firewalld-formula/pillar.example.sls

# CentOS7 FirewallD firewall
firewalld:
  enabled: True
  default_zone: public
  services:
    sshcustom:
      short: sshcustom
      description: SSH on port 3232 and 5252. Secure Shell (SSH) is a protocol for logging into and executing commands on remote machines. It provides secure encrypted communications. If you plan on accessing your machine remotely via SSH over a firewalled interface, enable this option. You need the openssh-server package installed for this option to be useful.
      ports:
        tcp: 
          - 3232
          - 5252
      modules: 
        - some_module_to_load
      destinations:
        ipv4: 
          - 224.0.0.251
          - 224.0.0.252
        ipv6: 
          - ff02::fb
          - ff02::fc
  zones:
    public:
      short: Public
      description: "For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted."
      services:
        - http
        - https
        - ssh
        - dhcpv6-client
#      ports: 
#        - comment: For our dummy service
#          port: 1234
#          protocol: tcp
#      forward_ports:
#        - comment: forward 123 to other machine
#          portid: 123
#          protocol: tcp
#          to_port: 321
#          to_addr: 1.2.3.4
#      rich_rules:
#        - family: ipv4
#          source:
#            address: 192.168.1.0/24
#            invert: true
#          port:
#            portid: 123-321
#            protocol: udp
#          log:
#            prefix: local
#            level: notice
#            limit: 3/s
#          audit:
#            limit: 2/h
#          reject:
#            type: icmp-host-prohibited
Initial commit. 2014-08-23 16:44:48 +02:00			`# CentOS7 FirewallD firewall`
			`firewalld:`
			`enabled: True`
			`default_zone: public`
			`services:`
			`sshcustom:`
			`short: sshcustom`
			`description: SSH on port 3232 and 5252. Secure Shell (SSH) is a protocol for logging into and executing commands on remote machines. It provides secure encrypted communications. If you plan on accessing your machine remotely via SSH over a firewalled interface, enable this option. You need the openssh-server package installed for this option to be useful.`
			`ports:`
			`tcp:`
			`- 3232`
			`- 5252`
			`modules:`
			`- some_module_to_load`
			`destinations:`
			`ipv4:`
			`- 224.0.0.251`
			`- 224.0.0.252`
			`ipv6:`
			`- ff02::fb`
			`- ff02::fc`
			`zones:`
			`public:`
			`short: Public`
			`description: "For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted."`
			`services:`
			`- http`
			`- https`
			`- ssh`
			`- dhcpv6-client`
			`# ports:`
			`# - comment: For our dummy service`
			`# port: 1234`
			`# protocol: tcp`
			`# forward_ports:`
			`# - comment: forward 123 to other machine`
			`# portid: 123`
			`# protocol: tcp`
			`# to_port: 321`
			`# to_addr: 1.2.3.4`
			`# rich_rules:`
			`# - family: ipv4`
			`# source:`
			`# address: 192.168.1.0/24`
			`# invert: true`
			`# port:`
			`# portid: 123-321`
			`# protocol: udp`
			`# log:`
			`# prefix: local`
			`# level: notice`
			`# limit: 3/s`
			`# audit:`
			`# limit: 2/h`
			`# reject:`
			`# type: icmp-host-prohibited`