saltstack-formulas/firewalld-formula
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix(config): update firewalld.conf to be inline with 1.2.1 version

Browse Source 
Added CleanupModulesOnExit
Removed MinimalMark deprecated option
Added some Notes
This commit is contained in:
Niels Abspoel 2022-11-07 19:31:11 +01:00
parent cc7d05a3f1
commit 70071baf9b
No known key found for this signature in database
GPG Key ID: F6A13959FCCB25B2
1 changed files with 13 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
firewalld/files/firewalld.conf
View File

@ -11,18 +11,19 @@
# Default: public # Default: public
DefaultZone={{ firewalld.default_zone|default('public') }} DefaultZone={{ firewalld.default_zone|default('public') }}
# Minimal mark
# Marks up to this minimum are free for use for example in the direct
# interface. If more free marks are needed, increase the minimum
# Default: 100
MinimalMark={{ firewalld.minimal_mark|default('100') }}
# Clean up on exit # Clean up on exit
# If set to no or false the firewall configuration will not get cleaned up # If set to no or false the firewall configuration will not get cleaned up
# on exit or stop of firewalld # on exit or stop of firewalld.
# Default: yes # Default: yes
CleanupOnExit={{ firewalld.cleanup_on_exit|default('yes') }} CleanupOnExit={{ firewalld.cleanup_on_exit|default('yes') }}
# Clean up kernel modules on exit
# If set to yes or true the firewall related kernel modules will be
# unloaded on exit or stop of firewalld. This might attempt to unload
# modules not originally loaded by firewalld.
# Default: no
CleanupModulesOnExit={{ firewalld.cleanup_module_on_exit|default('no') }}
# Lockdown # Lockdown
# If set to enabled, firewall changes with the D-Bus interface will be limited # If set to enabled, firewall changes with the D-Bus interface will be limited
# to applications that are listed in the lockdown whitelist. # to applications that are listed in the lockdown whitelist.
@ -32,9 +33,11 @@ Lockdown={{ firewalld.lockdown|default('no') }}
# IPv6_rpfilter # IPv6_rpfilter
# Performs a reverse path filter test on a packet for IPv6. If a reply to the # Performs a reverse path filter test on a packet for IPv6. If a reply to the
# packet would be sent via the same interface that the packet arrived on, the # packet would be sent via the same interface that the packet arrived on, the
# packet will match and be accepted, otherwise dropped. # packet will match and be accepted, otherwise dropped.
# The rp_filter for IPv4 is controlled using sysctl. # The rp_filter for IPv4 is controlled using sysctl.
# Note: This feature has a performance impact. See man page FIREWALLD.CONF(5)
# for details.
# Default: yes # Default: yes
IPv6_rpfilter={{ firewalld.IPv6_rpfilter|default('yes') }} IPv6_rpfilter={{ firewalld.IPv6_rpfilter|default('yes') }}
{%- if firewalld.get('IndividualCalls', False) %} {%- if firewalld.get('IndividualCalls', False) %}
@ -74,6 +77,8 @@ AutomaticHelpers={{ firewalld.AutomaticHelpers|default('sytem') }}
# Choices are: # Choices are:
# - nftables (default) # - nftables (default)
# - iptables (iptables, ip6tables, ebtables and ipset) # - iptables (iptables, ip6tables, ebtables and ipset)
# Note: The iptables backend is deprecated. It will be removed in a future
# release.
FirewallBackend={{ firewalld.FirewallBackend|default('nftables') }} FirewallBackend={{ firewalld.FirewallBackend|default('nftables') }}
{%- endif %} {%- endif %}
{%- if firewalld.get('FlushAllOnReload', False) %} {%- if firewalld.get('FlushAllOnReload', False) %}