saltstack-formulas/firewalld-formula
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix(yamllint): fix all errors

Browse Source 
```bash
firewalld-formula$ yamllint -s .
./pillar.example
  2:1       warning  missing document start "---"  (document-start)
  3:12      warning  truthy value should be one of [false, true]  (truthy)
  12:13     warning  truthy value should be one of [false, true]  (truthy)
  15:89     error    line too long (108 > 88 characters)  (line-length)
  19:13     warning  truthy value should be one of [false, true]  (truthy)
  30:89     error    line too long (363 > 88 characters)  (line-length)
  96:89     error    line too long (170 > 88 characters)  (line-length)
  108:15    error    wrong indentation: expected 12 but found 14  (indentation)
  115:13    error    empty value in block mapping  (empty-values)
  116:2     error    syntax error: found character '%' that cannot start any token
  152:89    error    line too long (112 > 88 characters)  (line-length)

./firewalld/defaults.yaml
  3:1       warning  missing document start "---"  (document-start)
```
This commit is contained in:
Imran Iqbal 2019-11-09 07:13:38 +00:00
parent de4e1915fb
commit 0f808d6afb
No known key found for this signature in database
GPG Key ID: 6D8629439D2B7819
2 changed files with 35 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
firewalld/defaults.yaml
View File

@ -1,5 +1,6 @@
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
# vim: ft=yaml # vim: ft=yaml
---
firewalld: firewalld:
enabled: true enabled: true
package: firewalld package: firewalld

48
pillar.example
View File

@ -1,6 +1,9 @@
# -*- coding: utf-8 -*-
# vim: ft=yaml
---
# FirewallD pillar examples: # FirewallD pillar examples:
firewalld: firewalld:
enabled: True enabled: true
IndividualCalls: 'no' IndividualCalls: 'no'
LogDenied: 'off' LogDenied: 'off'
AutomaticHelpers: 'system' AutomaticHelpers: 'system'
@ -9,25 +12,30 @@ firewalld:
RFC3964_IPv4: 'yes' RFC3964_IPv4: 'yes'
ipset: ipset:
manage: True manage: true
pkg: ipset pkg: ipset
# ipset: # Deprecated. Support for this format will be removed in future releases # ipset: # Deprecated. Will be removed in future releases
# ipsetpackag: ipset # Deprecated. Will be removed in future releases # ipsetpackag: ipset # Deprecated. Will be removed in future releases
backend: backend:
manage: True manage: true
pkg: nftables pkg: nftables
# installbackend: True # Deprecated. Will be removed in future releases # installbackend: true # Deprecated. Will be removed in future releases
# backendpackage: nftables # Deprecated. Will be removed in future releases # backendpackage: nftables # Deprecated. Will be removed in future releases
default_zone: public default_zone: public
services: services:
sshcustom: sshcustom:
short: sshcustom short: sshcustom
description: SSH on port 3232 and 5252. Secure Shell (SSH) is a protocol for logging into and executing commands on remote machines. It provides secure encrypted communications. If you plan on accessing your machine remotely via SSH over a firewalled interface, enable this option. You need the openssh-server package installed for this option to be useful. description: >-
SSH on port 3232 and 5252. Secure Shell (SSH) is a protocol for logging
into and executing commands on remote machines. It provides secure
encrypted communications. If you plan on accessing your machine
remotely via SSH over a firewalled interface, enable this option. You
need the openssh-server package installed for this option to be useful.
ports: ports:
tcp: tcp:
- 3232 - 3232
@ -93,7 +101,10 @@ firewalld:
zones: zones:
public: public:
short: Public short: Public
description: "For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted." description: >-
For use in public areas. You do not trust the other computers on
networks to not harm your computer. Only selected incoming connections
are accepted.
services: services:
- http - http
- zabbixcustom - zabbixcustom
@ -105,7 +116,7 @@ firewalld:
rich_rules: rich_rules:
- family: ipv4 - family: ipv4
source: source:
address: 8.8.8.8/24 address: 8.8.8.8/24
accept: true accept: true
- family: ipv4 - family: ipv4
ipset: ipset:
@ -113,14 +124,14 @@ firewalld:
reject: reject:
type: icmp-port-unreachable type: icmp-port-unreachable
ports: ports:
{% if grains['id'] == 'salt.example.com' %} # {%- if grains['id'] == 'salt.example.com' %}
- comment: salt-master - comment: salt-master
port: 4505 port: 4505
protocol: tcp protocol: tcp
- comment: salt-python - comment: salt-python
port: 4506 port: 4506
protocol: tcp protocol: tcp
{% endif %} # {%- endif %}
- comment: zabbix-agent - comment: zabbix-agent
port: 10050 port: 10050
protocol: tcp protocol: tcp
@ -149,8 +160,17 @@ firewalld:
table: filter table: filter
chain: FORWARD chain: FORWARD
priority: "0" priority: "0"
args: "-i iintern -o iextern -s 192.168.1.0/24 -m conntrack --ctstate NEW,RELATED,ESTABLISHED -j ACCEPT" args: >-
-i iintern
-o iextern
-s 192.168.1.0/24
-m conntrack
--ctstate NEW,RELATED,ESTABLISHED
-j ACCEPT
passthrough: passthrough:
MYPASSTHROUGH: MYPASSTHROUGH:
ipv: ipv4 ipv: ipv4
args: "-t raw -A MYCHAIN -j DROP" args: >-
-t raw
-A MYCHAIN
-j DROP