- endif %}</audit>
  92. {%- endif %}
  93. {%- if 'accept' in rule %}
  94. <accept/>
  95. {%- endif %}
  96. {%- if 'reject' in rule %}
  97. <reject{%- if 'type' in rule.reject %} type="{{ rule.reject.type }}"{%- endif %}/>
  98. {%- endif %}
  99. {%- if 'drop' in rule %}
  100. <drop/>
  101. {%- endif %}
  102. </rule>
  103. {%- endfor %}
  104. {%- endif %}
  105. </zone>