saltstack-formulas/firewalld-formula
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #24 from valibud/master

Browse Source 
Add support for inet6 ipsets.
This commit is contained in:
Niels Abspoel 2018-12-10 20:01:04 +01:00 committed by GitHub
commit 22e301a218
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 20 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
firewalld/files/ipset.xml
View File

@ -27,6 +27,11 @@
<option name="hashsize" value="{{ v }}"/> <option name="hashsize" value="{{ v }}"/>
{%- endfor %} {%- endfor %}
{%- endif %} {%- endif %}
{%- if 'family' in ipset.options %}
{%- for v in ipset.options.family %}
<option name="family" value="{{ v }}"/>
{%- endfor %}
{%- endif %}
{%- endif %} {%- endif %}
{%- if 'entries' in ipset %} {%- if 'entries' in ipset %}
{%- for v in ipset.entries %} {%- for v in ipset.entries %}

16
pillar.example
View File

@ -63,6 +63,21 @@ firewalld:
- 1024 - 1024
entries: entries:
- 10.0.0.1 - 10.0.0.1
fail2ban-ssh-ipv6:
short: fail2ban-ssh-ipv6
description: fail2ban-ssh-ipv6 ipset
type: 'hash:ip'
options:
family:
- inet6
maxelem:
- 65536
timeout:
- 300
hashsize:
- 1024
entries:
- 2a01::1
zones: zones:
public: public:
@ -119,4 +134,3 @@ firewalld:
MYPASSTHROUGH: MYPASSTHROUGH:
ipv: ipv4 ipv: ipv4
args: "-t raw -A MYCHAIN -j DROP" args: "-t raw -A MYCHAIN -j DROP"