saltstack-formulas/firewalld-formula
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add support for using ipsets as sources in a zone

Browse Source 
I wanted to be able to add an ipset as a source in the zone without using a rich rule.  I believe this change accomplishes that.  Tested and working on CentOS 7 (salt master and minion).
This commit is contained in:
Paul Williams 2017-11-24 18:31:17 -05:00 committed by GitHub
parent be25aa2fa6
commit 2fd70c9f41
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
firewalld/files/zone.xml
View File

@ -23,6 +23,16 @@
{%- endif %} {%- endif %}
{%- endfor %} {%- endfor %}
{%- endif %} {%- endif %}
{%- if 'ipsets' in zone %}
{%- for v in zone.ipsets %}
{%- if 'comment' in v %}
<!-- {{ v.comment }} -->
<source ipset="{{ v.ipset }}" />
{%- else %}
<source ipset="{{ v }}" />
{%- endif %}
{%- endfor %}
{%- endif %}
{%- if 'services' in zone %} {%- if 'services' in zone %}
{%- for v in zone.services %} {%- for v in zone.services %}
<service name="{{ v }}" /> <service name="{{ v }}" />