Kaynağa Gözat
fix(yamllint): fix all errors
```bash firewalld-formula$ yamllint -s . ./pillar.example 2:1 warning missing document start "---" (document-start) 3:12 warning truthy value should be one of [false, true] (truthy) 12:13 warning truthy value should be one of [false, true] (truthy) 15:89 error line too long (108 > 88 characters) (line-length) 19:13 warning truthy value should be one of [false, true] (truthy) 30:89 error line too long (363 > 88 characters) (line-length) 96:89 error line too long (170 > 88 characters) (line-length) 108:15 error wrong indentation: expected 12 but found 14 (indentation) 115:13 error empty value in block mapping (empty-values) 116:2 error syntax error: found character '%' that cannot start any token 152:89 error line too long (112 > 88 characters) (line-length) ./firewalld/defaults.yaml 3:1 warning missing document start "---" (document-start) ```tags/v0.7.0
Imran Iqbal
5 yıl önce
2 değiştirilmiş dosya ile 35 ekleme ve 14 silme
+ 1
- 0
firewalld/defaults.yaml
Dosyayı Görüntüle
| @@ -1,5 +1,6 @@ | |||
| # -*- coding: utf-8 -*- | |||
| # vim: ft=yaml | |||
| --- | |||
| firewalld: | |||
| enabled: true | |||
| package: firewalld | |||
+ 34
- 14
pillar.example
Dosyayı Görüntüle
| @@ -1,6 +1,9 @@ | |||
| # -*- coding: utf-8 -*- | |||
| # vim: ft=yaml | |||
| --- | |||
| # FirewallD pillar examples: | |||
| firewalld: | |||
| enabled: True | |||
| enabled: true | |||
| IndividualCalls: 'no' | |||
| LogDenied: 'off' | |||
| AutomaticHelpers: 'system' | |||
| @@ -9,25 +12,30 @@ firewalld: | |||
| RFC3964_IPv4: 'yes' | |||
| ipset: | |||
| manage: True | |||
| manage: true | |||
| pkg: ipset | |||
| # ipset: # Deprecated. Support for this format will be removed in future releases | |||
| # ipsetpackag: ipset # Deprecated. Will be removed in future releases | |||
| # ipset: # Deprecated. Will be removed in future releases | |||
| # ipsetpackag: ipset # Deprecated. Will be removed in future releases | |||
| backend: | |||
| manage: True | |||
| manage: true | |||
| pkg: nftables | |||
| # installbackend: True # Deprecated. Will be removed in future releases | |||
| # backendpackage: nftables # Deprecated. Will be removed in future releases | |||
| # installbackend: true # Deprecated. Will be removed in future releases | |||
| # backendpackage: nftables # Deprecated. Will be removed in future releases | |||
| default_zone: public | |||
| services: | |||
| sshcustom: | |||
| short: sshcustom | |||
| description: SSH on port 3232 and 5252. Secure Shell (SSH) is a protocol for logging into and executing commands on remote machines. It provides secure encrypted communications. If you plan on accessing your machine remotely via SSH over a firewalled interface, enable this option. You need the openssh-server package installed for this option to be useful. | |||
| description: >- | |||
| SSH on port 3232 and 5252. Secure Shell (SSH) is a protocol for logging | |||
| into and executing commands on remote machines. It provides secure | |||
| encrypted communications. If you plan on accessing your machine | |||
| remotely via SSH over a firewalled interface, enable this option. You | |||
| need the openssh-server package installed for this option to be useful. | |||
| ports: | |||
| tcp: | |||
| - 3232 | |||
| @@ -93,7 +101,10 @@ firewalld: | |||
| zones: | |||
| public: | |||
| short: Public | |||
| description: "For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted." | |||
| description: >- | |||
| For use in public areas. You do not trust the other computers on | |||
| networks to not harm your computer. Only selected incoming connections | |||
| are accepted. | |||
| services: | |||
| - http | |||
| - zabbixcustom | |||
| @@ -105,7 +116,7 @@ firewalld: | |||
| rich_rules: | |||
| - family: ipv4 | |||
| source: | |||
| address: 8.8.8.8/24 | |||
| address: 8.8.8.8/24 | |||
| accept: true | |||
| - family: ipv4 | |||
| ipset: | |||
| @@ -113,14 +124,14 @@ firewalld: | |||
| reject: | |||
| type: icmp-port-unreachable | |||
| ports: | |||
| {% if grains['id'] == 'salt.example.com' %} | |||
| # {%- if grains['id'] == 'salt.example.com' %} | |||
| - comment: salt-master | |||
| port: 4505 | |||
| protocol: tcp | |||
| - comment: salt-python | |||
| port: 4506 | |||
| protocol: tcp | |||
| {% endif %} | |||
| # {%- endif %} | |||
| - comment: zabbix-agent | |||
| port: 10050 | |||
| protocol: tcp | |||
| @@ -149,8 +160,17 @@ firewalld: | |||
| table: filter | |||
| chain: FORWARD | |||
| priority: "0" | |||
| args: "-i iintern -o iextern -s 192.168.1.0/24 -m conntrack --ctstate NEW,RELATED,ESTABLISHED -j ACCEPT" | |||
| args: >- | |||
| -i iintern | |||
| -o iextern | |||
| -s 192.168.1.0/24 | |||
| -m conntrack | |||
| --ctstate NEW,RELATED,ESTABLISHED | |||
| -j ACCEPT | |||
| passthrough: | |||
| MYPASSTHROUGH: | |||
| ipv: ipv4 | |||
| args: "-t raw -A MYCHAIN -j DROP" | |||
| args: >- | |||
| -t raw | |||
| -A MYCHAIN | |||
| -j DROP | |||
Yükleniyor…