|
|
|
|
|
|
|
|
# - iptables (iptables, ip6tables, ebtables and ipset) |
|
|
# - iptables (iptables, ip6tables, ebtables and ipset) |
|
|
FirewallBackend={{ firewalld.FirewallBackend|default('nftables') }} |
|
|
FirewallBackend={{ firewalld.FirewallBackend|default('nftables') }} |
|
|
{%- endif %} |
|
|
{%- endif %} |
|
|
|
|
|
{%- if firewalld.get('FlushAllOnReload', False) %} |
|
|
|
|
|
|
|
|
|
|
|
# FlushAllOnReload |
|
|
|
|
|
# Flush all runtime rules on a reload. In previous releases some runtime |
|
|
|
|
|
# configuration was retained during a reload, namely; interface to zone |
|
|
|
|
|
# assignment, and direct rules. This was confusing to users. To get the old |
|
|
|
|
|
# behavior set this to "no". |
|
|
|
|
|
# Default: yes |
|
|
|
|
|
FlushAllOnReload={{ firewalld.FlushAllOnReload|default('yes') }} |
|
|
|
|
|
{%- endif %} |
|
|
|
|
|
{%- if firewalld.get('RFC3964_IPv4', False) %} |
|
|
|
|
|
|
|
|
|
|
|
# RFC3964_IPv4 |
|
|
|
|
|
# As per RFC 3964, filter IPv6 traffic with 6to4 destination addresses that |
|
|
|
|
|
# correspond to IPv4 addresses that should not be routed over the public |
|
|
|
|
|
# internet. |
|
|
|
|
|
# Defaults to "yes". |
|
|
|
|
|
RFC3964_IPv4={{ firewalld.RFC3964_IPv4|default('yes') }} |
|
|
|
|
|
{%- endif %} |